Julia K. Kadish

Julia (“Julie”) Kadish is a partner in the Intellectual Property Practice Group in the firm's Chicago office and a member of the Privacy and Cybersecurity Team. She is certified by the International Association of Privacy Professionals (IAPP) for CIPP/US, CIPM and CIPT. 

Areas of Practice

Julia helps guide companies on how to lawfully collect, use, and share information.  

She is particularly experienced in helping clients as they create global privacy programs. Her work includes conducting gap assessments, strategizing on remediation plans, and helping implement compliance measures with U.S. and international privacy regulations and standards. She reviews company products and services for privacy implications providing practical advice on legal requirements and specific operational advice for compliance. She drafts online terms and conditions, privacy policies, and advises clients on cross-border data transfers and compliance. She also assists in various types of corporate transactions as a privacy and cybersecurity specialist across digital health, life sciences and healthcare, entertainment and media, professional services, and manufacturing industries. She reviews privacy and cybersecurity disclosures in public company filings and governance documents.

Julia also works with clients on data security matters, advising on proactive measures such as policies, procedures, and incident response plans. She helps companies respond to data breaches from initial response and investigation, to notification and ongoing support in state, federal, and international regulator inquiries.

Julia’s practice also includes drafting and negotiating data use provisions, data security exhibits, data processing agreements, data licenses, software licenses, professional services agreements and other commercial agreements involving technology.

Her background experience includes roles in-house at a technology startup and outside counsel.

Honors

Best Lawyers: Ones to Watch, Best Lawyers, 2023-2025

Articles

• Co-Author, "Playing with Privacy? Privacy and Cybersecurity Considerations in Esports," esportsinsider, June 24, 2021
• Co-Author, "Illinois Continues Legislative Efforts Aimed at Protecting Consumers’ Privacy Rights," Pratt’s Privacy & Cybersecurity Law Report, Vol. 3, No. 5, June 2017
• Quoted, "Other States Potentially Following Standard Set by Illinois Biometric Privacy Law," Cook County Record, May 1, 2017
• Co-Author, "The Yates Memo, Corporate Cooperation and Attorney-Client Privilege," Law Journal Newsletters - Business Crimes Bulletin, February 2016

Consumer Finance and Fintech Blog Posts 

• "State Privacy Law Roundup: What Financial Services Entities Need to Know," August 18, 2023

Esports and Games: Game Counsel

• "Video Games, AI, and …the Law?," April 28, 2022

Privacy Law Blog Posts

• "SEC Continues its Cybersecurity Focus, Settles with Company over Lax Security Measures," August 28, 2024
• "#Hashtag Hashing: Still Not as Helpful as You Think!" July 29, 2024
• "FTC Finalizes Breach Notification Rule Amendments Directed at Digital Health," May 29, 2024
• "FTC Sends Stern Reminder to AI Companies," January 12, 2024
• "Closing Out 2023 with Utah’s Privacy Law," December 26, 2023
• "CCPA Amendments Extend Protections to Reproductive Health and Citizenship Status," October 27, 2023
• "The Comprehensive Privacy Law Deluge: Impact on Loyalty Programs," October 2, 2023

• "What Do the CPPA’s Draft Regulations on Risk Assessments and Cybersecurity Audits Mean for Companies?," September 14, 2023

• "The 'First State' Officially Becomes the Thirteenth State with a Comprehensive Data Privacy Law," September 13, 2023

• "Texas Amends Data Breach Notification Law, Updates Effective September 1," August 28, 2023
• "Regulators Send Warning Letter to Hospitals and Telehealth Providers About Tracking Technology Use," July 24, 2023
• "Impact of the Last Minute CCPA-Enforcement Delay," July 10, 2023

• "FTC Looks to Update Health Breach Notification Rule, Targeting Digital Health Industry," June 26, 2023
• "The Comprehensive Privacy Law Deluge: Approaching Choice and Rights," June 14, 2023

• "Another Governor Signs: Florida Privacy Law Will be Effective July 2024," June 12, 2023

• "Governor Signs: Hoosier State Adds to the US Privacy Patchwork," May 3, 2023
• "My Health My Data Act: Consent Requirements," May 3, 2023
• "My Health My Data Act: Consumer Rights," May 2, 2023
• "My Health My Data Act: Scope of the Law," May 1, 2023
• "CPRA Update: Moving Toward Finalization," February 23, 2023
• "Gaming Operators Latest to See Specific Privacy & Cybersecurity Laws," February 8, 2023
• "Movement on CPRA Regulations Expected," January 30, 2023
• "New Draft Regulations for Colorado’s Privacy Law," December 28, 2022
• "FTC and Other Regulators Continue to Signal Interest in Mobile Health Apps," December 8, 2022
• "FTC Action Against Drizly and CEO Provides Insight Into Its Security Expectations," November 3, 2022
• "IAB Steps In State Signal Morass," October 25, 2022

• "Comparing and Contrasting the Opt Out Preference Signal Across States," October 24, 2022

• "State Comprehensive Privacy Laws: Status of the Regulations," October 20, 2022

