Photo of Mary T. Costigan

Mary T. Costigan

Subscribe to Mary T. Costigan's Posts

Mary T. Costigan is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a core member of the firm’s Privacy, Data and Cybersecurity practice group. She holds a Certified Information Privacy Professional/US designation from the International Association of Privacy Professionals (iapp).

Mary advises regional, national and multinational clients across various industries on data privacy and cybersecurity laws and best practices including employee monitoring, internet privacy, biometric data collection, artificial intelligence, the California Consumer Privacy Act (CCPA), HIPAA, and the EU General Data Protection Regulation.

Mary has extensive experience helping clients respond to cybersecurity incidents including ransomware attacks.

Contact:Read more about Mary T. Costigan

In July 2020, the Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid. The EU-U.S. Privacy Shield program was designed to provide European Economic Area (EEA) data transferred to the U.S. with a level of protection comparable to EU law. The CJEU invalidated the program stating that U.S. companies could

1. What’s changing?

Under the current version of the California Consumer Privacy Act (“CCPA”), an employer’s obligations related to the personal information it collects from employees, applicants, and contractors residing in California (collectively, “Employment Information”) are relatively limited.  Specifically, it needs to (1) provide those individuals a “notice at collection” that discloses the categories of

At the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted to begin the rulemaking process.

On July 8, 2022, the CPPA officially began the formal rule-making process to adopt proposed regulations

The Massachusetts Information Privacy and Security Act (MIPSA) continues to advance through the state legislative process, and is now before the full legislature. While the Act has several hurdles to clear before becoming law, its notable for two reasons. First, the comprehensive nature of the MIPSA exemplifies the direction state data protection laws are heading

The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a consumer’s personal information and provides consumers new and expansive rights with respect to their personal information.

Less than one

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,

Globalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity and including goals, and outsourcing back office business functions. However, the emergence of far reaching data privacy regulation, such as the EU General Data Protection Regulation