Photo of Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

October is Cybersecurity Awareness Month, making it an ideal time to revisit the most impactful and widely-read blog posts on our Cybersecurity & Privacy blog from the past year. As cyber threats become more sophisticated and widespread, staying informed is crucial. Our top five blog posts cover a range of vital issues: the alarming rise

Today, encountering a cookie banner is a common experience for most individuals who peruse the internet. These banners inform website users of the presence of cookies or other tracking technologies through language such as, “This website uses cookies. By clicking ‘accept,’ you consent to the use of all cookies.” Many states require companies to provide

Privacy issues are inherent in almost all facets of a business — from operations, employment, and technology to customer service, contracts, legal and compliance — all with varying degrees of risk. Most companies mitigate risk by standardizing processes and procedures to handle certain common or low-risk situations. This is helpful in streamlining repetitive inquiries that

In Part I, we discussed the European Commission’s (“Commission”) disapproval of Meta’s “pay or consent” subscription model. In Part II, we delve into the European Commission’s findings, prior findings by the European Data Protection Board (EDPB), and how those findings may affect future models where privacy is considered “for sale.”

The European Commission’s Findings

In November of 2023, Meta launched a service in the European Union that allowed users to utilize the Facebook and Instagram platforms “ad free” for a monthly fee. The subscription service was meant to address regulatory concerns about Meta’s vast data collection and surveillance-based advertising system that tracks consumers across websites. The concept introduced a

In the middle of the 20th century, there was a massive expansion of the retail credit market. Everything from boats to sewing machines to kitchen appliances were bought and sold through increasingly complex credit arrangements. These credit arrangements would extinguish a consumer’s rights to dispute any terms of the contract once a loan was

The frequency of class actions related to data breaches has significantly increased, with no indication that this upward trajectory will plateau. This raises the question: Are there more efficient alternatives to settling these disputes in the public eye of the courts? Moreover, is it possible to mitigate the financial burden associated with these legal battles?

For many, responding to an incident feels chaotic — questions swirling, uncertainties piling up, and no clear direction. Even when prepared with a well-rehearsed incident response plan, a data security incident places a company’s response team in a precarious situation of juggling numerous variables at once. In the chaos of determining whether a breach has

As Cybersecurity Awareness Month comes to an end and the spooky season of Halloween is upon us, no one wants to live through a cybersecurity horror story. There are some simple precautions every business and household can participate in to help keep their data and information safe. We have outlined a few below with a

The proliferation of AI-derived and processed data in the era of big data is occurring against a complex backdrop of legal frameworks governing ownership of and responsibilities with regard to that data. In a previous installment of this two-part series, the authors outlined challenges and opportunities presented by big data and AI-derived data. In this

The emergence of big data, artificial intelligence (AI), and the Internet of Things (IoT) has fundamentally transformed our understanding and utilization of data. While the value of big data is beyond dispute, its management introduces intricate legal questions, particularly concerning data ownership, licensing, and the protection of derived data. This article, the first installment in