Privacy and security compliance and breach counsel

Sarah Erdmann guides clients on a variety of data privacy and security compliance matters for health and non-health clients. She helps clients create and update internal privacy and security compliance programs, prepare and revise website privacy policies and terms and conditions, and aids in client response to security incidents and data breaches.

Sarah also is an adjunct professor at Marquette University Law School, where she teaches data privacy law.

Sarah is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

Bar Admissions

• Wisconsin

Education

• Marquette University Law School (J.D., cum laude, 2015)
  • Moot Court Executive Board, member
  • Ruby R. Vale Interschool Corporate Moot Court Competition

• University of Wisconsin - Madison (B.A., 2012)

• "Anticipating Potential Updates To Ill. Biometric Privacy Law"
• "Cameras and Patient Recordings: Maintaining Patient Privacy and Confidentiality"
• "Data Privacy and Security 2018 First Quarter Update"
• "GDPR Enforcement Day is Here!"
• "Health Information Technology, Privacy and Security 2018 First Quarter Update"
• "Navigating a Provider's Ability to Charge Copy Fees and a Patient's Right to Access Records"
• "One Is the Loneliest Number: Alabama Becomes the Final State to Pass Data Breach Notification Law"
• 2023 Year-End Employee Benefits Updates
• Healthcare Business Today Article by Meghan O'Connor, Sarah Erdmann Summarizes New Health Plan Privacy Requirements
• All Tricks, No Treats: Record-breaking HIPAA Settlement Announced
• Bank On It: Finance News You Can Count On
• California Governor Signs the Genetic Information Privacy Act
• CISA Issues Guidance on Heightened Health Care Cybersecurity Threats Amid COVID-19
• COVID-19 Exploitations: Malicious Cyber Actors Strike with Pandemic-Related Scams
• District Court Judge Dismisses Texas HIPAA Privacy Rule Lawsuit: We Are Thankful for HIPAA
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• Diving into the Washington My Health My Data Act
• DOJ Uses Successor Liability as a Civil Cybersecurity Enforcement Tool: Comprehensive Diligence Now May Save Millions Later
• DOJ's Civil Cyber Fraud Initiative Utilizes False Claims Act to Settle Allegations of Knowing Non-Compliance with NIST SP 800-171 Against Raytheon and its Successor
• Friendly Reminder - Finalize and Post Your Consumer Health Data Privacy Notice Before March 31
• Go for Gold: 42 CFR Part 2 Compliance Deadline and HHS Enforcement is Here
• Happy Halloween: RIP to the HIPAA Privacy Rule?
• Health Information Technology, Privacy and Security 2018 First Quarter Update
• How Does HIPAA Prevent Using and Disclosing COVID-19 Vaccination Information? HHS OCR Issues Guidance
• Illinois Introduces Bills to Amend BIPA Taking Away Private Right of Action and Adding ECGs
• Information Blocking Rule Expands to Full Designated Record Set
• Managing Cyber Risk for Research and Higher Education Institutions During COVID-19 Pandemic
• Meghan O'Connor, Sarah Erdmann and Simone Colgan Dunlap Outline Implications of HIPAA-Related Settlement in Article for Journal of Health Care Compliance
• Meghan O'Connor, Simone Colgan Dunlap, Sarah Erdmann and Kaitlyn Fydenkevez Author ABA Article About New Reproductive and Sexual Health Privacy law and Its Potential Broad Applicability and Operational Challenges
• Million Dollar Maybe: Enforcement of Cures Act Information Blocking Prohibitions Begins
• Ninth Circuit Affirms Dismissal of Complaint Against Facebook for Collection of Browsing Data
• Ninth Circuit Rejects Article III Standing Argument for BIPA Claims
• OCR is Making a List, Checking it Twice, Gonna Find Out Who Has Not Been Complying with HIPAA
• OCR Provides HIPAA Research Clarifications: Remote Access and Authorization for Future Use of Protected Health Information
• One Is the Loneliest Number: Alabama Becomes the Final State to Pass Data Breach Notification Law
• Part 2 Modernization Underway: Revised Rule Released While We Await CARES Act Rulemaking
• Privacy Priorities for 2024 (and Beyond)
• Recalculating the Route: New Health Plan Privacy Requirements
• Recent Updates: Data Privacy & Security for Health Care Entities Summer 2022
• Substance Abuse Disorder Records (42 CFR Part 2) Final Rule Is Here!
• Summer Consumer Health Data Privacy Legislation Happened So Fast
• The Patient Who Cried "Data Breach": Actual Data Breach Required, but End-of-Life Software Risk Remains
• Warning! ChatGPT Exploit Used by Threat Actors in Cyber Attacks
• Winter Blues Client Alert Series: Privacy Concerns in the Collection and Use of Biometric Data
• With CCPA in Effect, What Do Health and Life Sciences Entities Need to Know? And How Does the New Amendment Affect You?
• With CCPA in Effect, What Does the Financial Industry Need to Know to Comply?
• ""So, don't ask me no questions and I won't tell you no lies:" Physician Receives Criminal Conviction for HIPAA Violations and Obstructing a Criminal Health Care Investigation"

Seminar

• 2025 Pharmacy Law Symposium
• AI in Healthcare: Current Issues and What's Next
• Artificial Intelligence Webinar Series
• Business Law Training | Building Privacy Compliance for the Future Now
• Celebrate Privacy Day with Quarles!
• Privacy Day 2025 - Take Your Privacy Game to the Next Level
• Privacy Developments on the Horizon for 2024