Richard Sheinis

Richard Sheinis and Jade Davis discuss the European Union’s Artificial Intelligence Act and its implications for businesses globally, especially in the USA.

Touted as the world’s first comprehensive legal framework of its kind, the AI Act will go into effect in stages over the next three years. The AI Act will apply to both businesses operating within the EU and to any AI developers or creators whose AI systems are used in EU countries and raises a few questions…

Partners Richard Sheinis and Jade Davis discuss their predictions for the data privacy and cybersecurity industry in 2024.

Hall Booth Smith is proud to announce the launch of its new podcast PrivacyCafé, hosted by Partners Richard Sheinis and Jade Davis.

After roughly a year of multiple warnings by the HHS concerning the usage of online tracking technologies and associated privacy and security risks, class action lawsuits have begun to be filed…

In May 2023, the FTC issued a warning that it would be closely monitoring the use of biometric information technology, including those powered by machine learning, because they raise significant consumer privacy and data security concerns and have the potential for bias and discrimination. On December 19, the FTC made good on its promise by

As the rest of the world continues to move forward with national data privacy legislation, the United States continues its well-established habit of proposing piecemeal data privacy laws that go nowhere

Our most recent HBS Legal Trends podcast features Charlotte Partner Richard Sheinis and Tampa Of Counsel Jade Davis. Together, they discuss the legal implications of using artificial intelligence (AI) in your organization, including how AI can be used, the implementation of AI, developing internal AI policies and procedures, best practices, and much more. You can

In an article published on August 9, 2023, in Law360, Charlotte Partner Richard Sheinis discusses how increased utilization of technology to track activity online could bring HIPAA compliance risks. “An individual does not have to be a patient of a covered entity, for the covered entity's collection of that individual's information to be PHI. The

In a June 25, 2023, article written for Hotel Interactive, Charlotte Partner Richard Sheinis reviews the potential roles artificial intelligence (AI) can play within the hospitality industry. In it, he provides an overview of what AI is, how it works, and what opportunities and risks some popular technologies such as ChatGPT may hold for those

In an article published on June 21, 2023, in the New York Law Journal, Richard Sheinis, partner at Hall Booth Smith, and Lisa Jaffe, AVP of Cyber/Technology/Media Claims at Hiscox Insurance, discuss the significant increase in class action lawsuits involving data breaches and how defendants can use legal defenses to stop the class action, such

Hospitals and healthcare systems have long been targets for cyber criminals. One such incident occurred in October 2022 when CommonSpirirt Health announced an IT security incident, leading some such as Richard Shenis, partner and head of the Data Privacy & Cyber Security practice group at Hall Booth Smith, to reiterate strategies such as geofencing as

Increasing cyberattacks targeting cultural institutions – including a December 7 attack affecting The Metropolitan Opera’s network systems, website, box office, and call center – have led many to question the purpose of such attacks while some such as Richard Sheinis, partner and head of Hall Booth Smith’s Data Privacy & Cyber Security practice group, simply

The Office of Civil Rights recently announced a settlement with a Massachusetts dermatology clinic regarding the improper disposal of protected health information (PHI) after staff at the clinic placed empty specimen containers with PHI labels in a garbage bin in their parking lot. Richard Sheinis, partner and head of the Data Privacy & Cyber Security

Written by: Richard Sheinis, Esq. Canada’s Federal Privacy Law, the Personal Information Protection and Electronics Documents Act (PIPEDA) is over 22 years old.  Its replacement, proposed Bill C-27, which introduces the Consumer Protection Privacy Act (CPPA) is still at least one year away from being passed. The CPPA is part of Canada’s Digital Charter Implementation

Written by: Richard Sheinis, Esq. As many of you know, the VCDPA is scheduled to go into effect on January 1, 2023.  In advance of the effective date, the Virginia Legislature has passed several amendments to the Act.  The amendments are as follows: A new exemption to the right to delete when the personal data

In a Raconteur article about the need for companies to ensure they have the right insurance policies to contend with rising cyber attacks, Richard Sheinis, partner and head of the Data Privacy & Cyber Security Service Area at Hall Booth Smith, said “When a client suffers an event, whether that be a ransomware attack or

