Media publications, interviews & quotes
Below you will find important announcements from The Beckage Firm , media publications, blog posts, as well as interviews & quotes concerning the attorneys at the firm, who are often quoted for their tech, innovation and privacy know-how.
*Attorney Advertising: Prior results do not guarantee similar outcomes.*
First FTC Enforcement Action Under the Health Breach Notification Rule Alerts Companies To Focus on Data Security and Privacy Initiatives
On February 1, 2023, the Federal Trade Commission (“FTC”) announced an enforcement action for the first time under its Health Breach Notification Rule against the telehealth ad prescription drug discount provider GoodRx Holdings Inc. (“GoodRx”). The FTC’s Health Breach Notification Rule requires vendors of personal health records and related entities not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) to notify consumers following a breach involving unsecured, personally identifiable health information.
The FTC has taken this enforcement action against GoodRx for GoodRx’s alleged failure to notify customers and others of its unauthorized disclosures of consumer’s personal health information to Facebook, Google, and other companies. The proposed order, filed by the Department of Justice (“DOJ”) on behalf of the FTC, prohibits GoodRx from sharing user health data with applicable third-parties for advertising purposes. Further, GoodRx has agreed to pay a $1.5 million civil penalty for violating the Health Breach Notification Rule. However, for the proposed order to be enforced, a federal court must approve the order for it to go into effect.
The California based GoodRx operates a digital health platform that offers prescription drug discounts, telehealth visits, and other health services, collecting personal and health information about its users. GoodRx has allegedly violated the Health Breach Notification Rule by sharing user’s sensitive personal health information for years with advertising companies and platforms, and failed to report these unauthorized disclosures in direct conflict to GoodRx’s own privacy promises and the Health Breach Notification Rule.
Specifically, GoodRx has deceptively promised users it would not share personal health information with advertisers or other third-parties, to which GoodRx has repeatedly violated its own promise by sharing sensitive personal health information with third-party advertising companies and advertising platforms like Google, Facebook, and Criteo, among others. Further, GoodRx used the personal health information that it collected to target GoodRx’s own users with personalized health and medication specific advertisements on Facebook and Instagram. GoodRx also allowed third-parties it shared data with to use collected personal health information for their own research and development or improvement to advertising. GoodRx misrepresented its compliance with HIPAA and failed to implement and maintain sufficient policies and procedures to protect the personal health information of its users.
The GoodRx enforcement action by the FTC under the Health Breach Notification Rule highlights the increased scrutiny regulators are placing on companies using and disclosing consumer health information. Because of the increased scrutiny of regulators and the emphasis on the protection of sensitive consumer health information, it is imperative that businesses implement and maintain policies and procedures that prevents the unauthorized disclosures to third-party advertisers.
At The Beckage Firm, we have a team of professionals that are highly knowledgeable of HIPAA and the Health Breach Notification Rule and can help your business implement safeguards that are compliant with federal and state regulations surrounding sensitive health information. Info@thebeckagefirm.com
The FTC has taken this enforcement action against GoodRx for GoodRx’s alleged failure to notify customers and others of its unauthorized disclosures of consumer’s personal health information to Facebook, Google, and other companies. The proposed order, filed by the Department of Justice (“DOJ”) on behalf of the FTC, prohibits GoodRx from sharing user health data with applicable third-parties for advertising purposes. Further, GoodRx has agreed to pay a $1.5 million civil penalty for violating the Health Breach Notification Rule. However, for the proposed order to be enforced, a federal court must approve the order for it to go into effect.
The California based GoodRx operates a digital health platform that offers prescription drug discounts, telehealth visits, and other health services, collecting personal and health information about its users. GoodRx has allegedly violated the Health Breach Notification Rule by sharing user’s sensitive personal health information for years with advertising companies and platforms, and failed to report these unauthorized disclosures in direct conflict to GoodRx’s own privacy promises and the Health Breach Notification Rule.
Specifically, GoodRx has deceptively promised users it would not share personal health information with advertisers or other third-parties, to which GoodRx has repeatedly violated its own promise by sharing sensitive personal health information with third-party advertising companies and advertising platforms like Google, Facebook, and Criteo, among others. Further, GoodRx used the personal health information that it collected to target GoodRx’s own users with personalized health and medication specific advertisements on Facebook and Instagram. GoodRx also allowed third-parties it shared data with to use collected personal health information for their own research and development or improvement to advertising. GoodRx misrepresented its compliance with HIPAA and failed to implement and maintain sufficient policies and procedures to protect the personal health information of its users.
The GoodRx enforcement action by the FTC under the Health Breach Notification Rule highlights the increased scrutiny regulators are placing on companies using and disclosing consumer health information. Because of the increased scrutiny of regulators and the emphasis on the protection of sensitive consumer health information, it is imperative that businesses implement and maintain policies and procedures that prevents the unauthorized disclosures to third-party advertisers.
