- The Ohio State University Michael E. Moritz College of Law, J.D., 2010, cum laude
Ohio State Journal on Dispute Resolution, Business Editor, 2009-2010
- The Ohio State University, B.S.B.A., 2002, cum laude
Bar & Court Admissions
- U.S. Court of Appeals for the Sixth Circuit
- U.S. District Court for the Northern District of Ohio
- U.S. District Court for the Southern District of Ohio
- Admitted to practice law only in the states listed above.
Chris is a partner in the Vorys Columbus office and a member of the litigation group. His practice focuses on privacy, data security, and defending organizations in litigation and regulatory investigations arising from data security and privacy matters. He has helped numerous organizations navigate through data security incidents and the multitude of legal issues that arise. Chris counsels clients through payment card industry investigations, compliance with the Payment Card Industry Data Security Standards (PCI DSS), and resolution of credit card companies’ assessments. He also counsels clients through ransomware incidents and ransom payment considerations.
Chris also has significant experience working with clients to develop customized incident response plans and information security programs. He counsels clients on compliance with privacy laws and regulations, such as the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”). He frequently presents on a variety of topics related to privacy and data security to professional and industry associations.
Notable experience includes:
- Serving as first-chair in jury trials in federal and state courts
- Representing clients in litigation where clients have been awarded over $32 million
- Defending a nationwide grocery store chain in multi-state consumer class actions, regulatory inquiries, and other matters arising out of data security incidents announced in the fall of 2014
- Successfully defending a bank against claims by a commercial customer that the bank was liable for unauthorized ACH transfers that occurred after a data breach
Chris is a Certified Information Privacy Professional (CIPP/US) and served as co-chair of the Columbus Chapter of the International Association of Privacy Professionals.
Chris served as a legislative aide to Sen. Jeff Jacobson, president pro tempore of the Ohio Senate, for five years. He also externed for the Honorable Maureen O'Connor, Supreme Court of Ohio.
Chris received his J.D. cum laude from The Ohio State University Michael E. Moritz College of Law. He received his B.S.B.A. cum laude in Management Information Systems from The Ohio State University.
Professional and Community Activities
- Chief Information Security Officers Executive Network, Host
- Nationwide Children’s Hospital Development Board
- Leadership Columbus Class of 2020
- International Association of Privacy Professionals Central Ohio Chapter, Past Co-Chair
- 1/2/2019Vorys is pleased to announce that Kari Coniglio, David Edelstein, Margaret Everett, Christopher Ingram and James W. Kelly II became partners of the firm on January 1, 2019.
- 3/29/2016Ingram Quoted in Convenience Store News Story Titled “Nine Things You Should Do When Skimming Strikes”Christopher Ingram, an associate in the Vorys Columbus office and a member of the litigation group, was quoted in a Convenience Store News story about a presentation he gave at M-PACT 2016.
- 2/25/2021Vorys attorneys Chris Ingram and Gretchen Rutz will host a webinar to discuss the newly approved California Privacy Rights Act of 2020 (CPRA), a new privacy law that significantly expands California residents’ privacy rights beyond those previously created by the California Consumer Privacy Act.
- 9/30/2020Vorys attorney Christopher L. Ingram spoke at the 2020 Central Ohio Information Security Summit.
- 3/3/2020Vorys Attorneys John Landolfi and Chris Ingram presented at the Ohio Insurance Institute Continuing Legal Education (CLE) Symposium on March 3, 2020.
- 10/16/2019Vorys Partner Chris Ingram spoke at a DRI conference on retail issues on October 16-19, 2019.
- 5/14/2018Vorys attorneys Chris Ingram and John Landolfi presented at the 2018 Central Ohio InfoSec Summit on May 14, 2018.
- 4/10/2018On April 10, 2018 Vorys Associate Chris Ingram presented at the 2018 IAPP Global Privacy Summit: Overview and Recap.
- 3/15/2018Vorys hosted a webinar series highlighting important topics in the consumer finance industry. Webinar dates included March 15, April 10 and May 8, 2018.
- 9/21/2017Chris Ingram and Chris LaRocco spoke at the 2017 Cybersecurity Days at The Ohio State University on September 21, 2017. They discussed the legal and regulatory requirements of cybersecurity.
- 6/30/2016Vorys attorney Chris Ingram hosted a webinar for the Pennsylvania Food Merchants Association on June 30, 2016.
