Photo of Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

Unauthorized Access, our privacy and cybersecurity-focused podcast, spotlights the human side of the cybersecurity industry. In this episode, Sadia welcomes Sherri Davidoff, CEO of LMG Security, to discuss the challenges and experiences associated with being a primary caregiver in the cybersecurity space. Whether as a mother, father, elder-care provider, or in any other role, this is a topic that many individuals in the cybersecurity community struggle with, but go to great lengths to conceal. Both Sadia and Sherri pause to share their personal journeys and highlight the individuals who have supported them in excelling in both their professional and caregiving roles (spoiler alert — for Sadia, that person is Ron Raether). Sherri, reflecting on the need for more flexibility, notes that virtual opportunities, which had expanded during the pandemic, are now beginning to decrease as the world transitions back to a ‘pre-pandemic’ state. These opportunities broadened the accessibility of the cybersecurity industry, especially for those juggling demanding caregiving responsibilities.

The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests through a central “deletion mechanism” managed by the California Privacy Protection Agency (CPPA). The law also empowers consumers to request deletion of their personal information from all registered data brokers with a single submission.

Chris Willis, co-chair of the CFS Regulatory Practice, Announces the Publication of the 2022 CFS Year in Review and a Look Ahead

Troutman Pepper’s Consumer Financial Services Practice Group consists of more than 120 attorneys and professionals nationwide, who bring extensive experience in litigation, regulatory enforcement, and compliance. Our trial attorneys have litigated thousands of individual and class-action lawsuits involving cutting-edge issues across the country, and our regulatory and compliance attorneys have handled numerous 50-state investigations and nationwide compliance analyses.

We are pleased to share our annual review of regulatory and legal developments in the consumer financial services industry. Our team has prepared this organized and thorough analysis of the most important issues and trends throughout our industry. We not only examined what happened in 2022, but also what to expect — and how to prepare — for the months ahead.

Companies dealing with a data incident confront an uneven landscape and requirements that can differ from state to state. It is easy to feel lost. Find your way with Troutman Pepper’s new Incident Response Interactive Map, created by our cybersecurity attorneys.

With a simple and intuitive user experience, our U.S. map provides state-by-state definitions, notification

In this episode of Unauthorized Access, Kamran and Sadia are joined by Redpoint Cybersecurity VP of Client Engagement Violet Sullivan. The three cyber experts discuss board level buy-in and how to make sure the board is prepared for a cyberattack before it happens. Violet also shares how changing the communication around these issues of cyber privacy and risk can help.

Can cyber investigations be canned? Find out what Sadia, Kamran, and this month’s guest, Shawn Tuma of Spencer Fane, have to say. The gloves come off as these three breach coaches duke it out for the final word on this topic. Just kidding, we cordially discuss our thoughts and opinions on the subject and discover Shawn’s love for Winnie-The-Pooh.

Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands