Photo of Erin Jane Illman

Recognized as a Board Certified Specialist in Privacy and Data Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and Privacy Practice Group and leads the Firm’s Fintech team. After practicing in Silicon Valley and the San Francisco Bay Area for over a decade, Erin uses her deep experience with California state regulations to help clients navigate privacy and security concerns, consumer protection laws, as well other challenging legal matters that arise in the privacy space. She regularly advises clients on CCPA, GLBA, GDPR, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws.

Florida Legislature Considers Sweeping Data-Privacy Legislation Supported by GovernorFlorida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Rep. Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act (CCPA). The bill is supported by Gov. Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses

Privacy Requirements under COVID-19 Emergency Rental Assistance ProgramMany relief programs have been implemented over the past year in response to COVID-19, and keeping up with the changing requirements for these programs can be daunting. A new twist in the requirements is the mandate for implementation of privacy requirements under the Emergency Rental Assistance Program. Here are some details about the Emergency Rental

Privacy Moves to the East Coast: Virginia Set to Enact Comprehensive Consumer Data Protection LawVirginia is primed to become the next U.S. state to pass comprehensive data-privacy legislation with striking similarities to the California Consumers Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the E.U.’s General Data Protection Regulation (GDPR).

The legislation, known as the Consumer Data Protection Act, passed the Virginia House of Delegates on January

Why It Matters Whether Hashed Passwords Are Personal Information Under U.S. LawOn January 22, 2021, Bleeping Computer reported about yet another data dump by the hacker group Shiny Hunters, this time for a clothing retailer. Shiny Hunters is known for exfiltrating large databases of customer information, often through misconfigured or otherwise compromised database. These databases typically contain credential information for customers, as was the case

Massachusetts Voters Approve Measure for Expanded Access to Vehicle DataIn a roller coaster of an election week, it was easy for smaller ballot measures to become overshadowed. One ballot measure that you may have missed is Massachusetts’s Ballot Question 1 regarding the “right to repair” motor vehicles. The ballot measure expands access to a driver’s motor vehicle data. Vehicles are increasingly becoming more computerized

2020 Brings Times of Change: Key Privacy Law Updates This YearThe privacy law landscape is constantly changing, and it can feel like a daunting task for businesses to keep up with the laws of 50 states in the U.S. plus any international laws that also may be applicable. 2020 seems to be a banner year for change on many fronts. COVID-19 and the 2020 elections

Privacy at the Polls: Portland, Maine Votes to Ban Facial Recognition TechnologyWhile the nation waits for the results of the presidential race to be tallied, across the country local and statewide referendums on privacy issues have been decided. In Portland, Maine voters approved a ballot measure to ban the use of facial recognition technology by local police and city agencies. Portland joins other cities such as

Threats, Harassment, and Contact Tracing: Why Privacy Programs are Expanding to Protect Health Care WorkersBack in March we wrote about Address Confidentiality Programs (ACPs) as the “high stakes compliance risk you probably haven’t heard of.” These state-sponsored programs were traditionally designed to protect victims of crimes such as domestic abuse, sexual assault, stalking, or human trafficking from perpetrators who seek to find and harm their victims. Since that first