- 3/30/2016Vorys attorneys Heather Enlow-Novitsky and Chris Ingram were speakers at the 2016 Central Ohio InfoSec Summit on March 30, 2016.
- 3/24/2016Vorys attorney Chris Ingram was a speaker at M-PACT 2016, an event targeted toward the Midwest’s petroleum marketers/convenience store associations on March 24, 2016.
- 4/30/2015Vorys attorneys Craig Auge, Jason Elvers, Chris Ingram, John Landolfi and Eric Whisler presented at the Advertising & Marketing Law 2015 CLE hosted by the Central Ohio Chapter – Association of Corporate Counsel on April 30, 2015.
- 3/26/2015Vorys attorneys Chris Ingram, Jonathan Ishee, John Landolfi, Angel Lisinski and Eric Whisler participated in a panel titled “Monthly Update for February 2015,” on March 26, 2015.
- 10/9/20122012 OAPCS 6th Annual State Conference: “Crisis Management: Tips and tactics for Navigating Tumultuous Times”Vorys attorneys Elizabeth Smith, Jackie Ford, Martha Brewer and Christopher Ingram spoke at the Ohio Alliance for Public Charter Schools 6th Annual Conference on October 9-10.
- 6/10/2022Last week, the U.S. House and Senate released a discussion draft of the American Data Privacy and Protection Act (ADPPA). This is the first bipartisan data privacy bill released at the federal level. The introduction of the ADPPA comes in the wake of a profusion of comprehensive state data privacy laws passed and considered over the last few months. To date, five states have passed comprehensive privacy laws, including Connecticut just last month. If passed, the ADPPA would largely preempt state privacy laws, with some narrow exceptions.
- 5/25/2022On May 10, 2022, Connecticut became the fifth state to pass a comprehensive privacy law.
- 3/25/2022On March 24, 2022, Utah Governor Spencer Cox signed into law the fourth state comprehensive privacy law in the United States.
- 3/8/2022The Rise of “Zero-Click” Hacks Provides Cautionary Tale when Using Personal Devices for Business UseA new threat, known as “zero-click” hacks, is emerging from well documented state-sponsored spyware schemes.
- 10/29/2021In a 3-2 decision, the Federal Trade Commission (FTC) announced on Wednesday important updates to its Standards for Safeguarding Customer Information.
- 6/9/2021This week, the Colorado House of Representatives passed a new state privacy bill by a vote of 57-7.
- 5/5/2021Florida lawmakers failed to pass an expansive privacy law before the legislative session adjourned last Friday.
- 4/26/2021Last week, the Florida House of Representatives passed a new privacy bill, House Bill 969, by a vote of 118-1.
- 3/3/2021Yesterday, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law.
- 2/22/2021Last week, Virginia’s Senate and House of Delegates sent identical versions of a new privacy bill to Virginia Governor Ralph Northam’s desk.
- 1/20/2021After failing to pass in 2019 and 2020, the Washington state legislature has introduced a comprehensive consumer privacy law for a third year in a row.
- 1/8/2021On January 6, New York legislators introduced Assembly Bill 27, the Biometric Privacy Act (BPA).
- 12/14/2020On December 10, 2020, the California Attorney General proposed modifications to its recent California Consumer Privacy Act (CCPA) regulations.
- 11/4/2020California voters are set to approve the California Privacy Rights Act of 2020 (CPRA).
- 9/29/2020Governor Gavin Newson signed a bill on Friday, September 25 to amend the California Consumer Privacy Act (CCPA) to exempt certain health information from the CCPA, among other things.
- 9/28/2020Client Alert: Indiana Attorney General to Create Safe Harbor for Businesses that Implement Reasonable Cybersecurity PlansOn September 23, at a U.S. Chamber of Commerce event, Indiana Attorney General Curtis Hill announced his intention to establish a rule to give businesses an incentive to implement cybersecurity plans to protect Indiana consumers’ information from cyberattacks.
- 9/2/2020Client Alert: California Legislature Extends CCPA’s Employee and Business-to-Business Exemptions Until 2022On Sunday, August 30th, the California Legislature passed AB 1281, a bill extending the business-to-business and employee carve-outs to California Consumer Privacy Act (CCPA) compliance until January 1, 2022.