At The Beckage Firm, we have a team of professionals that are highly knowledgeable of HIPAA and the Health Breach Notification Rule and can help your business implement safeguards that are compliant with federal and state regulations surrounding sensitive health information. Info@thebeckagefirm.com
Class Action* Filed (December 14, 2022) – Artificial Intelligence Resulting in Alleged Discrimination in Claims Processing and Procedures
*The complaint filed contains alleged
conduct. Admissible evidence is
required to prove allegations.
conduct. Admissible evidence is
required to prove allegations.
ATTORNEY ADVERTISEMENT
Jaqueline Husky, on behalf of herself and all others similarly situated filed suit against State Farm Fire & Casualty Company, U.S. District Court, Northern District of Illinois, Case No. 22-cv-7014, dated December 14, 2022, alleging violations of the Fair Housing Act by State Farm.
Husky, and her counsel, claim that State Farm’s use of Artificial Intelligence (“AI”) disparately treats its Black homeowners’ claims relative to white homeowners’ claims in the Midwest (Illinois, Indiana, Michigan, Missouri, Ohio, and Wisconsin). The alleged disparate treatment involves “greater suspicion than claims made by their white counterparts,” “greater inconvenience as well as detrimental impact” to property values and “quality of life,” and delays in the claim adjustment procedures.
Husky alleges that State Farm’s use of AI in automated claims processing procedures, including “machine-learning algorithms,” effects “predictions and decisions about whether a claim might be fraudulent, how much scrutiny it requires, and how it should be processed,” relying upon “(1) biometric data that function as proxies for race, such as physical appearance, genetics, and voice; (2) intrusive behavioral data that function as proxies for race, such as geolocation, social media presence, and browser search history; and (3) historical housing and claims data that are themselves infected with racial bias.”
The AI algorithms, again as alleged, “too often have discriminatory effects, even where demographic data, such as race, are not included as inputs. This is because algorithms can “learn” to use omitted demographic features by combining other inputs that are correlated with race (or another protected classification), like zip code, college attended, and membership in certain groups.”
To support Husky’s allegations, the following information was provided:
Survey of 648 white and 151 Black policyholders demonstrated large and statistically significant racial disparities, regarding (1) the time for claims to be paid; (2) the supplemental paperwork required as part of claims adjudication; and (3) the number of adjustor/claimant interactions for each claim.
(1) 39% of white compared to 30% of Black policyholders received payment for their claim within one month or less (Alleged difference would occur less than 5% of time as a result of random chance).
(2) 46% of white compared to 64% of Black policyholders were required to submit additional materials beyond the materials that initiated their claims (Alleged difference would occur less than 1% of time as a result of random chance).
(3) 51% of white compared to 42% of Black policyholders resolved their claims after only one to three interactions with State Farm, and 49% of white and 58% of Black policyholders needed three or more interactions.
The Complaint further alleges an industry shift from person-to-person claims handling to an AI-based analysis designed to separate claims into one of three buckets: “no touch,” “low touch,” and “high touch.” There is a newer reliance on analytics and AI learned algorithms to determine the level of Adjustor involvement. However, as Husky alleges, it is the social stratification of the data, the weighed importance relative to the benefits, and the AI interpretation of the data that creates the discriminatory results.
The Beckage Firm, a boutique data security and privacy firm with lawyers who are also technologists with AI backgrounds, understands AI and its positive, and potential legal compliance issues that may arise. As organizations adopt AI, or use third parties who use AI, legal compliance evaluation can help mitigate regulatory investigations and unintended outputs.
Scott Michael Lupiani, Esq.
Member, The Beckage Firm PLLC
ATTORNEY MAVERICK JAMES JOINS THE BECKAGE FIRM
NEW YORK, November 2, 2022 – The Beckage Firm, a women and veteran owned, boutique data security and privacy law firm announced the addition of Attorney Maverick James to The Beckage Firm.
Prior to joining The Beckage Firm, Maverick was an attorney in the Data Privacy & Cybersecurity practice at a national law firm. In addition to responding to countless data security incidents, he also represented insurance carriers as coverage, claims, and monitoring counsel and negotiated resolutions to complex matters, across multiple lines of insurance.
“Maverick brings a wealth of knowledge and experience as it relates to data privacy and security,” said Jennifer A. Beckage, Esq. CIPP/US, CIPP/E founder of The Beckage Firm. “Maverick’s enthusiasm, attention to detail and innovative spirit is a great compliment to the mission of The Beckage Firm to look after our clients who navigate the ever-changing landscape of data security and privacy.”
Maverick served as a judicial intern to the Honorable Joan M. Azrack in the United States District Court for the Eastern District of New York and the Honorable Andrea Masley in the New York State Supreme Court, Commercial Division. He also was engaged and supported the Cyber-Harassment Clinic at New York Law School, the only clinic in the country dedicated to representing victims of cyber-harassment, and providing innovative solutions.
