Photo of Karin E. Ross

Karin E. Ross focuses her practice on data privacy, cybersecurity, and technology transactions. Karin has counseled a diverse array of companies from startups to Fortune 500 companies in both local and global markets. She works closely with clients on data privacy and security compliance programs and advises on existing and emerging privacy and data protection legislation, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). Her experience spans a range of industries including consumer goods, medical technology, financial services, e-commerce, and restaurants.

Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA

Jan. 1 is approaching, and with it comes new requirements under the California Consumer Privacy Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). What should you and your company be focusing on to ensure you are prepared for the looming compliance deadline? This Data Privacy Dish post offers end-of-year considerations for closing out

On Feb. 10, 2021, Acting Federal Trade Commission (FTC) Chairwoman Rebecca Kelly Slaughter offered a glimpse of where the FTC may be headed under the Biden administration and confirmed that privacy remains among the Commission’s top priorities.

In her keynote address to the Future of Privacy Forum, Slaughter shared her views on the FTC’s role

The CCPA does not explicitly reference the requirement to train employees, but it does require that:

All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed [concerning the CCPA’s requirements] . . . and how to direct consumers to exercise their rights under those