Richard Sheinis

atp5d vr

Richard Sheinis

Partner
spc2

Biography

Richard Sheinis has litigated in federal and state courts for 37 years and has been the first chair for approximately 175 jury trials. His clients have included health care professionals and institutions, technology companies, and global business entities.

Rich takes advantage of his litigation background to work with businesses in the areas of data privacy and cybersecurity, employment, and technology. He works with a wide variety of companies from small technology businesses to publicly traded companies with a global footprint.

Rich also teaches Health Information Privacy and Security as an adjunct professor at the University of North Carolina at Charlotte.

Experience

Data Privacy & Cybersecurity

Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations. Rich is well-versed in technology matters, and regularly works on technology issues related to:

  • Software as a Service (SaaS) agreements
  • Web development and hosting
  • Cloud computing
  • Electronic Health Record software agreements
  • Software licensing
  • Technology outsourcing
  • Data analytics
Labor & Employment

Rich has represented the interests of clients in a variety of employment matters. He has defended clients against discrimination claims base on race, religion, national origin, sex, disability, and age as well as Title IX claims against colleges and universities. He has also represented clients in lawsuits alleging violations of the Family Medical Leave Act, the Fair Labor Standards Act, and a variety of claims alleging wrongful termination. Representative matters include:

  • Defended hotel chain against claims of national origin and religious discrimination.
  • Defended employer against claim of gender discrimination.
  • Represented health care providers against claims of disability, religious and racial discrimination.
  • Prepared employment agreements, which included non-compete, non-solicitation and non-interference restrictive covenants.
  • Responded to EEOC charges on behalf of a variety of employers.

Credentials

Admitted

State Courts:

  • Georgia
  • North Carolina
  • Tennessee

U.S. District Courts:

  • U.S. District Court for the Northern District of Georgia
  • U.S. District Court for the Middle District of Georgia

U.S. Courts of Appeal:

  • U.S. Court of Appeals for the Eleventh Circuit

Certifications

  • Certified Information Privacy Professional (CIPP/US), IAPP
  • Certified Information Privacy Technologist (CIPT), IAPP
  • Fellow of Information Privacy, IAPP

Education

  • J.D., Duke University, 1983
  • B.A., Binghamton University, 1980

Affiliations

  • Analytics and Big Data Society, Board Member
  • Care Ring: Board of Directors, 2024-Present
  • DRI
  • Hospitality Technology Next Generation
  • International Association of Privacy Professionals
  • Netherlands-American Chamber of Commerce of the Southeastern United States, Secretary
  • University of North Carolina at Charlotte, School of Data Science, Adjunct Faculty

Recognition

Presentations

  • Legal Perspective on AI
    Charlotte Metro ISSA, Monthly Meeting; May 22, 2024
  • Artificial Intelligence in Medicine: Risks, Benefits, and Best Practices
    Georgia Society of Healthcare Risk Management (GSHRM) 2024 Winter Meeting; February 2, 2024
  • Using AI in Your Business
    HBS Webinar; July 27, 2023
  • New U.S. Privacy Laws & the Changing International Landscape
    BITAC – Operations, April 2023
More +
  • Partnering with Cyber Insurance Before, During, and After an Event
    Charlotte Technology Leadership Conference; September 10, 2020
  • COVID-19 Legislative Updates and Remote Security,
    Curi; August 13, 2020
  • Revised CCPA Regulations And How COVID-19 Is Affecting Data Privacy
    Hall Booth Smith; April 7, 2020
  • State Privacy Law Update
    IAPP-Charlotte Knowledge Net Chapter; October 23, 2019
  • CCPA Is Almost Here – How to Get Ready
    Hall Booth Smith; October 16, 2019
  • Beyond HIPAA: Cyber Threats, Hackers and Risks … and How to Protect PHI
    Georgia Society of Healthcare Risk Managers, Fall Conference; September 9, 2019
  • NY SHIELD Act: How Your Data Privacy and Security Obligations Could Change
    Hall Booth Smith; August 20, 2019
  • How AI Is Reshaping the Future of HealthCare
    Florida Society of Hospital Risk Managers and Patient Safety, Annual Conference; August 15, 2019
  • Blockchain in Hospitality: Regulatory and Governance
    Hotel Technology Next Generation; April 30, 2019
  • Are You Ready for GDPR?
    HTNG Asia-Pacific Conference, Macau, China; July 24-26, 2018
  • Held for Ransom! First Steps to Mitigate Potential Server and Systems Takeover
    Medical Mutual 2018 Webinar Series; April 11,2018
  • Worried About GDPR?
    HT-NEXT Conference; March 14, 2018
  • GDPR Contracting
    HT-NEXT Conference, CISO Forum; March 13, 2018
  • Cybersecurity: Keeping Us Safe or Making Us More Vulnerable?
    Charleston School of Law 2018 Symposium; February 9, 2018
  • GDPR Readiness
    Hospitality Financial & Technology Professionals, Central Carolina Chapter Meeting; January 26, 2018
  • IT For Banking Law Lawyers: Threats, Security Trends, and Expectations
    USLAW NETWORK Banking and Financial Services In-House Counsel Forum; October 4, 2017
  • Exercising Cybersecurity Due Diligence in Mergers and Acquisitions
    Claims and Litigation Management Alliance, 2017 CLM Management & Professional Liability Conference; July 27, 2017
  • Data Security Risk Assessments: The Gold of Due Diligence
    American Bar Association, National Legal Malpractice Conference; April 20, 2017
  • Getting Smart about PII: A Legal & Logistical Roadmap to Protect from Privacy and Security Risks
    Hotel Technology Forum + HTNG North America HT-Next; April 11, 2017
  • Cloud Security and Mitigating Vulnerabilities
    UNC Charlotte Cybersecurity Symposium; October 5, 2016
  • The GDPR, EU – US Privacy Shield and the Russian Data Localization Law
    Hotel Technology Next Generation; May 3, 2016
  • Privacy/Cyber Legal Issues in Private Practices
    Sterling Risk Advisors, Sterling Club Educational Breakfast; February 2, 2016
  • Better Call Saul
    Hospitality eResources, Data Security Training Seminar; January 2016
  • Data Privacy and Security, Cyber Liability, Compliance and Other Concerns in the Data Age
    Ohio Association of Civil Trial Attorneys; November 20-21, 2015
  • Protection and Use of EMR in the Digital Age of Analytics, Clouds and Bad Guys
    North Carolina Health Information Management Association; November 5, 2015
  • Privacy & Cyber Liability, Protecting Your Business
    Sovereign Risk Solutions, Soup to Nuts Lunch & Learn; August 27, 2015
  • Dawn of the Data Age
    DRI, Data Breach & Privacy Law Conference; September 2014
  • The Road to Data Privacy and Cybersecurity
    Alabama Association of Corporate Counsel, April 2014
  • The New HIPAA Security Omnibus Regulation & Other Updates for the HIPAA Security Rule
    Georgia Society for Healthcare Risk Management, Fall 2013 Conference
  • Employment Policies and Agreements to Minimize Risk in BYOD Program
    USLAW Webinar, August 20, 2013
  • HIPAA/HITECH and Other Data Security Issues
    Georgia Healthcare Association, Spring 2012 Conference