“The Beckage Firm is at the forefront of innovative cyber-security and privacy solutions,” said Maverick James. “I’m confident my skills and knowledge as a diverse attorney will be a strong asset as we continue to grow and expand our presence in this area.”
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
About The Beckage Firm: The Beckage Firm is a women and minority-owned law firm. Its attorneys and technology professionals counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, personal security and privacy, data due diligence in mergers and acquisitions, and emerging technologies such as Artificial Intelligence (AI). Learn more at TheBeckageFirm.com.
Attorney Advertising: Prior results do not guarantee similar outcomes.
Prior to joining The Beckage Firm, Maverick was an attorney in the Data Privacy & Cybersecurity practice at a national law firm. In addition to responding to countless data security incidents, he also represented insurance carriers as coverage, claims, and monitoring counsel and negotiated resolutions to complex matters, across multiple lines of insurance.
“Maverick brings a wealth of knowledge and experience as it relates to data privacy and security,” said Jennifer A. Beckage, Esq. CIPP/US, CIPP/E founder of The Beckage Firm. “Maverick’s enthusiasm, attention to detail and innovative spirit is a great compliment to the mission of The Beckage Firm to look after our clients who navigate the ever-changing landscape of data security and privacy.”
Maverick served as a judicial intern to the Honorable Joan M. Azrack in the United States District Court for the Eastern District of New York and the Honorable Andrea Masley in the New York State Supreme Court, Commercial Division. He also was engaged and supported the Cyber-Harassment Clinic at New York Law School, the only clinic in the country dedicated to representing victims of cyber-harassment, and providing innovative solutions.
“The Beckage Firm is at the forefront of innovative cyber-security and privacy solutions,” said Maverick James. “I’m confident my skills and knowledge as a diverse attorney will be a strong asset as we continue to grow and expand our presence in this area.”
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
About The Beckage Firm: The Beckage Firm is a women and minority-owned law firm. Its attorneys and technology professionals counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, personal security and privacy, data due diligence in mergers and acquisitions, and emerging technologies such as Artificial Intelligence (AI). Learn more at TheBeckageFirm.com.
Attorney Advertising: Prior results do not guarantee similar outcomes.
FTC FINALLY CRACKS DOWN ON PRECISE GEOLOCATION PRACTICES
Posted 10/31/22
Post Dobbs, organizations are taking a closer look at their geolocation practices, data that they receive from third parties, including data brokers, and their operational practices. To further complicate this review, the FTC has shined a light on the issue with its recently filed suit against Kochava, who is in the data broker industry. This suit can provide insight on how the FTC and other agencies will look at geolocation data and what organizations should be on the lookout for.
Overview
With the FTC finally having a full complement of commissioners, Commissioner Lena Khan’s ambitious agenda appears to finally be kicking into motion. In addition to her efforts to tie antitrust law to data protection practices and jumpstarting the federal rulemaking process for badly needed updates to federal privacy law, Khan’s FTC brought an action in late August against Kochava, a data broker, for the sale of precise geolocation data of consumers in the U.S. District Court of Idaho.
Theory of the Case
The FTC’s suit centers around Kochava’s role in the data broker industry and some of the most controversial data practices regarding consumer data. Kochava is not alone in this but is one of the key players in the precise geolocation industry and has found itself in the crosshairs here for reselling consumer precise geolocation data to consumers that can be tied back to places of worship, health care clinics, schools, and other locations. This data, coupled with an advertising ID, can reveal intimate details about consumers’ lives and habits. It goes without saying that this level of data, no matter how pseudonymized, has high value to advertisers with precise geolocation data audience segments ad analytics selling at some of the highest rates in the programmatic advertising industry.
Kochava claims to process more than 94 billion data transactions each month for 125 million monthly active users and 35 million daily active users. The consumer data is made available for purchase through a license or through a free sample that contains a rolling 7 day period. Kochava denies the allegations in the complaint, stating their practices are in compliance with all applicable privacy laws and, “Kochava sources 100% of the geo data in our data marketplace from third party data brokers all of whom represent that the data comes from consenting consumers.”
The FTC is seeking a permanent injunction to stop this practice. Typically, the FTC has brought privacy cases under the “deceptive” practices prong of its authority under Section 5 of the FTC Act. Advancing this case on unfairness grounds represents an aggressive move against not just Kochava, but geolocation as a whole, enabling the FTC to seek a permanent injunction against the practice, not just about any statements related to the practice, of selling precise geolocation data. The FTC is choosing to advance a harder argument here – that the practice of selling precise geolocation data is uniquely unfair because a consumer cannot meaningfully consent to the transaction by companies it has no knowledge of and that the practice has and will substantially harm individuals – in order to have a greater impact on the business model as a whole.
