Photo of Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

In July of this year, Fannie Mae announced an update to the Agency’s Seller and Servicer Guidelines to include requirements that mortgage loan sellers and servicers comply with state address confidentiality programs (ADCONs), and to enter coding for borrowers who identify themselves as participants in such programs (SEL-2022-06; SVC-2022-05). Fannie Mae’s announcement

After (Another) Unusual Year, We’re Very Thankful and Wish You a Happy ThanksgivingNow that the pandemic’s “social distancing” is lessening, we hope you are all able to gather with friends and family this Thanksgiving. As we do the same, we wanted to count our blessings as we review the year. This year, we are thankful for being able to return to our offices, our favorite restaurants, and

What the Proposed North Carolina Regulatory Sandbox Could Mean for Fintech and the Financial Services CommunityTechnology is booming and financial technology (“fintech”) is advancing society in new and innovative ways. In 2021 alone, North Carolina has been the target for some very high-profile technology announcements, including Google’s plans to open a cloud engineering hub in Durham and Apple’s new campus in Research Triangle Park. Given the upward trajectory of this

The Perils of Responding to Cyber-Incidents Just Got More ComplicatedIt’s 8 a.m., and you just learned that a material cyber-incident occurred in your organization. You fire up your Incident Response Plan. You engage outside counsel, and outside counsel engages a forensic firm. Your company, your outside counsel, and your forensic firm all sign an agreement that the forensic firm will work at the direction

What You Need to Know About Address Confidentiality Programs

The High-Stakes Compliance Risk You Probably Haven’t Heard Of

This is the first installment in Bradley’s series on Address Confidentiality Programs.

While many businesses have been focused on CCPA compliance, there is another set of state privacy laws that may be flying under your organization’s radar. These lesser known statutes are often referred to as

Tracking Privacy: State Developments to Keep an Eye OnWe are a little more than two weeks into the new year and we’ve already seen several states introduce comprehensive privacy legislation on the heels of California’s Consumer Privacy Act (CCPA). It is no easy task to stay on top of (potentially) 50 different privacy requirements, each with differing applicability standards, definitions, requirements, obligations, and

The Top 5 Reasons Your CCPA Work Is Far from OverSo, you managed to get your California Consumer Privacy Act disclosures and privacy policy up on your website and you can finally take some much-needed rest, right? Think again. And no, it’s not because of the “CCPA-like” statutes coming to a state near you that you’re undoubtedly reading about (and yes, they are coming). It’s

New “Do Not Sell” Nevada Privacy Law Requirement Rolls Out Ahead of CCPA DeadlineStates across the country are floating privacy-related legislation in many forms, and California continues to consider many potential amendments to the landmark California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq., “CCPA”), which goes into effect on January 1, 2020. On May 30, a law of significance to sellers of consumer personal information was

First Federal Legislation Proposed Relating to Protection of BiometricsAmidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the