Photo of Scot Ganow

Scot is a partner in Taft’s Dayton office, and chair of the firm’s Privacy and Data Security Practice.  As a former chief privacy officer and leveraging more than ten years of management and compliance experience in Fortune 500 companies, Scot brings a diverse business background to his privacy and data security practice. Scot has represented clients in a variety of sectors, including consumer reporting, construction, healthcare, and manufacturing.

If you haven’t already seen the notifications in the Taft Privacy and Data Security Mobile App, we wanted to make you aware or remind you about some important security updates issued by Apple affecting multiple products. CISA (Cybersecurity & Infrastructure Security Agency) is recommending consumers update their devices as soon as possible.


Continue Reading Important Security Updates Issued by Apple

In the wake of the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, here is a reminder about the protections available for privacy and the confidentiality of health-related information under current law. This bulletin will discuss the Health Insurance Portability and Accountability Act (HIPAA).

First off, it is important to understand that HIPAA, composed of a Privacy Rule, Security Rule, and Data Breach Rule, regulates the use of patient information in the provision of health care in the United States. It only applies to “protected health information” (PHI) that is generated by a “covered entity” — health care provider, payer, or clearing house — in the provision of health care treatment, payment, or operations to a patient. Any other information, even if health-related, does not get the protections of HIPAA.
Continue Reading HIPAA: Its Confidentiality Protections (And Limits)

I recently got back from the IAPP Global Privacy Summit (the “Summit”), the world’s largest meeting of privacy professionals from around the world.  The Summit always serves as a great opportunity to network and learn from colleagues, thought leaders, and regulators working in this important area of business, technology, and law.  With that in mind, I want to share some reflections and themes from this year’s Summit.
Continue Reading 2022 Global Privacy Summit: Reflections and Take-Aways

The CCPA has been up and running for a couple of years now, with changes coming in 2023 with the amendments from the Consumer Privacy Rights Act (CPRA).  While a federal law is always being teased and
other states coming online in 2023
, California remains the state privacy law by which to assess and manage compliance when processing personal data.

So, as you might imagine, loads of questions and anxiety over the country’s most comprehensive state privacy regulation continue to keep us busy.  This prompted us to provide a simple 3-step process to determine if the law applies to your business (now, in 2023, or beyond), what you need to do to meet the law’s requirements, and how to begin considering a national approach to data privacy governance.  While no summary can capture every aspect of developing a compliance plan, we hope the following resources are helpful in getting your arms around managing privacy and meeting the (applicable) requirements of the California laws.
Continue Reading Breaking Down the California Consumer Privacy Act (CCPA)

Whether you are an attorney advising clients, a medical professional treating patients via telemedicine, or anyone else working remotely, your second workplace or office might be providing more than just convenience. If you have a smart home device, such as one of the many varieties now available from companies like Google (Home/Nest), Amazon (Alexa), Microsoft (Cortana), or Apple (Siri), your remote work discussions (and conversations in general) may be less private than you realize. While convenient and sometimes helpful, these devices might be creating a record of more than your favorite songs and compromising your patient’s, client’s, or company’s confidential information.
Continue Reading Smart Devices: Convenient, Helpful, Fun. Oh Yeah, and Possibly Breaching Confidentiality.

Taft’s Privacy and Data Security Practice is pleased to
announce our mobile application is now live and available for download.  As we shared on International Privacy Day, (I am sure we are all still recovering from that celebration), we wanted to make available an easy-to-use app for you to quickly:

  • Stay up-to-date on data security and privacy news, developments, and events.
  • Get daily tips on privacy and security compliance and best practices.
  • Access content from Taft’s Privacy and Data Security


Continue Reading Now Available: Taft’s Privacy and Data Security Mobile App!

In March, 2022, President Joe Biden signed the Strengthening American Cybersecurity Act (the “Act”) into law. While the Act consists of various regulations, the security incident reporting requirements for entities in critical infrastructure sectors are getting the most attention. Although the reporting requirements are focused mainly on entities in critical infrastructure, there is potential that entities in various industries could be subject to these requirements.
Continue Reading Strengthening American Cybersecurity Act of 2022

With March’s arrival and spring around the corner, now it is the perfect time to start getting in shape for the changing privacy law landscape in the United States.  As we have written in the past year, three states will be implementing new or updates to privacy laws in their respective jurisdictions:


Continue Reading March into Planning for 2023’s U.S. Privacy Laws

On this International Data Privacy Day (please celebrate responsibly), Taft’s Privacy and Data Security practice is pleased to announce we will soon be launching a mobile application that will allow users to:

  • Stay up-to-date on data security and privacy news, developments, and events.
  • Get daily tips on privacy and security compliance and best practices.
  • Access content from Taft’s Privacy and Data Security attorneys, including helpful checklists and other resources.
  • Search for Taft Privacy and Data Security attorneys and easily contact


Continue Reading Stressed About Privacy and Security Compliance? Well, There’s a (Taft) App for That.

That’s right, it’s that time of year again.  And, as always, we in the Taft Privacy & Data Security practice encourage you to celebrate responsibly (especially as we have the full weekend to do so).

And if you are thinking, “Scot, you’re making this holiday up so you can push more privacy and security propaganda.”  You would be wrong.   International Privacy Day is a thing.  Jan. 28 has been set aside as a date to raise awareness and generally promote
Continue Reading Happy International Data Privacy Day, 2022!