Publications

More +

In the Press

The Future of Privacy and AI Under a New Administration

In just over one month, the Republican party will control the Senate and House of Representatives, not to mention the Oval Office. How will this affect the future of Privacy and AI Legislation?

China Passes New Regulations on Network Data Security Management

Attorney Richard Sheinis discusses China’s long awaited “Network Data Security Management Regulations.”

Apple Intelligence is Here: Should Businesses Be Concerned?

Apple Intelligence was launched on Monday, October 28, and is available on any iPhone 16 and iPhone 15 Pro that is updated to iOS 18.1. It is also available on certain models of iPads and Macs. As a lawyer advising companies on AI governance, I am always checking to see how new AI products might

Illinois AI Law For Employers

Partner Richard Sheinis discusses the details behind Illinois’ new law, which regulates the use of AI for employers.

AI Statutory Update

Background As we move toward the end of 2024, it seems the time is right for an update of AI statutory developments so far this year.  While the EU has once again set the standard with the EU AI Act, the 30,000-foot view in the U.S. is that while there is a lot of talk

PrivacyCafé: The Becerra Case – Implications for Tracking Technologies & HIPAA

The hosts review the background and significance of the Becerra case, which challenges the HHS guidance on the usage of tracking technologies by medical providers.

PrivacyCafé: Big Brother at the Olympics – France’s New AI Surveillance Law

The hosts discuss France’s new data privacy law permitting AI video surveillance for the Paris Olympics and its implications.

Ready or Not, Here Comes the EU AI Act

We have been writing about the EU AI Act for several months, and with its August 1 arrival the countdown begins for the effective dates of its various provisions.

PrivacyCafé: The CrowdStrike Incident – Analysis & Takeaways

The hosts discuss the CrowdStrike outage, including CrowdStrike’s response, potential legal repercussions, and the importance of preparedness in cybersecurity.

Texas Judge Rules HHS’ Web Tracking Guidance Is Unlawful

A Texas judge has ruled in Am. Hosp. Ass’n v. Becerra that HHS doesn’t have the authority to restrict medical providers’ use of tracking technologies, having major implications on how medical providers can disclose individually identifiable health information.

EDPB Task Force Issues Report on ChatGPT Compliance with GDPR

The EDPB recently issued a report on the work done by the ChatGPT Taskforce offering guidance on how AI programs might be evaluated for GDPR compliance going forward…

PrivacyCafé: Navigating AI in Health Care with Rachel Stuve, Elevance Health

On this episode of PrivacyCafé, Richard Sheinis and Jade Davis discuss navigating AI in the health care sector with guest speaker Rachel Stuve.

FTC Updates the Health Breach Notification Rule: Health-Related Websites & Mobile Apps Beware

The FTC recently updated the Health Breach Notification Rule regarding the disclosure of health related information among websites and mobile applications.

PrivacyCafé: Analysis & Implications of the EU AI Act

Richard Sheinis and Jade Davis discuss the European Union’s Artificial Intelligence Act and its implications for businesses globally, especially in the USA.

A Closer Look: EU’s Finalized AI Act & What It Means for the U.S.