Written by: Richard Sheinis, Esq.  On March 3, 2022 the Utah Consumer Privacy Act (“UCPA”) was passed by the Utah legislature and sent to the Governor to sign, which he is expected to do.  Most of you will be familiar with the requirements of the UCPA as they are similar to recently passed privacy laws

In a Journal of Healthcare Risk Management article about the HIPAA Safe Harbor Law in which HIPAA-covered entities and their business associates receive certain protections when potentially facing fines and other penalties under HIPAA, Richard Sheinis, Partner and Leader of the Data Privacy & Cyber Security Service Area at Hall Booth Smith, said the law

In an article published in the Association of Corporate Counsel’s ACC Docket, Hall Booth Smith Partner Richard Sheinis and ParkMobile Chief Legal and Privacy Officer Tony Stewart share what it takes to develop a strategic privacy program that deals with data privacy laws from different jurisdictions. Listed chief in their recommendations are data mapping and

Written by: Richard Sheinis, Esq. Several Democratic legislators have introduced the Algorithmic Accountability Act of 2022 (the “Act”). This legislation is a redo of the 2019 Algorithmic Accountability Act. While this piece of legislation will likely die on the vine, like so many personal data related bills before it, it demonstrates a disturbing trend to

Written by: Richard Sheinis, Esq. As many of our readers know, the transfer of personal data from the EU to countries outside the EU is heavily regulated by the GDPR. Companies that transfer personal data from the EU to the US typically use Standard Contractual Clauses, which are intended to provide some assurance that personal data

Written by: Richard Sheinis, Esq. CNIL, the French Data Privacy Supervisory Authority, has fined Google 150 Million Euros, and Facebook 60 Million Euros, for having websites that do not make refusing cookies as easy as accepting them.  Prior GDPR guidance, and rulings from various supervisory authorities, required that websites using cookies have a cookie banner

In the January issue of Healthcare Risk Management, Richard Sheinis, Partner and leader of Hall Booth Smith’s Data Privacy & Cyber Security Service Area, discusses what health care providers and hospitals should do when a medical device has been compromised. In the article, Richard lays out the steps providers should take when responding to an

Written by: Richard Sheinis, Esq. In September 2021, Senator Richard Blumenthal and eight other Democratic Senators sent a letter to FTC Chair Lina Kahn requesting that the agency begin a rulemaking process to address data privacy.  Blumenthal and the other Senators stated that consumer privacy had become a consumer crisis with tech companies routinely breaking

In a Part B News story looking at the rising cost of cyber insurance for health care providers and companies as ransomware attacks grow, Richard Sheinis, Partner and Leader of Hall Booth Smith’s Data Privacy & Cyber Security Service Area, explains how the market has shifted over time with big payoffs. “Years ago, when a

Written by: Richard Sheinis, Esq. Last month I wrote about the need for federal data privacy legislation.  Although numerous Senators have introduced such legislation, nothing much seems to happen after the initial introduction.  Adding to the list, Senator Catherine Cortez Masto (D-Nev.) is introducing the Digital Accountability and Transparency to Advance (DATA) Privacy Act.  There

CHARLOTTE, NC – November 4, 2021 – Hall Booth Smith, P.C. (HBS) has added Associate Brock Wolf as its office in Charlotte, North Carolina continues to expand. Brock focuses his practice on medical malpractice defense, data privacy and cyber security, and general liability litigation. Brock was previously a law clerk and a summer associate at

In an article published by Part B News on November 1, 2021, Hall Booth Smith Charlotte-based Partner Richard Sheinis discusses the potential sanctions health care providers can incur by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) if they pay a sanctioned international criminal actor as part of a ransomware attack.

