This course is no longer available for credit on our site. Here are some similar courses you might be interested in:

Recent Developments in Data Breach Notification Requirements

(186 Ratings)

Produced on: August 17, 2016

Course Format On Demand Audio

Taught by


Course Description

Time 93 minutes
Difficulty Advanced

Currently, organizations that experience a data breach must navigate a patchwork of state breach notification statutes to identify their obligations to provide notice to regulators and affected individuals. If the breach involves certain types of information, organizations may also have notification obligations under certain federal laws and regulations. These statutes and regulations differ with respect to the types of information that must be involved in a data breach to trigger a notification requirement, the exceptions that may apply, whether government regulators or credit reporting agencies must be notified, and the timing and content of any notice to regulators or affected individuals. Additionally, companies that provide services to other business or government agencies are frequently required by contract to notify business partners in the event of a data breach.

Learning Objectives:

  1. Review the current state of breach notification requirements with a focus on recent changes to the applicable law
  2. Examine key distinctions between federal and state notification requirements
  3. Understand the possible direction of future developments in this field


Kelly DeMarchis

Venable LLP

Kelly A. DeMarchis is counsel in Venable's Regulatory Affairs Practice Group, where she advises and represents clients on issues related to privacy and e-commerce. She concentrates on U.S. and global personal data privacy issues. She has provided advice to companies responding to data breach and has extensive experience assisting clients in becoming compliant with a number of U.S. privacy statutes, including state breach notification laws, HIPAA, the Fair Credit Reporting Act and others. She has also worked with clients on questions related to global data privacy.

Ms. DeMarchis also concentrates her practice on e-commerce for both online and bricks-and-mortar clients, and has provided advice to clients on many related statutes, such as the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Electronic Communications Privacy Act, CAN-SPAM, E-SIGN, the Communications Decency Act and the Stored Communications Act. She also has extensive experience with the laws governing remote gaming and gambling and has represented both gaming operators and online payment processors. She has litigated these issues and has extensive experience with internal investigations into a variety of matters.

Matthew Mackenzie

Venable LLP

Matt MacKenzie is a member of the Venable Privacy and Data Security Practice Group. Prior to joining Venable, Mr. MacKenzie was an associate at a consumer financial services law firm in Washington, D.C. He has experience representing clients in federal regulatory investigations by the FTC and the CFPB. He also served as a judicial law clerk to the Honorable Alexander Wright Jr. of the Court of Special Appeals of Maryland. Mr. MacKenzie is a Young Lawyer Liaison for the Privacy Subcommittee in the Consumer Financial Services Committee of the American Bar Association.

Thora Johnson

Venable LLP

Thora Johnson focuses on tax-exempt organizations, employee benefits and executive compensation matters. She advises clients on the establishment and operation of tax-exempt organizations, including private foundations, public charities, trade associations, and title holding companies. She also counsels clients on the establishment and operation of qualified and non-qualified deferred compensation plans and health and welfare benefit plans. She routinely reviews and drafts employee benefit plans, summary plan descriptions, and other employee communications and negotiates vendor contracts. She regularly works with clients to structure comprehensive compliance programs and procedures to comply with the privacy and security requirements of HIPAA. She has broad expertise in health plan compliance, including ERISA, the Internal Revenue Code, HIPAA (privacy and portability), and PPACA. She has been helping employers navigate health care reform from its enactment in March 2010, and is a frequent speaker and writer on the topic.

Representative Clients

Ms. Johnson represents, among others, Allegis Group, Bank of America Corporation, General Dynamics Corporation, and Greater Baltimore Medical Center.


Ms. Johnson is a member of the Maryland State Bar Association and its Study Group for Employee Benefits, as well as the Tax Section of the District of Columbia Bar, the Tax Section of the American Bar Association, and the American Health Lawyers Association. She also regularly assists in pro bono matters involving charitable organizations and employee benefits. She is a trustee of the Friends School of Baltimore and has served as a director of a local charity whose mission is to help individuals find and keep entry-level, nonprofessional jobs.


Joseph C.

Very good instructors

Mark R.

i would have given a higher rating if the questions about how to get state-by-state information had been answered better.

Andrew B.

This is the best breech lecture on Lawline. Great!

Carrie G.

This was a great presentation--written materials were fantastic, detailed, and I feel much more prepared to tackle these issues in my organization.

Jonathan D.

Speakers were clear. Thank you.

Crane L.

Very informative. Thank you, Venable.

Load More


Get Unlimited Access to Lawline Courses

Unlimited CLE Subscription gives you access to take almost any course from our catalog and earn as much CLE credit as you need.