A win by the FTC here would likely result in a substantial impact on not just data brokers and advertisers, but also analytics companies, retail groups, device tracking technologies (e.g. Apple Airtags) and automotive manufacturers who increasingly process substantial amounts of precise geolocation data for a wide variety of purposes. But key questions remain: Is Kochava the right target for this action if no particularized harm has been identified and alleged from the sale of its particular data set?
A win by the FTC here would likely result in a substantial impact on not just data brokers and advertisers, but also analytics companies, retail groups, device tracking technologies (e.g. Apple Airtags) and automotive manufacturers who increasingly process substantial amounts of precise geolocation data for a wide variety of purposes. But key questions remain: Is Kochava the right target for this action if no particularized harm has been identified and alleged from the sale of its particular data set?
Additional Implications
Precise geolocation data is also highly valuable to law enforcement. Earlier this week, the Associated Press released an article based on a joint investigation with the Electronic Frontier Foundation, unmasking a data broker called Fog Data Science LLC, licensing a tool to law enforcement and government agencies for a reputed $7,500/year fee, that would provide geofencing and location tracking capabilities without a warrant. Such practice is currently lawful because of the exception under 4th Amendment caselaw for publicly available information.
Precise geolocation data is considered highly sensitive data – a type of digital plutonium – because of the difficulty anonymizing the data and the rich insights that can be extracted from the feed. Precise geolocation tied to a time stamp and advertising identifier – the unique number each phone is assigned by Apple or Google for advertisers to use for targeting – can reveal an individual’s home address, work address, and other sensitive data. In 2021, a Catholic priest resigned after he was outed as visiting LGBTQ+ bars. His precise geolocation data was obtained through a data broker by a Catholic news organization who outed him. The data broker got it from Grindr, the LGBTQ+ dating app. Precise geolocation has revealed numerous national security implications as well. In 2018, the US military was forced to reexamine its security practices after fitness tracker Strava’s heatmaps revealed military bases and patrol routes. That story, among others, was part of a New York Times series on location data practices that included the ability to locate devices traveling to and from CIA Headquarters in Langley, Virginia. At the same time, the US military and other law enforcement agencies have been caught buying precise geolocation data from Muslim prayer apps, a move that clearly has First Amendment implications.
In a post-Dobbs’ America, the implications are profound with Republican governed states rapidly moving to criminalize women who seek abortions or the doctors who provide them. Some are even exploring enforcing their laws on women who seek abortions across state lines.
Precise geolocation data is considered highly sensitive data – a type of digital plutonium – because of the difficulty anonymizing the data and the rich insights that can be extracted from the feed. Precise geolocation tied to a time stamp and advertising identifier – the unique number each phone is assigned by Apple or Google for advertisers to use for targeting – can reveal an individual’s home address, work address, and other sensitive data. In 2021, a Catholic priest resigned after he was outed as visiting LGBTQ+ bars. His precise geolocation data was obtained through a data broker by a Catholic news organization who outed him. The data broker got it from Grindr, the LGBTQ+ dating app. Precise geolocation has revealed numerous national security implications as well. In 2018, the US military was forced to reexamine its security practices after fitness tracker Strava’s heatmaps revealed military bases and patrol routes. That story, among others, was part of a New York Times series on location data practices that included the ability to locate devices traveling to and from CIA Headquarters in Langley, Virginia. At the same time, the US military and other law enforcement agencies have been caught buying precise geolocation data from Muslim prayer apps, a move that clearly has First Amendment implications.
In a post-Dobbs’ America, the implications are profound with Republican governed states rapidly moving to criminalize women who seek abortions or the doctors who provide them. Some are even exploring enforcing their laws on women who seek abortions across state lines.
Client Aware
The FTC’s suit here in this case coupled with its move to update its regulations via the rulemaking process last month, show an increased appetite to tackling privacy problems under current authority while proposed federal privacy law remains deadlocked in Congress. Businesses that collect, process, sell, or otherwise use precise geolocation data or engage with vendors who do, should take a renewed look at their data practices, their technical and administrative compliance measures, and their consumer disclosures and methods of obtaining consent, where applicable. The Beckage Firm of seasoned privacy and cybersecurity professionals is available to assist as needed.
*Attorney Advertising: Prior Results Do Not Guarantee Similar Outcomes
Thebeckagefirm.com
info@thebeckagefirm.com
Jennifer A. Beckage, Esq., CIPP/US, CIPP/E named to list of the 40 top data breach attorneys
in the United States for fifth year in a row
Thebeckagefirm.com
info@thebeckagefirm.com
Jennifer A. Beckage, Esq., CIPP/US, CIPP/E named to list of the 40 top data breach attorneys
in the United States for fifth year in a row
NEW YORK, October 20, 2022 - Jennifer A. Beckage, Esq., CIPP/US, CIPP/E has been named among the top 40 data breach lawyers in the U.S. Cybersecurity Docket's Incident Response 40. Incident Response 40 is peer nominated and reviewed and “lists the 40 best data breach response lawyers in the business,” states Bruce Carton, Editor of Cybersecurity Docket.
