Photo of Gene Fishel

Gene Fishel

Subscribe to Gene Fishel's Posts

Gene is a member of the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) practice, based in the Richmond office. He brings extensive regulatory experience, having most recently served as senior assistant attorney general and chief of the Computer Crime Section in the Office of the Attorney General of Virginia, and as special assistant U.S. attorney in the Eastern District of Virginia for 20 years.

Contact:Read more about Gene Fishel

Several state attorneys general (AGs) and the Federal Trade Commission (FTC) have begun scrutinizing ancestry tracking company 23andMe following its recent announcement that it has filed for Chapter 11 bankruptcy. As part of these efforts, the AGs have issued alerts on ways consumers can exercise their rights under state privacy laws, and the FTC has issued letters stressing potential risks to U.S. bankruptcy trustees. 23andMe, which was founded in 2006, has collected DNA and associated genetic material on seven million American customers to provide information related to those customers’ ancestry.

On November 21, the Supreme Court of Virginia entered a published order reversing a 14-3 en banc decision of the Court of Appeals of Virginia addressing the applicability of Virginia’s criminal laws regulating cybercrime. The decision in Commonwealth v. Wallace is the latest example of courts testing regulatory reach in the cybercrime arena.

This article was originally published on October 2, 2024 in Westlaw Today. It is republished here with permission.

Gene Fishel and Whitney Shephard of Troutman Pepper highlight states with established privacy enforcement units, discuss the corresponding privacy acts in those states, and give recommendations for companies to mitigate risk and navigate a rapidly developing patchwork of regulatory standards.

Published in Law360 on September 27, 2024. © Copyright 2024, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

On Sept. 18, Texas Attorney General Ken Paxton announced a settlement with healthcare technology company Pieces Technology pursuant to the Texas Deceptive Trade Practices-Consumer Protection Act.

On September 4, Texas Attorney General (AG) Ken Paxton filed a lawsuit against the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), challenging two key Health Insurance Portability and Accountability Act (HIPAA) rules — the 2000 Privacy Rule and the newly implemented 2024 Privacy Rule. These rules were enacted to protect the privacy of individuals’ protected health information (PHI) under HIPAA. Texas argues that these rules unlawfully limit state investigators’ ability to access PHI, impeding the enforcement of state laws.

On Tuesday, Texas Attorney General (AG) Ken Paxton announced the creation of a team dedicated solely to the prosecution and enforcement of Texas’ privacy laws. The team will focus on handling cases under at least seven different laws, including the state’s relatively new comprehensive consumer privacy law, and will be part of the office’s Consumer Protection Division. In his announcement, the AG touts the team as the largest such unit in the U.S., and one that will aggressively enforce the state’s privacy laws.

In the latest episode of Regulatory Oversight, Troutman Pepper attorneys Gene Fishel and Joel Lutz welcome guests Aurelia Lewis and Beth Saunders of Lewis Media Partners to discuss evolving privacy laws and their impact on small to mid-sized businesses. Aurelia, as founder and president, and Beth, as vice-president, highlight their wealth of knowledge and experience guiding companies through effective advertising including media channel planning and buying.

This article was originally published in American City & County on March 1, 2024.

For years, private companies have struggled to protect the data of consumers against security incidents and cyber-attacks by malicious threat actors. More recently, there has been a growing surge of data breaches impacting the public sector, and local governments face unique challenges in responding to such incidents.

In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling consumers’ personal information without providing notice or an opportunity to opt out.