Touted as the world’s first comprehensive legal framework of its kind, the AI Act will go into effect in stages over the next three years. The AI Act will apply to both businesses operating within the EU and to any AI developers or creators whose AI systems are used in EU countries and raises a few questions…

PrivacyCafé: Predictions for 2024 in Data Privacy & Cybersecurity

Partners Richard Sheinis and Jade Davis discuss their predictions for the data privacy and cybersecurity industry in 2024.

HBS Partners Richard Sheinis & Jade Davis Host New Podcast “PrivacyCafé”

Hall Booth Smith is proud to announce the launch of its new podcast PrivacyCafé, hosted by Partners Richard Sheinis and Jade Davis.

HHS Warnings Trigger Class Actions Against Medical Providers for Use of Online Tracking Technologies

After roughly a year of multiple warnings by the HHS concerning the usage of online tracking technologies and associated privacy and security risks, class action lawsuits have begun to be filed…

The FTC Shows Its Dislike of Facial Recognition Technology

In May 2023, the FTC issued a warning that it would be closely monitoring the use of biometric information technology, including those powered by machine learning, because they raise significant consumer privacy and data security concerns and have the potential for bias and discrimination. On December 19, the FTC made good on its promise by

Another Year Wasted for U.S. Federal Data Privacy Legislation

As the rest of the world continues to move forward with national data privacy legislation, the United States continues its well-established habit of proposing piecemeal data privacy laws that go nowhere

HBS Legal Trends: Legal Implications of Using AI in Your Business

Our most recent HBS Legal Trends podcast features Charlotte Partner Richard Sheinis and Tampa Of Counsel Jade Davis. Together, they discuss the legal implications of using artificial intelligence (AI) in your organization, including how AI can be used, the implementation of AI, developing internal AI policies and procedures, best practices, and much more. You can

Law360: Richard Sheinis on Online Tracking Tech & HIPAA Compliance Risks

In an article published on August 9, 2023, in Law360, Charlotte Partner Richard Sheinis discusses how increased utilization of technology to track activity online could bring HIPAA compliance risks. “An individual does not have to be a patient of a covered entity, for the covered entity's collection of that individual's information to be PHI. The

Hotel Interactive: Richard Sheinis on Artificial Intelligence (AI) in Hospitality

In a June 25, 2023, article written for Hotel Interactive, Charlotte Partner Richard Sheinis reviews the potential roles artificial intelligence (AI) can play within the hospitality industry. In it, he provides an overview of what AI is, how it works, and what opportunities and risks some popular technologies such as ChatGPT may hold for those

Law.com: Richard Sheinis on the Rise of Data Breach Class Actions

In an article published on June 21, 2023, in the New York Law Journal, Richard Sheinis, partner at Hall Booth Smith, and Lisa Jaffe, AVP of Cyber/Technology/Media Claims at Hiscox Insurance, discuss the significant increase in class action lawsuits involving data breaches and how defendants can use legal defenses to stop the class action, such

Journal of Healthcare Risk Management: Richard Sheinis on Geofencing as a Safeguard Against Cyberattacks

Hospitals and healthcare systems have long been targets for cyber criminals. One such incident occurred in October 2022 when CommonSpirirt Health announced an IT security incident, leading some such as Richard Shenis, partner and head of the Data Privacy & Cyber Security practice group at Hall Booth Smith, to reiterate strategies such as geofencing as

InformationWeek: Richard Sheinis on Protection Against Cyberattacks as Part of the Cost of Doing Business

Increasing cyberattacks targeting cultural institutions – including a December 7 attack affecting The Metropolitan Opera’s network systems, website, box office, and call center – have led many to question the purpose of such attacks while some such as Richard Sheinis, partner and head of Hall Booth Smith’s Data Privacy & Cyber Security practice group, simply

Journal of Healthcare Risk Management: Richard Sheinis on Proper Disposal of Protected Health Information (PHI)

The Office of Civil Rights recently announced a settlement with a Massachusetts dermatology clinic regarding the improper disposal of protected health information (PHI) after staff at the clinic placed empty specimen containers with PHI labels in a garbage bin in their parking lot. Richard Sheinis, partner and head of the Data Privacy & Cyber Security

Canada’s Consumer Protection Privacy Act (CPPA) at Least One Year Away

Written by: Richard Sheinis, Esq. Canada’s Federal Privacy Law, the Personal Information Protection and Electronics Documents Act (PIPEDA) is over 22 years old.  Its replacement, proposed Bill C-27, which introduces the Consumer Protection Privacy Act (CPPA) is still at least one year away from being passed. The CPPA is part of Canada’s Digital Charter Implementation

Virginia Amends the Virginia Consumer Data Protection Act (“VCDPA”)

Written by: Richard Sheinis, Esq. As many of you know, the VCDPA is scheduled to go into effect on January 1, 2023.  In advance of the effective date, the Virginia Legislature has passed several amendments to the Act.  The amendments are as follows: A new exemption to the right to delete when the personal data

Raconteur: Richard Sheinis on Disconnect Between Cyber Attack Policy Coverage vs. Actual Need

In a Raconteur article about the need for companies to ensure they have the right insurance policies to contend with rising cyber attacks, Richard Sheinis, partner and head of the Data Privacy & Cyber Security Service Area at Hall Booth Smith, said “When a client suffers an event, whether that be a ransomware attack or