To date, Ms. Beckage has received this illustrious recognition in 2018, 2019, 2020, 2021 putting her amongst an elite few to repeatedly receive such distinction.
“I am utterly humbled by this designation, especially from my peers, whom I admire and hold in high regard,” said Jennifer A. Beckage, Managing Director and founder of The Beckage Firm. “I have responded to countless headline-making data security and privacy breaches and related putative class actions while launching and managing a high growth tech-forward law firm. Concurrently, I have benefited from professional growth and recognition in the niche data security and privacy and cyber insurance markets.”
“The data security and privacy market, my professional career and my personal life have been through a lot,” warmly states Ms. Beckage. “After five years, I am beyond humbled by this recognition along with other talented cyber professionals and I look forward to see the future generations of recipients of this award.”
Jennifer Beckage is the Founder and Managing Director of The Beckage Firm, a Women and Veteran owned law firm focused on incident response, data privacy and compliance, litigation, and emerging technologies. During the DotCom era, Ms. Beckage started her career, which eventually led to the sale of her tech business to a publicly traded entity, where she was retained as VP of Operations over technical services and products. At that time, Ms. Beckage consulted Fortune 100 companies to abandon antiquated practices and invest in a new technology platform called a “website” on the future forward “Internet.”
With the emergence of cyber threat actors, Ms. Beckage then focused her career on incident response (incidentally, most leading from activities on the Internet). With a robust understanding of how internet technologies are built, Ms. Beckage has provided consultation to organizations of various sizes and maturities on incident response preparedness. Beckage was among the early counselors to help corporate clients navigate international data breaches, and related putative class actions. Ms. Beckage predicted the need for organizations to proactively prioritize data security, privacy, and incident response. To that end, she has received numerous awards and recognition as a sought-after speaker on topics including cybersecurity and privacy. Ms. Beckage holds Certification from MIT Sloan School of Management for business strategies and implications of artificial intelligence technology use and has taught masters level studies on artificial intelligence, incident response, data security, privacy and ethics. Years prior to the pandemic, Ms. Beckage created the first majority remote law firm and has helped organizations safely, compliantly and efficiently migrate to the cloud.
Among her certifications, Ms. Beckage maintains Certified Information Privacy Professional, United States (CIPP/US) and Certified Information Privacy Professional, Europe (CIPP/E).
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
About The Beckage Firm: The Beckage Firm is a women-owned law firm. Its attorneys and technology professionals counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, personal security and privacy, data due diligence, and emerging technologies such as Artificial Intelligence (AI). Prior results do not guarantee similar outcomes. In addition to women-owned, the Beckage Partnership Team also includes military veterans. Learn more at TheBeckageFirm.com.
THE BECKAGE FIRM NAMES KEVIN JOHNSON CHIEF INFORMATION SECURITY OFFICER

Kevin Johnson, a United States Air Force veteran, will serve as the Firm’s Chief Information Security Officer.
NEW YORK, October 3, 2022
The Beckage Firm PLLC, a women-owned, boutique data security and privacy law firm announced the addition of Kevin Johnson to the rapidly growing team of The Beckage Firm. Kevin Johnson, a United States Air Force veteran, will serve as the Firm’s Chief Information Security Officer.
With almost two decades of experience, Mr. Johnson has been responsible for securing critical government and private sector systems by managing diverse teams in application development, infrastructure, and cyber security. He has extensive experience in vulnerability management, continuous monitoring, incident response, security governance, risk management, compliance, auditing, and process development. In his new role with The Beckage Firm, Mr. Johnson will work directly in compliance, risk/threat management, and develop preventative policies and strategies.
“Kevin has led government and private sector organizations by developing and implementing security policies, programs, best practices, procedures, and standards from the ground up,” said Jennifer A. Beckage, Esq. CIPP/US, CIPP/E founder of The Beckage Firm. “His vast experience, attention to detail, and ability to communicate complex security threats will be valuable assets to the Beckage Team.”
“Risk management, IT Security, and the laws regulating these areas are changing around the globe at a record pace,” said Kevin Johnson. “The Beckage Firm is committed to providing guidance and procedural detail on the latest information security threats, tech, and standards. The team that we are building is truly world class in understanding the latest changes to compliance and standards in these vital business areas.”
Mr. Johnson started his career by serving in the United States Air Force in various physical and information security capacities. By working overseas in highly stressful and rapidly changing environments, his ability to remain calm and adapt to any situation has proven to be vital to the safety and security of government leaders, critical resources, and systems. Receiving some of the highest clearances available, Mr. Johnson has demonstrated an immense level of trust and competency throughout his time in the military.
Following his military experience, Kevin Johnson transitioned to a federal civilian, working for Navy Headquarters in Washington, DC. In this capacity, he managed technical assets, compliance, policy, and contract teams for an application utilized jointly by all DoD services. He worked with military leaders at the Pentagon to ensure requirements were met, demonstrated compliance with regulatory and industry standards, and provided overall security updates.
