Photo of Amelia M. Gerlicher

Amelia Gerlicher focuses her practice in the areas of privacy and data security, counseling clients on preparing for and reacting to data breaches and network intrusions, as well as helping clients assess and address the privacy and data security risks that arise from a wide range of commercial activities.

On February 1, 2024, the Federal Trade Commission announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment. According to the FTC’s complaint, Blackbaud’s allegedly unfair and misleading conduct included not just deficient data security practices but also a delay in providing

Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.

The new notification obligation

The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment regulations. While the CPPA Board expressly announced that the drafts were for board meeting discussion purposes and that it has

Overview

2022 has been relatively quiet as it relates to state updates to breach notification laws, but Maryland made significant alterations to its general data breach notification law. Additionally, several other states made more minor changes, and the federal government issued or proposed several new data security and breach reporting requirements for certain types of

Cyberattacks continue to make the news and affect our lives in increasingly more significant ways. However, after several years in which states have actively updated breach notification laws in reaction to significant data breaches, 2021, like 2020, has been relatively quiet. Just two states—Connecticut and Texas—have updated their general data breach notification laws, and only