• "EU Regulators to Take Closer Look at DPO Position," September 26, 2022
• "CCPA May Soon Apply to Employee and B2B Information," August 29, 2022
• "FTC Announces Proposed Rulemaking On Privacy and Data Security," August 22, 2022
• "Preparing for US State Privacy Law Compliance: The Six Month Mark," July 25, 2022

• "What Should We Do About the Draft CPRA Regulations?: Choice," June 28, 2022
• "Maryland Amends Data Security and Breach Notice Obligations," June 21, 2022
• "FTC Weighs In On Data Breach Notification," June 16, 2022
• "Connecticut Fifth State to Pass a Comprehensive Privacy Law," May 12, 2022
• "Waiting on a new EU-US Privacy Shield," April 28, 2022
• "Colorado AG Seeks Input on Key Aspects of Upcoming Privacy Act," April 28, 2022
• "Arizona Expands Regulator Data Breach Notification Obligations," April 11, 2022
• "Indiana Breach Notification Law Amended, Changes Effective July 1, 2022," April 5, 2022
• "The Beehive State Joins the State Privacy Law Hive: Utah Privacy Law Passes," March 28, 2022
• "In First CCPA “Opinion”, California AG Clarifies Scope of Access Requests," March 24, 2022
• "FTC Continues to Signal Interest in Digital Health Industry, Publishing Updated Resources," March 15, 2022
• "CNIL Recommends Using US Analytics Tools Only for Anonymous Statistical Data," February 22, 2022
• "Colorado AG Issues Guidance on Data Security Best Practices," February 14, 2022
• "Digital Health Trends and Privacy: What to Watch in 2022," February 4, 2022
• "European Commission Adopts Korean Adequacy Decision," January 6, 2022
• "FTC 2022 Regulatory Priorities to Include Privacy and Security," December 22, 2021
• "California Publishes Initial Public Comments to CPRA," December 20, 2021
• "Google’s Privacy “Data Safety” Form Is Now Available," November 24, 2021
• "New York Imposes New Requirements for Employee Monitoring," November 23, 2021
• "Florida Imposes Criminal Penalties for Improper Processing of DNA," November 1, 2021
• "Apple To Require Ability to Delete Accounts In-App," October 27, 2021
• "California Broadens Security and Breach Laws, Includes Genetic Data," October 18, 2021
• "California Enacts New Privacy Law for Genetic Data," October 12, 2021
• "California Bill Clarifies Timing for CPRA Rulemaking Authority," October 8, 2021
• "California’s New Privacy Agency Seeks Feedback on CPRA," September 28, 2021
• "NYDFS FAQ Provides Clarity on Breach Notification and Security Requirements," September 21, 2021
• "FTC Warns Digital Health Industry to Comply with its Breach Notification Rule," September 20, 2021
• "Breach of PHI? California AG Reminds Companies of Potential State Notification Obligations," August 27, 2021
• "The Impact of the CARU Advertising Guidelines Change On Privacy," August 26, 2021
• "SEC Fine Highlights Importance of Cybersecurity Disclosures," August 25, 2021
• "Connecticut Expands Data Breach Notification Law, Changes Effective October 1, 2021," July 26, 2021
• "And Then There Were Three: Colorado Passes Privacy Law, Effective July 2023," July 13, 2021
• "New York City Biometric Ordinance Effective July 9, Are You Ready?," June 17, 2021
• "Understanding When to Use Two New Sets of Standard Contractual Clauses Issued by the EU," June 16, 2021
• "Nevada Broadens its Privacy Law," June 15, 2021
• "The Impact of the Narrowed Scope of CFAA Liability in the Privacy and Security Realm," June 14, 2021

• "Update on the State of Privacy Law in China," May 13, 2021

• "Two Other States Adopt Model Data Security Law for Insurance Industry," April 19, 2021

• "Utah Creates Data Breach Safe Harbor," April 13, 2021

• "Federal Financial Agencies Seek Comments on Use of Artificial Intelligence," April 5, 2021

• "States Continue to Step in to Safeguard Genetic Information," March 29, 2021

• "Changes to CCPA Regulations are Approved and in Effect," March 10, 2021

• "Virginia is for…Privacy: Comprehensive Law Passed, Effective January 2023," March 3, 2021

• "FTC Settles with Fertility Tracking App For Alleged Deceptive Data Sharing Practices," February 16, 2021

• "New Year, Same Transfers (for now): Temporary Brexit Deal Keeps EEA-UK Data Flowing," December 29, 2020

• "The Button is Back! Fourth Set of Modifications to CCPA Regulations Released," December 16, 2020

• "The CCPA Wheels Keep Turning: The Addition of CPRA," November 5, 2020

• "Will CCPA Regulation Change Again?: Comment Deadline Looming," October 19, 2020

• "Brazil’s Comprehensive Privacy Law Now in Effect," September 29, 2020

• "What the First Enforcement Action under NYDFS Cybersecurity Reg Means to Companies," September 23, 2020

• "CCPA Amendment Adds Needed Clarity for Medical & Research Community," September 14, 2020

• "CCPA Bill Extending Exemptions Passes Through California Legislature," September 1, 2020

