”Gramm-Leach-Bliley Act law does not preempt state-level action. You see state laws like the California Financial Information Privacy Act, which actually has a stricter requirement for financial institutions. Financial institutions have to comply with both GLBA at the federal level and CalFIPA at the state level. I certainly see that trend continuing even if there is a federal-level comprehensive privacy law.” Erin Illman – Specialist in privacy and information security law and co-chair of the cybersecurity and privacy practice group at Bradley
Source: Techtarget
About Erin Illman
Recognized as a Board Certified Specialist in Privacy and Information Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, data security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and Privacy Practice Group and leads the firm’s Fintech team.
Erin is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.
Erin also counsels clients on a variety of e-commerce, electronic marketing, digital contracts and security issues, including compliance advice relating to the development of new digital products and services; drafting and reviewing privacy-related policies and procedures and consumer-facing privacy notices; performing gap analysis and risk assessments related to the handling of sensitive data; oversight and review of third-party agreements and privacy compliance programs; and ensuring that existing products, services and marketing activities comply with privacy-related regulations. Erin advises clients on the implementation of digital services and products, operationalization of e-contract transactions under ESIGN and UETA, review of policies and procedures, gap analysis and risk assessments related to the handling of sensitive data, third-party agreements, vendor oversight and compliance programs. She has experience advising technology and e-advertising clients regarding compliance with state and federal laws, including the use and disclosure of consumer information and data privacy practices, under regulations such as TCPA, UDAAP/UDAP and associated FTC rules. In addition, her practice also includes handling disputes, litigation and enforcement actions related to data privacy violations.
Erin understands the intersection between technological innovation, business operations, and legal obligations, including the use of social media, mobile applications, cryptocurrencies, digital ledger technology, and biometric authentication. She has assisted clients in the creation, development and implementation of innovative products and services, including electronic identities, digital vaults, automated operations and cloud-storage. She has also assisted clients in the creation of security and privacy programs for the use of domestic and off-shore vendors.
Erin also has a strong understanding of the operational aspects of commercial and consumer lending. Erin has broad experience in complex loan transactions, including trade finance, capital-backed subscription lines, and multi-bank, multi-state and international lending arrangements. She also has years of experience in representing clients in consumer loan transactions, regulatory compliance disputes, defense of enforcement actions, real property controversies, internal risk assessment, and debtor-creditor disputes, including enforcement of remedies, matters governed by the Uniform Commercial Code, fraud and tort counter-claims, credit risk management, and loss mitigation.
Erin is designated as an ANSI Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals. She also serves on the North Carolina Bar Association’s Privacy and Security Committee.