Written by: Richard Sheinis, Esq. The U.S. is lagging further and further behind the rest of the world when it comes to the privacy of personal data.  The EU’s General Data Protection Regulation (GDPR), which became effective in 2018, has become the “gold standard” for data privacy.  Many countries have used the GDPR as the model

Written by: Richard Sheinis, Esq. We are all aware of the requirements under several laws that a company’s website must have a link to the company’s privacy policy explaining how the company treats personal information. The oxymoronic part of the privacy policy requirement, however, is that laws require more and more information to be included

In an article published online in Law360 on August 16, 2021, Partner Richard Sheinis and Associates Brett Lawrence and Charles Langhorne offer 17 best practices for companies to defend against ransomware, in light of recent attacks. U.S. businesses were hit with “the biggest ransomware attack on record” in July. “This latest spate of ransomware attacks,

Written by: Richard Sheinis, Esq. Most of you know that on June 4, 2021, the European Commission (“EC”) adopted two (2) new sets of Standard Contractual Clauses (“SCC”) for the cross-border transfer of personal data from the EU.  The new SCC are due to a general need for updating the existing SCC, as well as

Written by: Richard Sheinis, Esq. This Bill was first introduced in 2016 in response to a dispute between the FBI and Apple in which the FBI sought to have Apple provide access to the locked mobile phone of a suspect in a mass shooting in San Bernardino, California.  The Act has been reintroduced each year since

Written by: Richard Sheinis, Esq. On April 19, 2021 the FTC issued what might be called guidance, but is more of a warning, regarding the use of artificial intelligence.  The FTC cautions against using AI in a way that produces discriminatory outcomes. The FTC states that in order to avoid bias and prejudice, the data

Written by: Richard Sheinis, Esq. As of April 1, 2021, the French Supervisory Authority, Commision Nationale de l’Informatique et des libertes (“CNIL”) will enforce its cookie and ad tracker guidelines.  CNIL had previously announced it would give companies until March 31, 2021 to adjust their ad tracker and cookie practices to come into compliance. Most

Written by: Richard Sheinis, Esq. The Biometric Information Privacy Act (“BIPA”) is an Illinois statute that prohibits the use of biometric identifiers or information without prior notification and written consent.   Facebook ran into trouble when a lawsuit was filed in 2015 alleging Facebook violated BIPA by tagging photos using facial recognition without their consent. Facebook

Written by: Richard Sheinis, Esq. On December 24, 2020, the EU-UK Trade Cooperation Agreement was announced.  This Agreement contained an adequacy “bridge” so that the EU will treat the UK as an adequate jurisdiction for purposes of the protection of personal data for up to 6 months.  During this period, the EU is to assess

In an article published by Healthcare Risk Management on February 5, 2021, Partner Richard Sheinis is quoted discussing lessons learned from a $4.3 million HIPAA violation penalty that was overturned. The penalty was imposed on the University of Texas M.D. Anderson Cancer Center by the Department of Health and Human Services’ Office for Civil Rights

Written by: Richard Sheinis, Esq. The transatlantic transfer of personal data from the EU to the US is still a mess.  Since the EU Court of Justice struck down the EU-US Privacy Shield in July 2020, and called into question the validity of the EU’s standard contractual clauses, a solution to allow transfer of personal

CHARLOTTE, NC – November 16, 2020 – Hall Booth Smith, P.C. (HBS) has added Of Counsel Glenn E. Jones and Attorney Briana N. Kelly to its growing office in Charlotte, North Carolina. Glenn concentrates his practice on general liability, premises liability, medical malpractice and transportation matters. Rated AV Preeminent by Martindale-Hubbell, he has extensive experience

Written by: Richard Sheinis, Esq. A lawsuit has been filed with a court in the Netherlands challenging Uber’s alleged practice of using automated systems to identify fraudulent activity and terminate drivers based on that process, also known as “Robo-Firing”. This practice, which Uber denies, would potentially violate Article 22 of the GDPR.  Article 22 protects data

Written by: Rich Sheinis, Esq. and Brett Lawrence, Esq. The votes are in and California’s citizens have spoken, the California Privacy Rights Act (“CPRA”) is now law. Known as CCPA 2.0, CPRA increases the privacy obligations of businesses already subject to the requirements of California’s 2018 California Consumer Privacy Act (“CCPA”). Though not nearly discussed

Written by: Richard Sheinis, Esq. Sen. Roger Wicker, R-Miss., along with three other Republican senators who are members of the Senate Commerce Committee, has introduced yet another national privacy legislation bill, known as the SAFE DATA Act. The full name of the bill is the “Setting an American Framework to Ensure Data Access, Transparency and

