Photo of Scot Ganow

Scot is a partner in Taft’s Dayton office, and chair of the firm’s Privacy and Data Security Practice.  As a former chief privacy officer and leveraging more than ten years of management and compliance experience in Fortune 500 companies, Scot brings a diverse business background to his privacy and data security practice. Scot has represented clients in a variety of sectors, including consumer reporting, construction, healthcare, and manufacturing.

In our previous post, “A Primer on Artificial Intelligence and the Law in 2023,” we briefly discussed how the federal government is preparing for legislation and regulation regarding Artificial Intelligence (“AI”) through provisions of the National Artificial Intelligence Initiative Act of 2020 (the “Act”). While no comprehensive federal statute regulating AI has been signed into law, regulatory agencies must contend with the emerging technology under existing laws.Continue Reading Artificial Intelligence: U.S. Federal Considerations

Over the past year, there has been a growing number of lawsuits, including class actions, filed against website operators in various states (including California, Florida, Illinois, and Pennsylvania) for violations of state wiretapping laws or the Video Privacy Protection Act of 1988 (“VPPA”).Continue Reading Heads Up!  Increasing Litigation Related to Website Technology & Data Sharing

As you consider the end of the year and beginning of a new year, we in Taft’s Privacy and Data Security Practice thought to provide you with a simple list of data protection resolutions you might consider, both professionally and personally.

1.  Get strong!  Now is a good time to make a change in passwords for your accounts, and specifically make them strong passwords (i.e. ten characters or more, including an upper and lower case letter, number, and

Continue Reading 2023 Privacy and Data Security Resolutions

If you haven’t already seen the notifications in the Taft Privacy and Data Security Mobile App, we wanted to make you aware or remind you about some important security updates issued by Apple affecting multiple products. CISA (Cybersecurity & Infrastructure Security Agency) is recommending consumers update their devices as soon as possible.


Continue Reading Important Security Updates Issued by Apple

In the wake of the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, here is a reminder about the protections available for privacy and the confidentiality of health-related information under current law. This bulletin will discuss the Health Insurance Portability and Accountability Act (HIPAA).

First off, it is important to understand that HIPAA, composed of a Privacy Rule, Security Rule, and Data Breach Rule, regulates the use of patient information in the provision of health care in the United States. It only applies to “protected health information” (PHI) that is generated by a “covered entity” — health care provider, payer, or clearing house — in the provision of health care treatment, payment, or operations to a patient. Any other information, even if health-related, does not get the protections of HIPAA.
Continue Reading HIPAA: Its Confidentiality Protections (And Limits)

I recently got back from the IAPP Global Privacy Summit (the “Summit”), the world’s largest meeting of privacy professionals from around the world.  The Summit always serves as a great opportunity to network and learn from colleagues, thought leaders, and regulators working in this important area of business, technology, and law.  With that in mind, I want to share some reflections and themes from this year’s Summit.
Continue Reading 2022 Global Privacy Summit: Reflections and Take-Aways

The CCPA has been up and running for a couple of years now, with changes coming in 2023 with the amendments from the Consumer Privacy Rights Act (CPRA).  While a federal law is always being teased and
other states coming online in 2023
, California remains the state privacy law by which to assess and manage compliance when processing personal data.

So, as you might imagine, loads of questions and anxiety over the country’s most comprehensive state privacy regulation continue to keep us busy.  This prompted us to provide a simple 3-step process to determine if the law applies to your business (now, in 2023, or beyond), what you need to do to meet the law’s requirements, and how to begin considering a national approach to data privacy governance.  While no summary can capture every aspect of developing a compliance plan, we hope the following resources are helpful in getting your arms around managing privacy and meeting the (applicable) requirements of the California laws.
Continue Reading Breaking Down the California Consumer Privacy Act (CCPA)

Whether you are an attorney advising clients, a medical professional treating patients via telemedicine, or anyone else working remotely, your second workplace or office might be providing more than just convenience. If you have a smart home device, such as one of the many varieties now available from companies like Google (Home/Nest), Amazon (Alexa), Microsoft (Cortana), or Apple (Siri), your remote work discussions (and conversations in general) may be less private than you realize. While convenient and sometimes helpful, these devices might be creating a record of more than your favorite songs and compromising your patient’s, client’s, or company’s confidential information.
Continue Reading Smart Devices: Convenient, Helpful, Fun. Oh Yeah, and Possibly Breaching Confidentiality.

Taft’s Privacy and Data Security Practice is pleased to
announce our mobile application is now live and available for download.  As we shared on International Privacy Day, (I am sure we are all still recovering from that celebration), we wanted to make available an easy-to-use app for you to quickly:

  • Stay up-to-date on data security and privacy news, developments, and events.
  • Get daily tips on privacy and security compliance and best practices.
  • Access content from Taft’s Privacy and Data Security


Continue Reading Now Available: Taft’s Privacy and Data Security Mobile App!

In March, 2022, President Joe Biden signed the Strengthening American Cybersecurity Act (the “Act”) into law. While the Act consists of various regulations, the security incident reporting requirements for entities in critical infrastructure sectors are getting the most attention. Although the reporting requirements are focused mainly on entities in critical infrastructure, there is potential that entities in various industries could be subject to these requirements.
Continue Reading Strengthening American Cybersecurity Act of 2022