Utah About To Become The Fourth State To Pass Privacy Law

Written by: Richard Sheinis, Esq.  On March 3, 2022 the Utah Consumer Privacy Act (“UCPA”) was passed by the Utah legislature and sent to the Governor to sign, which he is expected to do.  Most of you will be familiar with the requirements of the UCPA as they are similar to recently passed privacy laws

Journal of Healthcare Risk Management: Richard Sheinis on the HIPAA Safe Harbor Law

In a Journal of Healthcare Risk Management article about the HIPAA Safe Harbor Law in which HIPAA-covered entities and their business associates receive certain protections when potentially facing fines and other penalties under HIPAA, Richard Sheinis, Partner and Leader of the Data Privacy & Cyber Security Service Area at Hall Booth Smith, said the law

ACC Docket: Richard Sheinis on Developing a Strategic Privacy Program Across Different Jurisdictions

In an article published in the Association of Corporate Counsel’s ACC Docket, Hall Booth Smith Partner Richard Sheinis and ParkMobile Chief Legal and Privacy Officer Tony Stewart share what it takes to develop a strategic privacy program that deals with data privacy laws from different jurisdictions. Listed chief in their recommendations are data mapping and

The Algorithmic Accountability Act of 2022 Is Introduced

Written by: Richard Sheinis, Esq. Several Democratic legislators have introduced the Algorithmic Accountability Act of 2022 (the “Act”). This legislation is a redo of the 2019 Algorithmic Accountability Act. While this piece of legislation will likely die on the vine, like so many personal data related bills before it, it demonstrates a disturbing trend to

The Turf War Over Personal Data Continues

Written by: Richard Sheinis, Esq. As many of our readers know, the transfer of personal data from the EU to countries outside the EU is heavily regulated by the GDPR. Companies that transfer personal data from the EU to the US typically use Standard Contractual Clauses, which are intended to provide some assurance that personal data

European Cookie Rules Continue To Evolve

Written by: Richard Sheinis, Esq. CNIL, the French Data Privacy Supervisory Authority, has fined Google 150 Million Euros, and Facebook 60 Million Euros, for having websites that do not make refusing cookies as easy as accepting them.  Prior GDPR guidance, and rulings from various supervisory authorities, required that websites using cookies have a cookie banner

Healthcare Risk Management: Richard Sheinis on What Providers Should do When Medical Devices Are Compromised

In the January issue of Healthcare Risk Management, Richard Sheinis, Partner and leader of Hall Booth Smith’s Data Privacy & Cyber Security Service Area, discusses what health care providers and hospitals should do when a medical device has been compromised. In the article, Richard lays out the steps providers should take when responding to an

FTC Starts Process to Adopt Privacy Rules

Written by: Richard Sheinis, Esq. In September 2021, Senator Richard Blumenthal and eight other Democratic Senators sent a letter to FTC Chair Lina Kahn requesting that the agency begin a rulemaking process to address data privacy.  Blumenthal and the other Senators stated that consumer privacy had become a consumer crisis with tech companies routinely breaking

Part B News: Richard Sheinis on Rising Costs of Cyber Insurance for Health Care Providers

In a Part B News story looking at the rising cost of cyber insurance for health care providers and companies as ransomware attacks grow, Richard Sheinis, Partner and Leader of Hall Booth Smith’s Data Privacy & Cyber Security Service Area, explains how the market has shifted over time with big payoffs. “Years ago, when a

Yet Another Senator Introduces Data Privacy Legislation

Written by: Richard Sheinis, Esq. Last month I wrote about the need for federal data privacy legislation.  Although numerous Senators have introduced such legislation, nothing much seems to happen after the initial introduction.  Adding to the list, Senator Catherine Cortez Masto (D-Nev.) is introducing the Digital Accountability and Transparency to Advance (DATA) Privacy Act.  There

Hall Booth Smith Adds Associate Brock Wolf in Charlotte

CHARLOTTE, NC – November 4, 2021 – Hall Booth Smith, P.C. (HBS) has added Associate Brock Wolf as its office in Charlotte, North Carolina continues to expand. Brock focuses his practice on medical malpractice defense, data privacy and cyber security, and general liability litigation. Brock was previously a law clerk and a summer associate at

Part B News: Richard Sheinis on Potential Health Care Provider OFAC Sanctions

In an article published by Part B News on November 1, 2021, Hall Booth Smith Charlotte-based Partner Richard Sheinis discusses the potential sanctions health care providers can incur by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) if they pay a sanctioned international criminal actor as part of a ransomware attack.

Can’t Congress Pass a Law for Data Privacy?