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
About The Beckage Firm: The Beckage Firm is a women-owned law firm. Its attorneys and technology professionals counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, personal security and privacy, data due diligence, and emerging technologies such as Artificial Intelligence (AI). Prior results do not guarantee similar outcomes. In addition to women-owned, the Beckage Partnership Team also includes military veterans. Learn more at TheBeckageFirm.com.
THE BECKAGE FIRM CONTINUES DYNAMIC GROWTH WITH THE ADDITION OF TWO NEW ATTORNEYS

Two new members join The Beckage Firm Team
NEW YORK, September 26, 2022
The Beckage Firm PLLC, a women-owned, boutique data security and privacy law firm proudly announced the addition of two new members to The Beckage Firm Team. Scott M. Lupiani, Esq., years of experience in federal and state courts, oversees litigation, including putative class actions, and regulatory investigations. Shawn Ford, LLM, Esq., experienced data security lawyer and Canadian counsel, focuses on Incident Response.
“The team that we are building at The Beckage Firm are truly passionate thought leaders in their respective fields,” boasted Jennifer A. Beckage, Esq. CIPP/US, CIPP/E founder of The Beckage Firm. “The data security and privacy industry has changed a lot since when I started and in launching The Beckage Firm we wanted a team that had unique, experienced backgrounds to deal with the new challenges that our corporate clients and insureds face. Scott and Shawn all embody these important characteristics.”
Scott Lupiani draws on his extensive experience in health law, including serving as general counsel for a health care organization to assist clients with HIPAA and other health care compliance matters. He has an extensive background in federal and state court litigation to defend clients in putative class actions, civil litigations. Scott is also a U.S. Army Veteran.
Shawn Ford is experienced working with technology-focused organizations at varying stages, including as general counsel for an international health tech company. As a Canadian citizen and lawyer, Shawn works closely with clients on compliance with Canadian data security and privacy matters. Leveraging his background as a data security technology business owner, Shawn has worked with organizations, and high net worth individuals on data security and privacy compliance and incident response matters.
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
About The Beckage Firm: The Beckage Firm is a women-owned law firm. Its attorneys and technology professionals counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, personal security and privacy, data due diligence, and emerging technologies such as Artificial Intelligence (AI). In addition to women-owned, the Beckage Partnership Team also includes military veterans. Learn more at TheBeckageFirm.com.
THE BECKAGE FIRM AND THE SPENCER FOUNDATION ANNOUNCE SCHOLARSHIP PROGRAM

The Beckage Firm PLLC has partnered with the Spencer Educational Foundation
NEW YORK, September 22, 2022
The Beckage Firm PLLC, a women-owned, boutique data security and privacy law firm has partnered with the Spencer Educational Foundation to provide a scholarship to undergraduate students pursuing a career in risk management who self -identify with a traditionally underrepresented race/ethnicity or as female.
“At The Beckage Firm our missions is to help support programs that make education more impactful, diverse and transformative,” said Jennifer A. Beckage, Esq. CIPP/US, CIPP/E founder of The Beckage Firm. “We are proud to offer this scholarship opportunity and we cannot wait to provide the scholarship and watch the impact of the dollars and our mentoring to future generations.”
The First Scholarship will be awarded in May 2023. In addition to the Scholarship, The Beckage Firm is a sponsor of the Funding the Future Gala in New York City on September 22, over 800 Industry Executives will participate in this marquee fundraising Event.
The Spencer Foundation has been a leading funder of education research since 1971 and is the only national foundation focused exclusively on supporting education research. The Spencer Foundation has been a strong advocate for broader access to education in science, technology, engineering, and mathematics (STEM).
The Beckage Firm is headquartered in New York. Its services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy, and Data Due Diligence.
THE BECKAGE FIRM NAMES SCOTT MORRIS, SENIOR VICE PRESIDENT, TECHNOLOGY AND SECURITY

Scott is a dynamic voice and thought-leader in the cyber-security community
NEW YORK, September 19, 2022
The Beckage Firm PLLC, a women owned boutique data security and privacy law firm is proud to announce the addition of Scott Morris as Senior Vice President, Technology and Security. Scott Morris has served as Senior Vice President and Chief Information Security Officer “CISO” for a spectrum of organizations in size and maturity. As CISO for Blue Cross Blue Shield of WNY, Mr. Morris maintained responsibility for the information and cyber security programs. A refined information security executive possessing over two decades of experience, Morris has a stellar track record for developing security programs, governance, and percolating vertical stakeholder engagement.
"Scott is a dynamic voice and thought-leader in the cyber-security community," stated The Beckage Firm Founder, Jennifer Beckage. "His experience, knowledge and foresight provide a great resource for The Beckage Team and our partners."
