Photo of Sadia Mirza

Sadia is a Certified Information Privacy Professional in the United States (CIPP/US) and a Certified Information Privacy Manager (CIPM). She works with clients on a wide array of data protection and privacy matters, including the recently enacted California Consumer Privacy Act, and also specializes in incident response having handled a number of data breaches and investigations in a variety of industries.

Immediately following a three-day stint at the Summer 2022 Net Diligence conference in Philadelphia, Kamran and Sadia welcome Kroll’s Keith Wojcieszek to the Unauthorized Access podcast. In this episode, the trio discuss common misconceptions about dark web monitoring and instances where dark web monitoring can be quite important.

Don’t forget to tune in to win this month’s prize — Troutman Pepper’s “privacy + cyber” hacker hoodie.

Continue Reading Dark Web Monitoring

Unauthorized Access provides an insightful and interesting recap of the latest developments in cybersecurity. Each month our (mildly funny) hosts, Kamran Salour and Sadia Mirza, will discuss updates on legal developments and industry trends, and share real incident response stories and lessons learned. Kamran and Sadia will also talk with industry experts (e.g., individuals from forensics, insurance, law enforcement, and information security) about the current cyber landscape and where it is headed. The goal for this podcast is to keep you educated and entertained about all things cybersecurity.

If you have a fever for IR – the prescription is Unauthorized Access.

Continue Reading Unauthorized Access: An Inside Look at Incident Response

On April 28, the Connecticut House passed Senate Bill 6, an act concerning personal data privacy and online monitoring (SB 6 or Connecticut Act). The Senate unanimously passed SB 6 on April 20, and is now currently under consideration by Governor Ned Lamont. If the bill becomes law, it will go into effect on

On March 24, Governor Spencer J. Cox signed the Utah Consumer Privacy Act (UCPA), making Utah the fourth state in the country to adopt a comprehensive privacy law. The UCPA is set to take effect on December 31, 2023, and this law’s substantive requirements closely mirror the Virginia Consumer Data Protection Act (VCDPA). The UCPA


As of March 22, 11 states have wrapped up their 2022 legislative sessions. In these early sessions, privacy legislation was considered in seven of the 11 states that have completed their 2022 sessions, namely Florida, Washington, Indiana, Virginia (amendments to enacted regime), West Virginia, Wisconsin, and Utah. Privacy bills passed out of at least

California Privacy Protection Agency Director Ashkan Soltani recently announced that long-awaited regulations related to the California Privacy Rights Act (CPRA) would be delayed. The agency initially scheduled a July 1 deadline to promulgate regulations and allow companies time to comply with the CPRA, which is set to be enforced beginning July 1, 2023. However, Director

On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to

On February 23, the Wisconsin House passed Assembly Bill 957 (AB 957), a bill relating to consumer data protection. This legislation is based on the Virginia Consumer Data Protection Act (VCDPA) and provides consumers with various rights about their data and imposes obligations on businesses. Wisconsin is the second state in 2022 to pass a

On February 18, California lawmakers proposed two bills that further extend the existing employee and business-to-business (B2B) data exemptions included in the California Consumer Privacy Act and the California Privacy Rights Act (CPRA). AB2891 would extend the exemptions expiration date until January 01, 2026, while AB2871 would permanently codify these exemptions.

These exemptions were included

On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional Business Systems. Judge Michael J. Roemer recommended dismissal because plaintiffs’ allegations failed to constitute an injury under the Supreme Court’s ruling in TransUnion v. Ramirez