Written by: Richard Sheinis, Esq. The U.S. is lagging further and further behind the rest of the world when it comes to the privacy of personal data.  The EU’s General Data Protection Regulation (GDPR), which became effective in 2018, has become the “gold standard” for data privacy.  Many countries have used the GDPR as the model

Irish DPA Fines Whatsapp $225 Million Euro For Transparency Violations

Written by: Richard Sheinis, Esq. We are all aware of the requirements under several laws that a company’s website must have a link to the company’s privacy policy explaining how the company treats personal information. The oxymoronic part of the privacy policy requirement, however, is that laws require more and more information to be included

Law360: Sheinis, Lawrence, & Langhorne on Best Practices to Defend Against Ransomware

In an article published online in Law360 on August 16, 2021, Partner Richard Sheinis and Associates Brett Lawrence and Charles Langhorne offer 17 best practices for companies to defend against ransomware, in light of recent attacks. U.S. businesses were hit with “the biggest ransomware attack on record” in July. “This latest spate of ransomware attacks,

The European Protection Board Issues Guidance On Supplementary Measures For The Cross-Border Transfer Of Personal Data

Written by: Richard Sheinis, Esq. Most of you know that on June 4, 2021, the European Commission (“EC”) adopted two (2) new sets of Standard Contractual Clauses (“SCC”) for the cross-border transfer of personal data from the EU.  The new SCC are due to a general need for updating the existing SCC, as well as

Representative Ted Lieu Once Again Introduces The “Ensuring National Constitutional Rights For Your Private Telecommunications (ENCRYPT) Act”

Written by: Richard Sheinis, Esq. This Bill was first introduced in 2016 in response to a dispute between the FBI and Apple in which the FBI sought to have Apple provide access to the locked mobile phone of a suspect in a mass shooting in San Bernardino, California.  The Act has been reintroduced each year since

The FTC Is Looking For Truth, Fairness, And Equity In The Use of Artificial Intelligence

Written by: Richard Sheinis, Esq. On April 19, 2021 the FTC issued what might be called guidance, but is more of a warning, regarding the use of artificial intelligence.  The FTC cautions against using AI in a way that produces discriminatory outcomes. The FTC states that in order to avoid bias and prejudice, the data

French Supervisory Authority To Enforce Its Ad Tracker (“Cookie”) Guideline

Written by: Richard Sheinis, Esq. As of April 1, 2021, the French Supervisory Authority, Commision Nationale de l’Informatique et des libertes (“CNIL”) will enforce its cookie and ad tracker guidelines.  CNIL had previously announced it would give companies until March 31, 2021 to adjust their ad tracker and cookie practices to come into compliance. Most

Facebook Ordered to Pay $650 Million For Violation of Illinois’ Biometric Information Privacy Act

Written by: Richard Sheinis, Esq. The Biometric Information Privacy Act (“BIPA”) is an Illinois statute that prohibits the use of biometric identifiers or information without prior notification and written consent.   Facebook ran into trouble when a lawsuit was filed in 2015 alleging Facebook violated BIPA by tagging photos using facial recognition without their consent. Facebook

What Is The Status Of Personal Data Transfers Between the EU and the UK?

Written by: Richard Sheinis, Esq. On December 24, 2020, the EU-UK Trade Cooperation Agreement was announced.  This Agreement contained an adequacy “bridge” so that the EU will treat the UK as an adequate jurisdiction for purposes of the protection of personal data for up to 6 months.  During this period, the EU is to assess

Healthcare Risk Management: Richard Sheinis on Overturning of $4.3 Million HIPAA Violation Penalty

In an article published by Healthcare Risk Management on February 5, 2021, Partner Richard Sheinis is quoted discussing lessons learned from a $4.3 million HIPAA violation penalty that was overturned. The penalty was imposed on the University of Texas M.D. Anderson Cancer Center by the Department of Health and Human Services’ Office for Civil Rights

No Solution Yet For The Transfer of Personal Data from EU to the US

Written by: Richard Sheinis, Esq. The transatlantic transfer of personal data from the EU to the US is still a mess.  Since the EU Court of Justice struck down the EU-US Privacy Shield in July 2020, and called into question the validity of the EU’s standard contractual clauses, a solution to allow transfer of personal

Hall Booth Smith Adds Jones and Kelly to its Charlotte Office

CHARLOTTE, NC – November 16, 2020 – Hall Booth Smith, P.C. (HBS) has added Of Counsel Glenn E. Jones and Attorney Briana N. Kelly to its growing office in Charlotte, North Carolina. Glenn concentrates his practice on general liability, premises liability, medical malpractice and transportation matters. Rated AV Preeminent by Martindale-Hubbell, he has extensive experience

European Lawsuit Accuses Uber of “Robo-Firing” Drivers

Written by: Richard Sheinis, Esq. A lawsuit has been filed with a court in the Netherlands challenging Uber’s alleged practice of using automated systems to identify fraudulent activity and terminate drivers based on that process, also known as “Robo-Firing”. This practice, which Uber denies, would potentially violate Article 22 of the GDPR.  Article 22 protects data

California Privacy Rights Act Passed By California Voters

Written by: Rich Sheinis, Esq. and Brett Lawrence, Esq. The votes are in and California’s citizens have spoken, the California Privacy Rights Act (“CPRA”) is now law. Known as CCPA 2.0, CPRA increases the privacy obligations of businesses already subject to the requirements of California’s 2018 California Consumer Privacy Act (“CCPA”). Though not nearly discussed

U.S. National Privacy Legislation Introduced: The SAFE DATA Act

Written by: Richard Sheinis, Esq. Sen. Roger Wicker, R-Miss., along with three other Republican senators who are members of the Senate Commerce Committee, has introduced yet another national privacy legislation bill, known as the SAFE DATA Act. The full name of the bill is the “Setting an American Framework to Ensure Data Access, Transparency and

Patient Death Attributed to Hospital Ransomware Attack

Written by: Richard Sheinis, Esq. German authorities are investigating the death of a patient following a ransomware attack on a hospital in Germany.  The unknown perpetrators potentially face charges of negligent manslaughter.  Last Friday, a patient in need of urgent medical care was re-routed from the Düsseldorf University Hospital, to a hospital more than 30

Is the European Hospitality Industry Ready for the Payment Services Directive 2?