The Beckage Firm counsels organizations and high-net-worth individuals on innovation, data security and privacy, tech business strategy, crisis preparedness, merger and acquisition data due diligence, and litigation and regulatory inquiry defense.
"I'm confident we can make a real impact in the cyber-security space and truly be an asset for our clients and partners," said Scott Morris. "Cyber-Security is constantly evolving and I believe The Beckage Firm is committed to building a team that understands and helps shape the next generation of Cyber-Security." The Beckage Firm's home office is in New York. It's services include Incident Response/Data Breach, Data Security and Privacy Compliance, Personal Privacy and Data Due Diligence. About The Beckage Firm: Beckage is a women-owned law firm that focuses on technology, data security, and privacy, incident response, and litigation and regulatory inquires. The Beckage Firm attorneys and team counsel clients on matters pertaining to data security and privacy compliance, government investigations, litigation and class action defense, incident response, technology, and emerging technologies such as Artificial Intelligence (AI). The Beckage Firm's headquarters is in New York. Learn more at TheBeckageFirm.com.
The Beckage Firm Names Jodi Beaubien, Senior Vice President, Global Partnership Operations

Jodi Beaubien PMP, SHRM-CP, Senior Vice President, Global Partnership Operations
September 12, 2022Read Article
Jodi is a key addition to our firm, she boasts over 20 years of communications experience working with SMBs, large international brands, municipalities, private healthcare conglomerates, and financial institutions.
Jen Beckage quoted In Bloomberg Law Regarding Ransomware

Ransomware Rise Means Greater Regulatory, Legal Risk for Victims
May 12, 2021Read Article
"The threat to disclose information in itself raises a lot of different issues, such as determining whether it’s a credible threat," Beckage said. "A whole analysis has to be performed to understand the ‘who’ and the ‘what’ that occurred."
Jen Beckage quoted In Bloomberg Law Article regarding President Biden cyber initiatives

Biden's Russia Strike Marks Shift in U.S. Cybersecurity Strategy
April 16, 2021Read Article
"It's nice to see the government support private-public collaboration to drive this forward," Beckage said. "It's more indication from the current administration that cybersecurity is important and will continue to be going forward."
Featured Story in SuperLawyers© Magazine About Jen Becage's Tech & Legal Career

Before she was a tech lawyer, Jennifer Beckage was in on the internet's ground floor
August 19, 2021Read Article
In the late '90s, Jennifer Beckage was a 20-something Southerner with big hair and a Texas twang who saw the future. She would sit down in boardrooms across the Northeast making a simple ask of Fortune 500 presidents: "Just throw away your entire marketing plan," she says. "The whole world is changing. You should listen to me, a 20-year-old, and move your 100-year-old business online."
Jen Beckage was published in Risk Management Magazine regarding legal issues in data breach response

The Legal Issues in Cyber Incident Response
April 1, 2021Read Article
When we think about cyber incident response, we think about detection, analysis, containment, eradication, remediation and reporting. These stages are not just about technical and forensic response, however. Throughout each, legal risks and considerations must also be addressed. It is imperative to focus on gaining technical understanding of what the threat actor did, when they did it, and how to overcome their interference and resulting business interruptions.
Jen Beckage Quoted by Law.com Regarding FTC Initiatives

What's Behind the FTC's Push for More Detailed Orders?
May 14, 2019
More Publications
2021
- “Vulnerabilities in SolarWinds and Microsoft,” VOA News, Dec. 28, 2021
- “Ransomware Prevention Best Practices to Follow and Pitfalls to Avoid,” Presidio Insight Blog, Oct. 8, 2021
Read Article - Review and analysis of artificial intelligence (AI) webinar featuring Jennifer Beckage as a panelist. JD Supra, July 8, 2021
Read Article - “Pandemic Data Privacy - A Q&A With Jennifer Beckage”, NetDiligence, Jun. 2021
Read Article - Jennifer Beckage's "One Big Thing" for Incident Response Forum Masterclass 2021, Apr. 5, 2021 (video)
Watch Video - Jennifer Beckage on the 2021 Cyber Threat Landscape - Ransomware, Vishing, Data Shaming, & More, Feb. 24, 2021 (video)
Watch Video - “Cybersecurity Resolutions for 2021,” Cybersecurity Law Report, Jan. 13, 2021
Read Article
2020
