Erin Jane Illman

Photo of Erin Jane Illman

Erin Illman has over a decade of experience representing corporate entities, technology companies and financial institution clients in a wide variety of regulatory compliance, litigation and contract matters. Erin’s current practice combines her technology, financial and corporate entity experience and is focused on helping companies navigate compliance and litigation risks associated with information security, digital services and products, cybersecurity, e-commerce and data privacy. View articles by Erin

Latest Articles

Amidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the first federal legislation targeted at consumer protection using biometrics, namely facial recognition (FR). The purpose of the bill is to…
Courts and regulators continue to struggle with how to define cryptocurrencies. The latest installment of this ongoing debate came from an unlikely source: a state appellate court’s opinion on a criminal matter. Specifically, on January 30, 2019, the Third District Court of Appeal for the State of Florida entered an order reversing a trial court’s dismissal of charges of illegal money transmission, finding that Bitcoin was a payment instrument under Florida law. The State of…
On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law also requires licensees to develop, implement and maintain written information security programs that are tailored to the size, complexity and risk level of the particular licensee. The information security program must contain administrative, technical and physical safeguards to protect nonpublic…
On the heels of FinCen and Federal Banking Agencies releasing a joint statement “Encouraging Innovative Industry Approaches to AML Compliance,” Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker announced a new collaborative era during the American Bankers Association’s Financial Crimes Conference, and emphasized the need for private/governmental working relationships and partnerships in order to combat new and sophisticated avenues that fund terrorism and facilitate money laundering. The message is simple: As technology-enabled crime proliferates,…
Cyber incidents can take many forms—phishing, insider theft, SQL injection, malware, denial of service, session hijacking, credential farming, or just old fashion “hacking.” Although many of these attack vectors employ technical knowledge, some utilize deception to manipulate individuals into performing certain actions or divulging confidential information. Commonly referred to as “social engineering,” a perpetrator can exploit human behavior to pull off a scam. Oftentimes this comes as an email, which appears to be from a…
As discussed in Part 1, the California Consumer Privacy Act of 2018 (CalCoPA) is a game-changing privacy act that sets a new bar for consumer privacy rights in the U.S. The primary reason it differs from existing legislation is that it goes beyond merely having to provide assurances or notices and requires organizations to be prepared to respond to individual requests with disclosures regarding consumers’ data collection and use. The Act was Amended last…
Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The flaw involved a messaging platform used by Fiserv to send account alerts to customers of Fiserv-affiliated banks. These alerts can be set up to notify the customer of certain events, such as when a balance passes a threshold. Someone noticed that the alert was provided in…
The Office of the Comptroller of the Currency announced, in a highly anticipated decision, that it would begin to consider special-purpose charter applications from fintech entities. This move, which has been the subject of months of industry speculation, came mere hours after the Department of the Treasury endorsed a national charter for fintech companies. This development will allow fintech firms to opt in to a national regulatory scheme rather than the current state law…
As most people started to wind down for the July 4th holiday week, California was just ramping up its “as California goes” focus on data privacy. On June 28, 2018, California passed a comprehensive data privacy bill that has been touted as the strictest in the nation. The good news first—businesses have until January 1, 2020, to revamp privacy compliance programs, update policies, procedures and processes, and operationalize the sweeping new changes passed by the…
On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB 62 into law, making his state the 49th to pass a data breach notification law. Spearheaded by the Attorney…