Photo of Glenn A. Brown

Glenn A. Brown

A senior member of our Data Privacy & Cybersecurity Practice Group, Glenn Brown provides business-oriented advice to clients in numerous industries on data privacy and regulatory compliance matters, including regulatory investigations and examinations. He has experience driving privacy and compliance priorities within organizations and providing strategic counsel regarding privacy, compliance and risk to support the growth and success of the business.

Glenn also has deep experience advising clients regarding compliance with many of the US federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act and the Driver’s Privacy Protection Act. Glenn is familiar with the legislative and regulatory landscape in the US and the EU and assists clients with developing strategies to address new developments.

Having served in-house in the capacity of Associate General Counsel and Chief Compliance Officer for more than 10 years, Glenn has a first-hand understanding of the day-to-day issues faced by clients when creating corporate privacy programs, implementing corporate compliance systems and responding to government investigations and examinations.

View full website bio.

Connecticut is gearing up to be the next state with a comprehensive privacy law. On April 28, 2022, the Connecticut General Assembly passed SB 6, “An Act Concerning Personal Data Privacy and Online Monitoring,” which is currently with the governor awaiting signature.  Of the state laws that have passed, SB 6 is most similar to the Colorado Privacy Act (“CPA”), Virginia Consumer Data Protection Act (“CDPA”), and Utah Consumer Privacy Act (“UCPA”). For example, under SB 6, the terms “controller,” “processor,” and “personal data” have similar definitions as under the CPA, CDPA, and UCPA.
Continue Reading Connecticut General Assembly Passes Comprehensive Privacy Bill

The Virginia legislature has introduced several bills that would amend Virginia’s Consumer Data Protection Act (“CDPA”) that was enacted last year. These bills are largely in response to the November 1, 2021 Virginia Consumer Data Protection Act Work Group report (the “Report”), which outlined 17 “points of emphasis” related to the CDPA. The Report includes

In a recent decision from the Middle District of North Carolina, a federal district court found a plaintiff in a Fair Credit Reporting Act (“FCRA”) case to have Article III standing to bring his claims in federal court, relying on the Supreme Court’s ruling in Ramirez last year and so denied an employer defendant’s Motion

The Georgia Senate recently introduced an omnibus privacy bill modeled after (but significantly broader than) California’s Consumer Privacy Act (“CCPA”), titled the Georgia Computer Data Privacy Act (“GCDPA”).  The introduction of the GCDPA is surprising in a number of ways, including its sponsorship by Republican leadership.  It is also notable in the burdens it seeks

On November 18, 2021, the Office of the Comptroller of the Currency (the “OCC”), the Board of Governors of the Federal Reserve System (the “Board”), and the Federal Deposit Insurance Corporation (the “FDIC”) issued a final rule (the “Final Rule”) that requires any financial institution subject to their respective jurisdictions to notify its primary federal

Updates: California Privacy Rights Act (“CPRA”)

Last month, we reported on the California Privacy Protection Agency’s (“CPPA”) engagement of an Executive Director and its proposal for a rulemaking framework. The CPPA’s efforts are assisted by provisions of Assembly Bill 694 (“AB 694”), which California Governor Gavin Newsom signed last month. AB694 includes changes to California’s consumer privacy law and clarifies the CPPA’s rulemaking process. You can find the changes here.
Continue Reading CPRA Amended and Updates Regarding the CDPA

Last week, the Federal Trade Commission (the “FTC”) released a final rule amending the Standards for Safeguarding Customer Information (commonly referred to as the “Safeguards Rule”) promulgated under the Gramm-Leach-Bliley Act (“GLBA”). The final Safeguards Rule, approved by the FTC Commissioners along party lines, will require financial institutions to make significant changes in their information

On July 19, the Office of the Attorney General of California (OAG) issued a press release summarizing its first year of CCPA enforcement. Seventy-five percent of companies receiving a notice to cure are said to have come into compliance within the 30-day cure period, with 25% reportedly still within that period or under ongoing investigation. The OAG also published summaries of 27 resolved exemplary cases. The OAG was careful to note that the summaries do not constitute advice and do not include all of the facts, however they do offer some insights. Disappointingly, however, the summaries often lack enough detail to allow readers to surmise the enforcement posture that was taken by the OAG, the exact nature of the alleged violations, or the specific actions taken by the company that satisfied the OAG’s inquiry.

Continue Reading California AG Offers Cryptic CCPA Enforcement Summaries, and Launches Complaint Tool

NewspaperAs the trend of state laws granting more privacy and greater control over personal information continues in the US, the fate of privacy bills in Washington State, Oklahoma and Florida serve as a reminder that as with any other issue, political compromise is still a necessity in order for legislation to progress. This is an update on our prior post published on April 5th, analyzing the chances that privacy bills introduced in Washington, Oklahoma, Florida and Connecticut will be enacted.
Continue Reading Washington and Oklahoma Privacy Bills Have Officially Died; Florida’s Privacy Bill is Significantly Amended

The Florida state legislature is considering a sweeping data privacy bill introduced by Governor Ron DeSantis in February.  House Bill 969 is the latest state provision to follow in the footsteps of the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act and the Virginia Consumer Data Protection Act, in giving consumers greater control over how their personal information is used while imposing greater restrictions on companies’ use of that data.
Continue Reading Florida is the Latest State to Consider Comprehensive Data Privacy Legislation