- Jennifer A. Beckage’s “One Big Thing” for Incident Response Forum 2020, Apr. 8, 2020 (video)
Watch Video
2019
- “From Tech Business to Tech Law”, University at Buffalo Forum Magazine, July 26, 2019
Read Article - “All businesses have 'people problems' when it comes to this risk” Insurance Business Magazine, by Alicja Grzadkowska, June 11, 2019
Read Article - “Industry leader [Jennifer Beckage] says 'cyber insurance' may be too narrow a designation amid potential threats,” Inside Cybersecurity, by Mariam Baksh, Apr. 16, 2019
Read Article - “Inside the booming and controversial world of sneaker bots,” Glossy Magazine, By Danny Parisi Apr. 5, 2019
Read Article - “Legal Mind Tech Focus,” SUNY Buffalo at Law, Feb. 2019
Read Article - “Incident Response Plan,” summary and quotes form Jennifer Beckage’s presentation at LegalWeek NYC 2019, Feb. 19, 2019
Read Article
2018
- Pandemic Data Privacy - A Q&A With Jennifer Beckage Of Beckage Law Firm, NetDiligence (video)
Watch Video - New York Firm Launches With Novel Cybersecurity Mandate: Get Technical, September 14, 2018
Read Article - Jennifer Beckage, Esq. starts firm, Buffalo News, Oct 31, 2018
Read Article
More publications by Jennifer A. Beckage, Esq., CIPP/US, CIPP/E
- "Construction Industry - Target For Data Breaches" Construction Exchange of Buffalo & WNY, Inc. Newsletter, May 24, 2018
- Quoted in “When Law and Technology Converge,” Buffalo Law Journal and Business First, May 2018
- "Prepping for the GDPR Deadline,” Buffalo Law Journal, Mar. 26, 2018
- "Regulators, Hackers, Plaintiffs, and Lawyers, Oh My,” Buffalo Business First · Mar. 16, 2018
- "Additional FAQs Answered by the DFS Concerning the DFS Cybersecurity Regulation Address Exempt Mortgage Servicers, Not-for-Profit Mortgage Brokers, HMOs and CCRCs, and Mergers and Acquisition Matters,” Phillips Lytle Alert, Mar. 1, 2018
- "Understanding and Managing Cybersecurity Risks Posed by Third Parties," Phillips Lytle Data Security and Privacy Blog, Feb 22, 2018
- "Avoid Cybersecurity Fatigue and Frustration: Practical advice for businesses in a complicated cybersecurity world," Rochester Business Journal, Feb. 16, 2018
- "SEC Issues Guidance on Cybersecurity Disclosures," Phillips Lytle Alert, Feb. 1, 2018
- "Additional FAQs Answered by the DFS Concerning the DFS Cybersecurity Regulation," Phillips Lytle Alert, Jan. 1, 2018
- "February 15, 2018: First Certification Deadline Under the NYSDFS Cybersecurity Regulation" Phillips Lytle Alert, Jan. 1, 2018
- "New General Data Protection Regulation Takes Effect on May 25, 2018: Take Steps Now to Ensure Compliance," Phillips Lytle Alert, Jan. 1, 2018
- Quoted in "Education, action needed to protect business from cyber threats," Business First, Apr. 2018
- Featured: "Jennifer Beckage, on data security," Invest Buffalo Niagara, podcast, Feb. 2018
- Quoted in "Another cybersecurity deadline this week for banks, insurance companies and other financial organizations," Business First, Feb. 2018
- Quoted in "Front Line Workers Key to Defense In Cyber Attacks," Buffalo Law Journal and Business First, Jan. 2018
2017
- "The Impact of Blockchain Technology," Buffalo Law Journal, Nov. 1, 2017
- "Understanding the practical and legal challenges of blockchain," Rochester Business Journal, Sept. 2017
- Interviewed, Facebook cybersecurity matters, WKBW, July 2017
- Quoted in: "Financial institutions must boost security," Business First, May 2017
- Quoted in Business First & Buffalo Law Journal articles on responding to cyberattacks, May 2017
- "A Lesson Plan for Data Security: Protecting School Data," Phillips Lytle Alert, May 1, 2017
- "The Value of Tabletop Exercises to Crisis Response," Buffalo Law Journal, Mar. 1, 2017
- "NIST Introduces Proposed Updates to Cyber Security Framework," Phillips Lytle Alert, Feb. 1, 2017
- "Record Retention & Destruction Policies for Health Care Providers," Phillips Lytle Alert, Feb. 1, 2017
- "The NYS DFS Has Revised Its Proposed Cyber Security Regulation," Phillips Lytle Alert, Jan. 1, 2017
2016 and earlier
- "Trump and Technology," Phillips Lytle Newsletter Global Coverage, Dec. 1, 2016
- "In the Wake of Brexit, the UK Offers Practical Advice for Those Looking to Comply with GDPR, Phillips Lytle Alert, Nov. 1, 2016
- "The NYS Department of Financial Services’ Proposed Cyber Security Regulation," Phillips Lytle Alert, Nov. 1, 2016
- “Tips for Cost-Effective & Secure Methods to Review Documents During an Investigation or Litigation,” Phillips Lytle Alert, May 1, 2016
- "Landscape of Food-Product Litigation & Regulation," Phillips Lytle Alert, Dec. 1, 2014
- “Shift E-Discovery Costs To The Requesting Party,” Phillips Lytle Alert, Jun. 1, 2013