Written by: Richard Sheinis, Esq. Many of you are probably asking what is the “Payment Services Directive 2 (PSD2)”, before worrying about being ready for it!  PSD2 is a Directive from the European Parliament (Directive (EU) 2015/2366) intended to modernize Europe’s payment services for the benefit of consumers and business, and to facilitate innovation, competition, and

Update In the Post-Schrems II Era and Guidance for the Use of Standard Contract Clauses

Written by: Richard Sheinis, Esq. It has been almost two (2) months since the EU Court of Justice struck down the EU-US Privacy Shield.  At the same time, while holding that the Standard Contract Clauses (“SCC”) in principle are still valid, the Court cautioned that SCC must still provide the level of protection guaranteed by the

Legislation Introduced to Put Limits on Use of Facial Recognition

Written by: Richard Sheinis, Esq. On August 4, 2020, yet more data privacy legislation was introduced by Senators Bernie Sanders and Jeff Merkley.  Titled “The National Biometric Information Privacy Act of 2020,”  this continues the trend of law makers introducing piecemeal, and frequently punitive, data privacy legislation rather than working on a single comprehensive data

Hall Booth Smith Opens 24/7 Data Breach Hotline to Serve Clients

Hall Booth Smith, P.C. has created a new 24/7 data breach hotline that businesses, governments and other organizations can call for immediate response and assistance on data and technology breaches. Security breaches, ransomware attacks, system compromise and cloud penetrations are a constant threat.  When an attack occurs, the dedicated Data Privacy and Security team at

Hall Booth Smith Adds Attorney Rylee Dillard To Growing Charlotte Office

CHARLOTTE, NC – July 15, 2020 – Hall Booth Smith, P.C. (HBS) has added Attorney Rylee Dillard to its growing office in Charlotte, North Carolina. Rylee focuses her practice on a wide variety of medical malpractice, general liability and workers’ compensation matters. Before joining HBS, she worked at an insurance defense firm in Charlotte where

Congress is All Talk And No Action When It Comes To Data Privacy

Written by: Richard Sheinis, Esq. In the last fifteen (15) months, no less than six (6) data privacy Bills have been introduced in the Senate.  Two of these Bills are specifically related to data collection and use in response to COVID-19.  This does not include the Data Accountability and Transparency Act of 2020, announced by

Hall Booth Smith Adds Lawrence, Ferlan to Growing Charlotte Office

CHARLOTTE, NC – June 16, 2020 – Hall Booth Smith, P.C. has added Associates Brett Lawrence and Christian Ferlan as its office in Charlotte, North Carolina, continues to expand. Lawrence concentrates his practice on data privacy and security matters. Before joining HBS, he was a law clerk to the Honorable Lucy Inman of the North

Thailand Delays Data Protection Law Because of COVID-19

Written by: Richard Sheinis, Esq. Thailand’s Personal Data Protection Act was passed in May 2019, and was scheduled to go into effect May 27, 2020.  The Act is very similar to the European Union’s General Data Protection Regulation. Only a few days before the Act was to become effective, it was decided that 22 types

Dutch Court Goes Too Far In Enforcing Privacy Regulation

Written by: Richard Sheinis, Esq. A Dutch court has ruled that a grandmother is violating the EU’s General Data Protection Regulation by posting photographs of her grandchildren on her social media account without the consent of the children’s parents. The court’s ruling arose from a complaint filed by the children’s mother, who wanted the photographs

European Data Protection Board Issues Guidelines On The Use of Location Data and Contact Tracing Tools In the Context of COVID-19

Written by: Richard Sheinis, Esq. Unlike the United States, where Senators are first introducing legislation to deal with the use of personal information in the context of COVID-19, the European Data Protection Board (“EDPB”) relies on established legislation to govern the use of location data and contact tracing tools.  (Hint: the U.S. needs to pass

Senators Introduce Bill to Protect Personal Data Amidst COVID-19

Written by: Richard Sheinis, Esq. On April 30, 2020, Republican Senators Wicker (MS), Thune (SD), Moran (KS) and Blackburn (TN), announced the introduction of the “COVID-19 Consumer Data Protection Act,” intended to protect health, geolocation and proximity data. These types of personal data are related to contact tracing, the process of identifying persons with whom

Are Countries Willing To Bend The Privacy Rules To Track COVID-19

Written by: Richard Sheinis, Esq. Many countries are using geolocation data from phones to track COVID-19.  Singapore, the United Kingdom and Israel have developed their own apps for tracking people’s movements.  In Europe, mobile phone companies such as Vodafone, have agreed to share location data. The European Data Protection Board has appointed a group of

California Attorney General Fiddles While Rome Burns

Written by: Richard Sheinis, Esq.  On March 17 a coalition of 35 advertising groups sent California Attorney General Xavier Becerra a letter calling for a delay in the enforcement of the California Consumer Privacy Act (“CCPA”) because of COVID-19.  Enforcement of the CCPA is currently scheduled to begin July 1.  The Attorney General’s office refused

We All Know About GDPR’s Right to Erasure, Does This Mean You Have to Delete Data From Backups As Well?