Written by: Richard Sheinis, Esq. German authorities are investigating the death of a patient following a ransomware attack on a hospital in Germany.  The unknown perpetrators potentially face charges of negligent manslaughter.  Last Friday, a patient in need of urgent medical care was re-routed from the Düsseldorf University Hospital, to a hospital more than 30

Written by: Richard Sheinis, Esq. Many of you are probably asking what is the “Payment Services Directive 2 (PSD2)”, before worrying about being ready for it!  PSD2 is a Directive from the European Parliament (Directive (EU) 2015/2366) intended to modernize Europe’s payment services for the benefit of consumers and business, and to facilitate innovation, competition, and

Written by: Richard Sheinis, Esq. It has been almost two (2) months since the EU Court of Justice struck down the EU-US Privacy Shield.  At the same time, while holding that the Standard Contract Clauses (“SCC”) in principle are still valid, the Court cautioned that SCC must still provide the level of protection guaranteed by the

Written by: Richard Sheinis, Esq. On August 4, 2020, yet more data privacy legislation was introduced by Senators Bernie Sanders and Jeff Merkley.  Titled “The National Biometric Information Privacy Act of 2020,”  this continues the trend of law makers introducing piecemeal, and frequently punitive, data privacy legislation rather than working on a single comprehensive data

Hall Booth Smith, P.C. has created a new 24/7 data breach hotline that businesses, governments and other organizations can call for immediate response and assistance on data and technology breaches. Security breaches, ransomware attacks, system compromise and cloud penetrations are a constant threat.  When an attack occurs, the dedicated Data Privacy and Security team at

CHARLOTTE, NC – July 15, 2020 – Hall Booth Smith, P.C. (HBS) has added Attorney Rylee Dillard to its growing office in Charlotte, North Carolina. Rylee focuses her practice on a wide variety of medical malpractice, general liability and workers’ compensation matters. Before joining HBS, she worked at an insurance defense firm in Charlotte where

Written by: Richard Sheinis, Esq. In the last fifteen (15) months, no less than six (6) data privacy Bills have been introduced in the Senate.  Two of these Bills are specifically related to data collection and use in response to COVID-19.  This does not include the Data Accountability and Transparency Act of 2020, announced by

CHARLOTTE, NC – June 16, 2020 – Hall Booth Smith, P.C. has added Associates Brett Lawrence and Christian Ferlan as its office in Charlotte, North Carolina, continues to expand. Lawrence concentrates his practice on data privacy and security matters. Before joining HBS, he was a law clerk to the Honorable Lucy Inman of the North

Written by: Richard Sheinis, Esq. Thailand’s Personal Data Protection Act was passed in May 2019, and was scheduled to go into effect May 27, 2020.  The Act is very similar to the European Union’s General Data Protection Regulation. Only a few days before the Act was to become effective, it was decided that 22 types

Written by: Richard Sheinis, Esq. A Dutch court has ruled that a grandmother is violating the EU’s General Data Protection Regulation by posting photographs of her grandchildren on her social media account without the consent of the children’s parents. The court’s ruling arose from a complaint filed by the children’s mother, who wanted the photographs

Written by: Richard Sheinis, Esq. Unlike the United States, where Senators are first introducing legislation to deal with the use of personal information in the context of COVID-19, the European Data Protection Board (“EDPB”) relies on established legislation to govern the use of location data and contact tracing tools.  (Hint: the U.S. needs to pass

Written by: Richard Sheinis, Esq. On April 30, 2020, Republican Senators Wicker (MS), Thune (SD), Moran (KS) and Blackburn (TN), announced the introduction of the “COVID-19 Consumer Data Protection Act,” intended to protect health, geolocation and proximity data. These types of personal data are related to contact tracing, the process of identifying persons with whom

Written by: Richard Sheinis, Esq. Many countries are using geolocation data from phones to track COVID-19.  Singapore, the United Kingdom and Israel have developed their own apps for tracking people’s movements.  In Europe, mobile phone companies such as Vodafone, have agreed to share location data. The European Data Protection Board has appointed a group of