• "CCPA Regulations Finally Approved, Effective Immediately," August 18, 2020

• "What Will Come First: Pending CCPA Amendment Could Clarify Key Exemptions," August 7, 2020
• "EU Reaction to the Fall of Privacy Shield: The Rise of SCCs?" July 29, 2020
• "How to Rise from the Privacy Shield Ashes: A View from the U.S." July 28, 2020
• "CJEU Invalidates Privacy Shield, But Upholds SCCs with Conditions," July 16, 2020
• "Vermont Updates Data Breach Notification Law," June 24, 2020
• "Final Draft CCPA Regulations Submitted, Effective Date Unclear," June 4, 2020
• "SCOTUS Review of CFAA May Impact Analysis in Data Breach Notification Obligations," May 18, 2020
• "D.C. Amends Data Breach Notification Law, Adds Security Requirements," May 14, 2020
• "Privacy and Data Protection Enactment and Enforcement Timelines During COVID-19," April 24, 2020
• "Using Mobile Apps and Location Data to Combat COVID-19," April 20, 2020
• "EDPB Announces Scope of COVID-19 Guidance," April 15, 2020
• "Can you Zigzag? California AG Releases Latest Draft of CCPA Regulations," March 17, 2020
• "NY SHIELD Act Data Security Requirements Effective This Month," March 9, 2020
• "FTC Releases 2019 Privacy and Security Year in Review," March 4, 2020
• "Final Draft of NIST Privacy Framework Released," February 25, 2020
• "And the Modified Proposed CCPA Regulations are Here!" February 13, 2020

• "New Trends Emerge in FTC Data Security Orders, Including Emphasis on C-Suite Involvement," January 15, 2020

• "Is Your Privacy Policy Ready for 2020?" December 19, 2019

• "New Artificial Intelligence Law for Illinois Employers in January 2020," December 3, 2019
• "The Privacy Shield Survives Another EU Commission Review, For Now…" November 22, 2019
• "FTC and Software Company Reach Security Settlement Over Unfair Practices," October 14, 2019
• "California Follows Vermont, Requires Data Broker Registration," October 14, 2019
• "Proposed CCPA Regs Released, Comments Due Dec. 6," October 11, 2019 
• "Maryland Adds Insurance Commissioner to Breach Notification Requirements," September 23, 2019 

FDA Law Update Blog Posts

• "2024 Top-of-Mind Issues for Life Sciences Companies," January 25, 2024

• "FDA Releases Guidance for Digital Health Tech Used in Clinical Investigations," January 6, 2022

• "New State Genetic Privacy Law Directed at Consumer Genetic Tests," April 2, 2021

• "Recent FTC Settlement Serves as Reminder For Digital Health Developers," February 18, 2021

• "FDA Appointment Signals Increased Attention on Medical Device Cybersecurity," February 9, 2021

• "FDA’s Action Plan for Artificial Intelligence: Highlights and Insights for Developers," January 12, 2021
• "FDA’s Proposed Rule on “Intended Use” Confirms Agency Will Rely on “Any Relevant Source” of Evidence," October 1, 2020
• "Latest Update on FDA’s Software Pre-Cert Pilot Program," September 16, 2020

• "FDA Announces Plans to Resume Domestic On-site Inspections," July 13, 2020

• "FDA Issues Guidance on Manufacturing Drugs, APIs during COVID-19," June 22, 2020

Healthcare Law Blog

• "State Privacy Law Roundup: What Health Care Companies Need to Know," July 26, 2023

• "Washington State Enacts Landmark Privacy Law Aimed at Digital Health Industry," May 4, 2023
• "OCR Releases Guidance on Use of Tracking Technologies," December 6, 2022
• "Digital Health in the Metaverse: Three Legal Considerations," May 31, 2022
• "Top 5 Legal Issues in Digital Health to Watch for in 2022," February 1, 2022

• "What Virginia’s New Privacy Law Means for Organizations in the Healthcare Industry," March 8, 2021

Retail Law Blog

• "State Privacy Law Roundup: What Retailers Need to Know," July 26, 2023

Game Counsel: Gaming and Esports Blog

• "The Legality of Loot Boxes: A Primer," November 30, 2020

Books

Media Mentions

Speaking Engagements

• Presenter, “Cybersecurity for Lawyers: Practical Tips and Reminders” IICLE Data Security for Lawyers: Sensibly Protecting Information in Unusual Times, June 12, 2020
• Co-Panelist, “Privacy, and Cybersecurity issues in digital media,” University of Notre Dame Law School, April 15, 2020
• Presenter, “International Data Transfers Under GDPR and Brexit,” IAPP Knowledgenet, March 19, 2020
• Panelist, “California Consumer Privacy Act (CCPA),” Chicago Bar Association - Financial Institutions Committee Meeting, February 12, 2020
• Co-presenter, “Big Data Use and Licensing: Legal and Practical Strategies to Maximize its Value,” Strafford CLE Webinar (May 3, 2017)

Events

Memberships

International Association of Privacy Professionals – for CIPP/US, CIPM and CIPT.

Digital Media