Michael G. Morgan
Subscribe to Michael G. Morgan's Posts
Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.
To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law
By Lynette Ryan Arce, Michael G. Morgan and Mark E. Schreiber on Jan 9, 2018
Posted In Employment, Privacy and Data Security
The Illinois Biometric Information Privacy Act is having its moment. At least 32 class action lawsuits have been filed by Illinois residents in state court in the past two months challenging the collection, use and storage of biometric data by companies in the state. This may cause a reassessment of company strategies and development of...
Continue Reading
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on Jan 12, 2017
Posted In Health and Welfare Plans, Privacy and Data Security
The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this...
Continue Reading
The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk
By Anthony A. Bongiorno, Amy C. Pimentel and Michael G. Morgan on Sep 6, 2016
Posted In Privacy and Data Security
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...
Continue Reading
Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws
By Anthony A. Bongiorno and Michael G. Morgan on Aug 15, 2016
Posted In Privacy and Data Security
On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. Ransomware is a...
Continue Reading