Written by: Richard Sheinis, Esq. In this business, we are all familiar with GDPR’s right to erasure (commonly called “the right to be forgotten”) granted by the GDPR.  The question that often comes up is when a data subject exercises their right to erasure, does the organization also have to erase the data subject’s personal

Brexit Is Here, so What Does That Mean for Data Privacy?

Written by: Richard Sheinis, Esq. Now that the UK has a withdrawal agreement with the EU, what will this mean for data privacy for personal data in the UK, as well as for personal data that is transferred between the UK and other countries.  UK’s Information Commissioner’s Office (“ICO”) has provided some answers.  For the

CA Attorney General Issues New Draft of CCPA Regulations

Written by: Richard Sheinis, Esq. On February 7, 2020 the California Attorney General published a “redline” version of the CCPA Regulations. These regulations are open for public comment until February 24, 2020. In the meantime, here are a few of the more important redline changes in the latest draft: The definition of household is clarified

The e-Privacy Regulation Strikes Out Again

Written by: Richard Sheinis, Esq. The e-Privacy Regulation, which was supposed to be a close cousin to the General Data Protection Regulation, was first proposed by the European Commission in January 2017.  However, here we are nearly 3 years later, and the latest draft of the e-Privacy Regulation was once again been rejected by the

Another Attempt at Federal Privacy Legislation

Written by: Richard Sheinis, Esq. In yet another attempt to pass federal privacy legislation, on November 26, U.S. Senator Maria Cantwell, D-Wash., introduced the Consumer Online Privacy Rights Act (“COPRA”).  COPRA would apply to information that identifies or is reasonably linked to an individual residing in the U.S. or a consumer device.  COPRA would generally

Facial Recognition Technology and GDPR Compliance

Written by: Richard Sheinis, Esq. A soccer team in Denmark is using facial recognition technology to stop unruly fans, apparently with the approval of the Danish Data Protection Agency (“DDPA”).  The technology is used to scan fans as they enter the stadium.  The scans are then compared against a list of banned troublemakers to determine

Country of Georgia Hit by Massive Cyber Attack

Written by: Richard Sheinis, Esq. More than 2,000 websites, including court websites and the national TV station, were knocked out by a massive cyber attack in the country of Georgia.  A state sponsored political attack is suspected as many of the website home pages were replaced with an image of former President Mikheil Saakashvili and the

Singapore’s Privacy Watchdog Issues Two Fines

Written by: Richard Sheinis, Esq. Singapore’s Personal Data Protection Commission (“PDPC”) has assessed two large fines against companies for data breaches.  The telecommunications company, Tingtel, has been fined $25,000 for a data breach involving its My Singtel mobile app.  A problem in the design of the mobile app allowed My Singtel users to potentially access

U.S. Federal Legislation on Data Privacy Unlikely This Year

Written by: Richard Sheinis, Esq. With the California Consumer Privacy Act (“CCPA”) ready to go into effect in 2020, and other states lined up to follow with similar legislation, there has been a greater push for a federal privacy law.  Unless there is a federal privacy law that supersedes state law, businesses will be in

German Data Protection Authorities Releases a New Model to Calculate FDPR Fines

Written by: Richard Sheinis, Esq. German data protection authorities have published a new model for calculating fines under GDPR, which, is likely to lead to higher fines.  While this model is strictly being tested in Germany, since GDPR should be applied equally across the EU, it is possible that this model could be expanded to

The Court of Justice of the European Union Issues a Ruling on Cookie Consent Requirements

Written by: Rich Sheinis, Esq.  On October 1, 2019, the CJEU issued a ruling establishing that consent to use cookies cannot be validly obtained through a pre-checked box.  In this particular case, an online gaming company, Planet49 GmbH, had a lottery which required internet users to provide personal data.  The web page contained a pre-ticked

EUROPEAN DATA PROTECTION BOARD ISSUES DRAFT GUIDANCE ON THE PROCESSING OF PERSONAL DATA THROUGH VIDEO DEVICES

Written by: Richard Sheinis, Esq. The European Data Protection Board (“EDPB”) recently issued guidance on the use of video devices to process personal data. The guidelines are in draft form, and were open for public comment through September 9, 2019.  The final version of the guidelines is expected later this year. The use of video

CAYMAN ISLANDS DATA PROTECTION LAW GOES INTO EFFECT SEPTEMBER 30, 2019

Written by: Richard Sheinis, Esq. The Data Protection Law, 2017, (“DPL”) introduces globally-recognized principles surrounding the use of personal information to the Cayman Islands.  Similar to the GDPR and other data privacy legislation, individuals will have several data access rights.  These rights include the right to be informed, the right to access their data, the

EU Court of Justice Rules Using Facebook’s “Like” Button Creates a Joint Data Controller Relationship

Written by: Richard Sheinis, Esq. Fashion ID is an online retailer whose website used a plug-in to feature a Facebook “Like” button.  As a result of the plug-in, when a user lands on Fashion ID’s website, information about the user’s IP address and browser string is automatically transferred to Facebook.  This transfer of information occurs

