Photo of Gene Fishel

Gene is a member of the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) practice, based in the Richmond office. He brings extensive regulatory experience, having most recently served as senior assistant attorney general and chief of the Computer Crime Section in the Office of the Attorney General of Virginia, and as special assistant U.S. attorney in the Eastern District of Virginia for 20 years.

On Tuesday, Texas Attorney General (AG) Ken Paxton announced the creation of a team dedicated solely to the prosecution and enforcement of Texas’ privacy laws. The team will focus on handling cases under at least seven different laws, including the state’s relatively new comprehensive consumer privacy law, and will be part of the office’s Consumer Protection Division. In his announcement, the AG touts the team as the largest such unit in the U.S., and one that will aggressively enforce the state’s privacy laws.Continue Reading Texas AG Launches Data Privacy Team

In the latest episode of Regulatory Oversight, Troutman Pepper attorneys Gene Fishel and Joel Lutz welcome guests Aurelia Lewis and Beth Saunders of Lewis Media Partners to discuss evolving privacy laws and their impact on small to mid-sized businesses. Aurelia, as founder and president, and Beth, as vice-president, highlight their wealth of knowledge and experience guiding companies through effective advertising including media channel planning and buying.Continue Reading Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses

This article was originally published in American City & County on March 1, 2024.

For years, private companies have struggled to protect the data of consumers against security incidents and cyber-attacks by malicious threat actors. More recently, there has been a growing surge of data breaches impacting the public sector, and local governments face unique challenges in responding to such incidents.Continue Reading Unique Aspects of Data Incident Response in Local Government

In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling consumers’ personal information without providing notice or an opportunity to opt out.Continue Reading California AG Announces Second CCPA Settlement, Asserting DoorDash Failed to Deliver Privacy

In the latest episode of Regulatory Oversight, Troutman Pepper Partner Judy Jagdmann and Counsel Gene Fishel are joined by Sam Kaplan, assistant general counsel for public policy for Palo Alto Networks. They engage in an insightful conversation revolving around the government response to cyber incidents and the potential role of AI in combating cybersecurity threats.Continue Reading Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World

This article was originally published on February 14, 2024 in Reuters and Westlaw Today. It is republished here with permission.

As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a tangled regulatory web. Extricating itself from that web is the ultimate goal. But what form does that take?Continue Reading That’s a Wrap…or Not? Regulatory Data Incident Investigation Resolutions and the Path Forward

In an era where privacy, security, and artificial intelligence are at the forefront of many business operations, staying informed about the latest developments is crucial. Our 2023 Privacy Year in Review is an in-depth analysis of the past year’s significant advancements and challenges in these areas.Continue Reading Navigating the Privacy Landscape: Insights from Troutman Pepper’s 2023 Privacy Year in Review

On January 16, New Jersey became the first state this year to enact a comprehensive privacy law, S332, which applies to businesses conducting operations in the state or targeting its residents. As noted in this article by our privacy team, similar to other state comprehensive privacy laws, S322 grants consumers the right to confirm, correct, delete, obtain a copy of their personal data, and opt out of its processing for targeted advertising, sale, or profiling. Controllers and processors are obligated to limit data collection, establish security practices, and provide a privacy notice. They are also required to conduct a data protection assessment for processing activities that pose a heightened risk of harm to consumers. The New Jersey Attorney General’s Office has exclusive authority to enforce violations, treating them as “unlawful practices” under the New Jersey Consumer Fraud Act. The law takes effect on January 16, 2025, with an 18-month grace period for organizations to correct violations before enforcement actions are taken.

Continue Reading NJ Charges Into 2024 With New Privacy Law

This article was originally published on December 12, 2023 in Reuters and Westlaw Today. It is republished here with permission.

It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this series, “Your organization has suffered a data incident: Now here are the regulators it will likely encounter,” Reuters Legal News and Westlaw Today, Oct. 16, 2023, there is no shortage of regulators likely to come calling. Organizations therefore have little margin for error when assessing and responding to an incident.

Continue Reading Navigating the Complexities of Regulatory Data Incident Investigations

In the latest episode of Regulatory Oversight, Gene Fishel and Mike Lafleur welcome Pat Moore and Jared Rinehimer from the Massachusetts Attorney General’s (AG) Office to discuss online sports wagering. They cover the recently enacted Massachusetts Sports Wagering Act, the associated role of the Massachusetts Gaming Commission, related rules addressing advertising and data privacy, and the overall concerns of the AG’s office.

Continue Reading Game On: Navigating the Legal Landscape of Sports Wagering