Photo of Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Published in Law360 on September 27, 2024. © Copyright 2024, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

On Sept. 18, Texas Attorney General Ken Paxton announced a settlement with healthcare technology company Pieces Technology pursuant to the Texas Deceptive Trade Practices-Consumer Protection Act.Continue Reading Takeaways From Texas AG’s Novel AI Health Settlement

On Tuesday, Texas Attorney General (AG) Ken Paxton announced the creation of a team dedicated solely to the prosecution and enforcement of Texas’ privacy laws. The team will focus on handling cases under at least seven different laws, including the state’s relatively new comprehensive consumer privacy law, and will be part of the office’s Consumer Protection Division. In his announcement, the AG touts the team as the largest such unit in the U.S., and one that will aggressively enforce the state’s privacy laws.Continue Reading Texas AG Launches Data Privacy Team

This article was originally published in American City & County on March 1, 2024.

For years, private companies have struggled to protect the data of consumers against security incidents and cyber-attacks by malicious threat actors. More recently, there has been a growing surge of data breaches impacting the public sector, and local governments face unique challenges in responding to such incidents.Continue Reading Unique Aspects of Data Incident Response in Local Government

In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling consumers’ personal information without providing notice or an opportunity to opt out.Continue Reading California AG Announces Second CCPA Settlement, Asserting DoorDash Failed to Deliver Privacy

This article was originally published on February 14, 2024 in Reuters and Westlaw Today. It is republished here with permission.

As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a tangled regulatory web. Extricating itself from that web is the ultimate goal. But what form does that take?Continue Reading That’s a Wrap…or Not? Regulatory Data Incident Investigation Resolutions and the Path Forward

This article was originally published on December 12, 2023 in Reuters and Westlaw Today. It is republished here with permission.

It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this series, “Your organization has suffered a data incident: Now here are the regulators it will likely encounter,” Reuters Legal News and Westlaw Today, Oct. 16, 2023, there is no shortage of regulators likely to come calling. Organizations therefore have little margin for error when assessing and responding to an incident.

Continue Reading Navigating the Complexities of Regulatory Data Incident Investigations

This article was originally published on October 16, 2023 in Reuters and Westlaw Today. It is republished here with permission.

Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it happened, and who (e.g., clients, consumers, vendors, employees) was affected. They will also need to chart a course by which they resolve the incident while limiting their legal exposure.

Continue Reading Your Organization Has Suffered a Data Incident: Now Here Are the Regulators It Will Likely Encounter

This article was originally published on August 24, 2023 in Reuters and is republished here with permission.

In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.

An incident is any “occurrence that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system,” or an event that constitutes a violation of an organization’s computer security or acceptable use policies. National Institute of Standards and Technology, Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, at 7 (Mar. 9, 2006) (nist.gov). A breach is an incident that imposes statutory and regulatory obligations on an affected organization when it holds or controls certain consumer information.Continue Reading Data Protection: One of These Incidents Is Not Like the Other

On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation tracking app “Premom” to protect the sensitive reproductive data of consumers. Easy Health agreed to several remedial measures intended to prevent the disclosure of sensitive information to third parties and to pay a $100,000 penalty to the states involved with the investigation.Continue Reading AGs Require Company With Ovulation Tracking App to Protect User Data

Published in Law360 on January 25, 2023. © Copyright 2023, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

In recent months, there has been an explosion of artificial intelligence tools that have given even technophobes an opportunity to test AI’s power from the comfort of their favorite web browser.

From DALL-E’s ability to generate digital images from natural language prompts to ChatGPT’s ability to answer questions, write blog posts, essays, poetry or even song lyrics, today’s AI tools can be used by anyone who can open a web browser.Continue Reading Preparing for an Era of Regulated Artificial Intelligence