Photo of Sadia Mirza

Sadia leads the firm’s Incidents + Investigations team, advising clients on all aspects of data security and privacy issues. She is the first point of contact when a security incident or data breach is suspected, and plays a central role in her clients’ cybersecurity strategies.

California Privacy Protection Agency Director Ashkan Soltani recently announced that long-awaited regulations related to the California Privacy Rights Act (CPRA) would be delayed. The agency initially scheduled a July 1 deadline to promulgate regulations and allow companies time to comply with the CPRA, which is set to be enforced beginning July 1, 2023. However, Director

On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to

On February 3, a New York magistrate judge recommended dismissing a class action against medical management company, Professional Business System d/b/a Practicefirst Medical Management Solutions in Tassmer v. Professional Business Systems. Judge Michael J. Roemer recommended dismissal because plaintiffs’ allegations failed to constitute an injury under the Supreme Court’s ruling in TransUnion v. Ramirez

On January 13, Him Das, the acting head of the Financial Crimes Enforcement Network (FinCEN), highlighted ransomware as a chief national security risk. At the Financial Crimes Enforcement Conference, Das suggested that the current anti-money laundering regulations are insufficient to protect against tech-driven threats, from cyberattacks to digital asset schemes. FinCEN therefore is currently

2021 was a transformative year for the consumer financial services world. As we navigate an unprecedented volume of industry regulation, Troutman Pepper is uniquely positioned to help its clients find successful resolutions and stay ahead of the curve.

In this report, we share developments on auto finance, background screening, bankruptcy, consumer class actions, consumer

Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized (licensee) with the Office of the Commissioner of Insurance (commissioner) will have to abide by a new data security law (Wisconsin’s Insurance Data Security Law), which came into force on November 1. This bill had previously been introduced in the 2019-2020 legislative

The California Privacy Protection Agency (CPPA) is the first state privacy agency in the nation and was created as part of the California Privacy Rights Act (CPRA). While this agency has already been formed, it will not begin enforcement activities until July 1, 2023 (six months after the CPRA takes effect).

The agency’s mandate includes

A U.S. district judge in Illinois recently denied a motion to dismiss in a class action involving an alleged violation of the Illinois’ Right of Publicity Act (IRPA). The court determined that the defendant’s arguments were more suitable for an affirmative defense and was unpersuaded by any of the arguments.

In Krause v. RocketReach LLC

Sadia Mirza will speak on the panel “Cross Your Ts, but Watch Your Eyes – How to Improve Incident Response,” during ISACA LA’s Annual Conference. Sadia will discuss ways to improve incident response plans based on recent lessons learned from regulatory and litigation matters in the data breach context.

The event will take place April