Written by: Richard Sheinis, Esq.  On March 17 a coalition of 35 advertising groups sent California Attorney General Xavier Becerra a letter calling for a delay in the enforcement of the California Consumer Privacy Act (“CCPA”) because of COVID-19.  Enforcement of the CCPA is currently scheduled to begin July 1.  The Attorney General’s office refused

Written by: Richard Sheinis, Esq. In this business, we are all familiar with GDPR’s right to erasure (commonly called “the right to be forgotten”) granted by the GDPR.  The question that often comes up is when a data subject exercises their right to erasure, does the organization also have to erase the data subject’s personal

Written by: Richard Sheinis, Esq. Now that the UK has a withdrawal agreement with the EU, what will this mean for data privacy for personal data in the UK, as well as for personal data that is transferred between the UK and other countries.  UK’s Information Commissioner’s Office (“ICO”) has provided some answers.  For the

Written by: Richard Sheinis, Esq. On February 7, 2020 the California Attorney General published a “redline” version of the CCPA Regulations. These regulations are open for public comment until February 24, 2020. In the meantime, here are a few of the more important redline changes in the latest draft: The definition of household is clarified

Written by: Richard Sheinis, Esq. The e-Privacy Regulation, which was supposed to be a close cousin to the General Data Protection Regulation, was first proposed by the European Commission in January 2017.  However, here we are nearly 3 years later, and the latest draft of the e-Privacy Regulation was once again been rejected by the

Written by: Richard Sheinis, Esq. In yet another attempt to pass federal privacy legislation, on November 26, U.S. Senator Maria Cantwell, D-Wash., introduced the Consumer Online Privacy Rights Act (“COPRA”).  COPRA would apply to information that identifies or is reasonably linked to an individual residing in the U.S. or a consumer device.  COPRA would generally

Written by: Richard Sheinis, Esq. A soccer team in Denmark is using facial recognition technology to stop unruly fans, apparently with the approval of the Danish Data Protection Agency (“DDPA”).  The technology is used to scan fans as they enter the stadium.  The scans are then compared against a list of banned troublemakers to determine

Written by: Richard Sheinis, Esq. More than 2,000 websites, including court websites and the national TV station, were knocked out by a massive cyber attack in the country of Georgia.  A state sponsored political attack is suspected as many of the website home pages were replaced with an image of former President Mikheil Saakashvili and the

Written by: Richard Sheinis, Esq. Singapore’s Personal Data Protection Commission (“PDPC”) has assessed two large fines against companies for data breaches.  The telecommunications company, Tingtel, has been fined $25,000 for a data breach involving its My Singtel mobile app.  A problem in the design of the mobile app allowed My Singtel users to potentially access

Written by: Richard Sheinis, Esq. With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law.  Unless there is a federal privacy law that supersedes state law, businesses will be in

Written by: Richard Sheinis, Esq. German data protection authorities have published a new model for calculating fines under GDPR, which, is likely to lead to higher fines.  While this model is strictly being tested in Germany, since GDPR should be applied equally across the EU, it is possible that this model could be expanded to

Written by: Rich Sheinis, Esq.  On October 1, 2019, the CJEU issued a ruling establishing that consent to use cookies cannot be validly obtained through a pre-checked box.  In this particular case, an online gaming company, Planet49 GmbH, had a lottery which required internet users to provide personal data.  The web page contained a pre-ticked

Written by: Richard Sheinis, Esq. The European Data Protection Board (“EDPB”) recently issued guidance on the use of video devices to process personal data. The guidelines are in draft form, and were open for public comment through September 9, 2019.  The final version of the guidelines is expected later this year. The use of video

Written by: Richard Sheinis, Esq. The Data Protection Law, 2017, (“DPL”) introduces globally-recognized principles surrounding the use of personal information to the Cayman Islands.  Similar to the GDPR and other data privacy legislation, individuals will have several data access rights.  These rights include the right to be informed, the right to access their data, the

Written by: Richard Sheinis, Esq. Fashion ID is an online retailer whose website used a plug-in to feature a Facebook “Like” button.  As a result of the plug-in, when a user lands on Fashion ID’s website, information about the user’s IP address and browser string is automatically transferred to Facebook.  This transfer of information occurs

