Cameron is a director in the Litigation Department, and chair of our Cybersecurity and Privacy Group.  In his 20 plus years as a lawyer, Cameron has managed, litigated and resolved numerous commercial matters involving data security, technology, business, and employment issues in New Hampshire, Massachusetts, New England, and around the country.  His education and depth of legal experience, as well as his professional interests and passions, are strengths that Cameron leverages to provide the highest quality counseling and litigation services to clients.

Combining his business, technology and employment interests, Cameron has developed a depth and breadth of experience in privacy and data security.  His résumé includes managing numerous data security audits, preparing and implementing written security policies, training executives, managers, and employees in data security, auditing, preparing and implementing data security agreements with vendors and business associates, addressing a wide variety of day-to-day security issues, and investigating and remediating many security breaches.  Cameron has dealt with these issues under a range of state and federal laws, including the Gramm-Leach-Bliley Act (GLB), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Securities and Exchange Commission (SEC) regulations, Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act (FACTA), the Massachusetts and California data security regulations, and a number of other state data security and breach notification laws.

Data privacy is another focus of Cameron’s practice, including creating and implementing privacy policies, terms of use agreements, information use and social media policies, advising clients about workplace privacy, social media, and consumer privacy, and handling data privacy claims asserted against companies.  He has dealt with these issues under numerous applicable laws, including the Child Online Privacy Protection Act (COPPA), United States and Canadian CAN-SPAM and anti-spam laws, Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), Federal Trade Commission Act (FTC Act), Massachusetts privacy act, California Online Privacy Protection Art (CalOPPA), state wiretap laws, and a variety of other state and federal privacy laws.

Cam can be reached at cameron.shilling@mclane.com. His direct dial is 603-628-1351, and his cell phone is 603-289-6806.

There is a bipartisan bill in the New Hampshire Senate that would establish privacy rights for consumers in the state and privacy requirements for businesses and other organizations. On the latest installment of New Hampshire Business, host Fred Kocher is joined by Cameron Shilling, Chair of the Cyber Security Practice Group at McLane Middleton,

Published in the New Hampshire Business Review (9/15/22)

Many business leaders and human resources professionals believe that cyber security is the responsibility of their information technology staff and managed services provider. However, ensuring that employees and their families have appropriate cyber security protection is an employee benefit that benefits employers as well.

Mistakes, lack of

Companies reopening their offices and facilities will be collecting sensitive personal and health information about their employees (as well as about customers, vendors, and other visitors) to track COVID-19 symptoms. Although the Americans with Disabilities Act (ADA) typically places strict limits on the collection, use, and disclosure of health information about employees, the ongoing pandemic has prompted the Equal Employment Opportunity Commission and Centers for Disease Control and Prevention to permit the widespread gathering of health information in the workplace in an effort to stem the spread of the coronavirus.
Continue Reading Coronavirus Tracking Programs Need to Comply with Privacy Laws

Employers frequently access and review data created or stored by employees on company-owned electronic devices, such as computers, laptops, tablets (iPad), and cellphones (iPhone, Droid and Blackberry).  Well-crafted technology and social media policies specifically authorize employers to do so.  But, if not careful, employers can step over the line between permissible conduct and conduct that