Class Action Proceeds Against Facebook for Violation of Illinois Biometric Information Privacy Act (“BIPA”)

Written by: Richard Sheinis, Esq. The Ninth Circuit has ruled that a case against Facebook for violating the Illinois Biometric Information Privacy Act can proceed as a class action.  The lawsuit stems out of Facebook’s “Tag Suggestions” feature.  When a Facebook user enables the Tag Suggestions feature, Facebook uses facial recognition technology to analyze whether

Richard Sheinis Earns Fellow of Information Privacy Designation

Hall Booth Smith (HBS) is pleased to announce that Richard Sheinis, managing Partner of the Charlotte office, has earned the designation of Fellow of Information Privacy from the International Association of Privacy Professionals (IAPP). This designation is reserved for experts in the privacy industry and signifies that Mr. Sheinis has demonstrated a comprehensive knowledge of

Anthony Stewart Earns Fellow of Information Privacy Designation

Hall Booth Smith (HBS) is pleased to announce that Anthony E. Stewart, an attorney in the Atlanta office, has earned the designation of Fellow of Information Privacy from the International Association of Privacy Professionals (IAPP). This designation is reserved for experts in the privacy industry and signifies that Mr. Stewart has demonstrated a comprehensive knowledge

Why Businesses Throughout The Country Should Be Worried About New York’s SHIELD Act

Written by: Richard Sheinis, Esq. New York’s SHIELD Act has passed the New York Senate, and now awaits passage in the Assembly before it goes to the Governor to sign into law.  While the Act contains new rules regarding data breaches and data breach notification, businesses should be most concerned about the increased geographic coverage

Hall Booth Smith Opens New Office in Charlotte, North Carolina

Hall Booth Smith, P.C. (HBS) is pleased to announce that it is expanding its footprint by opening an office in Charlotte, North Carolina. The HBS Charlotte office will be led by Partner Richard Sheinis. The Charlotte location will be the firm’s tenth office. “We are very excited to be a part of the Charlotte community,” said

Richard Sheinis Co-authors Article for the Journal of Accountancy

Partner Rich Sheinis co-authored an article for the Journal of Accountancy with accountant Sarah Beckett Ference. The article, “Data Security Risk: You Can Take it Anywhere,” can be found here: http://www.journalofaccountancy.com/Issues/2014/Apr/data-security-risk-20149482.htm

Richard Sheinis Authors Article for Hospitality Upgrade Magazine’s Legal Corner

In the Fall 2013 issue of Hospitality Upgrade, Partner Rich Sheinis wrote an article entitled “Making Your Cloud Agreement Work for You.” In this article Mr. Sheinis discusses the best course of action for a written contract of services with a cloud vendor. Click here to read the full article. Mr. Sheinis is certified as a privacy professional

Richard Sheinis Details Best Practices for Minimizing Mobile Security Risk in The August Issue of Hospitality Upgrade Magazine

Richard Sheinis, a partner in the Atlanta office of Hall Booth Smith, P.C. authored a two page article of Sigel Communications Hospitality Upgrade magazine’s August issue. In the article entitled, “Embracing Mobility”. Richard lists steps that companies can use to maximize the use of their mobility services, while minimizing security risks. He states, “a few basic

Richard Sheinis Receives the Designation of Certified International Privacy Professional by the International Association of Privacy Professionals

Richard Sheinis, a partner in the Atlanta office of HBS, recently passed the certification examination and receiving the designation of Certified International Privacy Professional (CIPP-US) by the International Association of Privacy Professionals. The CIPP/US credential demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible

Richard Sheinis Is Granted the 2012 Halve Maen Award

Richard Sheinis, the past  President and founder of the Netherlands American Chamber of Commerce, was awarded the 2012 Halve Maen Award for his work in strengthening the  Dutch-American relationship in the Atlanta Community.  Mr. Sheinis has been a partner in the Atlanta office of HBS for over ten years and leads the firm’s Clean Tech

Richard Sheinis of HBS Moderates Executive Sustainability Roundtable

Atlanta, November 17, 2011 – Richard Sheinis, a partner with Hall Booth Smith (HBS) moderated a roundtable of Business to Business Magazine’s Atlanta Executive Sustainability Roundtable.  HBS was the exclusive legal sponsor of  the event held on November 17th at the Georgia-Pacific Auditorium. The roundtable included Kate Brass, Ecomagination Program Manager at GE Energy; Jim

HBS attorneys make Georgia Trend’s 8th annual listing of Georgia’s top attorneys

Georgia Trend has officially announced their 8th annual list of Georgia’s top attorneys which includes seven of our very own here at Hall Booth Smith. Selected by their peers, the votes were compiled and categorized by nine practice areas: business law; personal injury litigation; criminal law; labor and employment; taxes; estates and trusts; bankruptcy and creditors’

Rich Sheinis and Chad Wingate Published in USLAW

Published in the Spring/Summer 2010 issue of USLaw Magazine, attorneys Richard Sheinis and Chad Wingate co-authored the article “Enforcement of International Arbitration Awards in the Unites States”. In this article, Mr. Sheinis and Mr. Wingate discuss the New York Convention, the Panama Convention, vacating non-domestic arbitral awards, and Article V of the New York Convention which “provides the exclusive grounds