Written by: Richard Sheinis, Esq. The Ninth Circuit has ruled that a case against Facebook for violating the Illinois Biometric Information Privacy Act can proceed as a class action.  The lawsuit stems out of Facebook’s “Tag Suggestions” feature.  When a Facebook user enables the Tag Suggestions feature, Facebook uses facial recognition technology to analyze whether

Hall Booth Smith (HBS) is pleased to announce that Richard Sheinis, managing Partner of the Charlotte office, has earned the designation of Fellow of Information Privacy from the International Association of Privacy Professionals (IAPP). This designation is reserved for experts in the privacy industry and signifies that Mr. Sheinis has demonstrated a comprehensive knowledge of

Hall Booth Smith (HBS) is pleased to announce that Anthony E. Stewart, an attorney in the Atlanta office, has earned the designation of Fellow of Information Privacy from the International Association of Privacy Professionals (IAPP). This designation is reserved for experts in the privacy industry and signifies that Mr. Stewart has demonstrated a comprehensive knowledge

Written by: Richard Sheinis, Esq. New York’s SHIELD Act has passed the New York Senate, and now awaits passage in the Assembly before it goes to the Governor to sign into law.  While the Act contains new rules regarding data breaches and data breach notification, businesses should be most concerned about the increased geographic coverage

Hall Booth Smith, P.C. (HBS) is pleased to announce that it is expanding its footprint by opening an office in Charlotte, North Carolina. The HBS Charlotte office will be led by Partner Richard Sheinis. The Charlotte location will be the firm’s tenth office. “We are very excited to be a part of the Charlotte community,” said

Partner Rich Sheinis co-authored an article for the Journal of Accountancy with accountant Sarah Beckett Ference. The article, “Data Security Risk: You Can Take it Anywhere,” can be found here: http://www.journalofaccountancy.com/Issues/2014/Apr/data-security-risk-20149482.htm

In the Fall 2013 issue of Hospitality Upgrade, Partner Rich Sheinis wrote an article entitled “Making Your Cloud Agreement Work for You.” In this article Mr. Sheinis discusses the best course of action for a written contract of services with a cloud vendor. Click here to read the full article. Mr. Sheinis is certified as a privacy professional

Richard Sheinis, a partner in the Atlanta office of Hall Booth Smith, P.C. authored a two page article of Sigel Communications Hospitality Upgrade magazine’s August issue. In the article entitled, “Embracing Mobility”. Richard lists steps that companies can use to maximize the use of their mobility services, while minimizing security risks. He states, “a few basic

Richard Sheinis, a partner in the Atlanta office of HBS, recently passed the certification examination and receiving the designation of Certified International Privacy Professional (CIPP-US) by the International Association of Privacy Professionals. The CIPP/US credential demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible

Richard Sheinis, the past  President and founder of the Netherlands American Chamber of Commerce, was awarded the 2012 Halve Maen Award for his work in strengthening the  Dutch-American relationship in the Atlanta Community.  Mr. Sheinis has been a partner in the Atlanta office of HBS for over ten years and leads the firm’s Clean Tech

Atlanta, November 17, 2011 – Richard Sheinis, a partner with Hall Booth Smith (HBS) moderated a roundtable of Business to Business Magazine’s Atlanta Executive Sustainability Roundtable.  HBS was the exclusive legal sponsor of  the event held on November 17th at the Georgia-Pacific Auditorium. The roundtable included Kate Brass, Ecomagination Program Manager at GE Energy; Jim

Georgia Trend has officially announced their 8th annual list of Georgia’s top attorneys which includes seven of our very own here at Hall Booth Smith. Selected by their peers, the votes were compiled and categorized by nine practice areas: business law; personal injury litigation; criminal law; labor and employment; taxes; estates and trusts; bankruptcy and creditors’

Published in the Spring/Summer 2010 issue of USLaw Magazine, attorneys Richard Sheinis and Chad Wingate co-authored the article “Enforcement of International Arbitration Awards in the Unites States”. In this article, Mr. Sheinis and Mr. Wingate discuss the New York Convention, the Panama Convention, vacating non-domestic arbitral awards, and Article V of the New York Convention which “provides the exclusive grounds