- 6/26/2020On June 24, the California Privacy Rights Act (CPRA) became eligible for the November 2020 general election ballot in California. The CPRA would expand and amend the recently-operable California Consumer Privacy Act (CCPA).
- 6/5/2020On June 1, California Attorney General Xavier Becerra submitted the final proposed regulations to the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).
- 5/7/2020U.S. Senators Roger Wicker, John Thune, Jerry Moran, and Marsha Blackburn recently announced their plan to introduce the COVID-19 Consumer Data Protection Act, seeking to provide Americans more transparency and control over the collection and use of “covered data” during the COVID-19 public health emergency.
- 4/14/2020Although the draft regulations implementing the California Consumer Privacy Act (CCPA) have not been finalized, businesses are already encountering a wave of CCPA class action lawsuits.
- 4/13/2020With tens of millions of Americans suddenly working from home data privacy issues have taken on new urgency.
- 3/12/2020Yesterday, California Attorney General Xavier Becerra released a third set of draft regulations (the New Modifications) implementing the California Consumer Privacy Act (CCPA).
- 2/18/2020Client Alert: New Push for Another U.S. Privacy Law as Washington State Senate Approves the Washington Privacy Act (SB 6281)Washington legislators recently reintroduced the Washington Privacy Act (WPA). Learn more about this draft bill.
- 2/10/2020On February 7, 2020, California Attorney General Xavier Becerra released proposed modifications (the Modifications) to the previously-released draft regulations implementing the California Consumer Privacy Act (CCPA).
- 10/16/2019Last Friday, California Governor Gavin Newsom signed several last-minute amendments to the California Consumer Privacy Act (CCPA).
- 7/30/2019On July 9, 2019, the California Consumer Privacy Act (CCPA) amendment picture got a little clearer as the California Senate Judiciary Committee advanced several amendments while also eroding and eliminating others.
- 7/26/2019Governor Cuomo signed the Stop Hacks and Improve Electronic Data Act (SHIELD) on July 25, 2019, providing stronger protections for New Yorkers by imposing strict cybersecurity requirements on all companies, broadening the Attorney General’s oversight over data breaches, and expanding data breach notification requirements.
- 5/28/2019Client Alert: In Line with Recent Trends, New Jersey Amends its Data Breach Notification Law to Expand the Definition of “Personal Information”Earlier this month, New Jersey joined a growing list of states which require companies to provide notification under their respective data breach laws where non-traditional personal informational is compromised.
- 5/15/2019Governor Jay Inslee recently signed Substitute House Bill 1071, amending Washington’s data breach notification law.
- 2/18/2019Client Alert: Ohio’s New Cybersecurity Requirements on Insurers and Other Licensees Set to Take Effect in MarchOhio recently added comprehensive cybersecurity requirements to its insurance laws through Substitute Senate Bill 273, which take effect on or about March 19, 2019.
- 1/23/2019Massachusetts Governor Charlie Baker recently signed House Bill 4806, amending the state’s data breach notification law. In relevant part, the amendment expands the information that must be reported to Massachusetts regulators in connection with a data breach involving the personal information of Massachusetts residents, imposes new requirements on compromised entities, and adds some clarification to when entities are required to issue notice of a breach. These changes take effect on April 11, 2019.
- 11/5/2018Client Alert: Securities and Exchange Commission Imposes $1 Million Penalty on Voya Financial Advisors after Cybersecurity IntrusionRecently, the Securities and Exchange Commission (SEC) imposed a $1 million penalty against Voya Financial Advisors, Inc. (VFA).
- 10/31/2018Canada’s new mandatory breach-notification requirements in the Personal Information Protection and Electronic Documents Act (PIPEDA) take effect on November 1, 2018.
- 8/6/2018On August 3, Governor John Kasich signed Senate Bill 220, also known as the Ohio Data Protection Act.
- 6/29/2018Yesterday, California enacted the California Consumer Privacy Act of 2018. The law imposes new regulations on the collection, use, and disclosure of consumers’ personal information that will significantly impact companies doing business in California.
- 8/25/2017Client Alert: NIST Guidelines Expanded to Include ‘Internet of Things’ Devices and Systems in the Private SectorThe National Institute of Standards and Technology (NIST) recently released an updated draft of its Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations that sets forth cybersecurity guidance for securing devices and software commonly referred to as the “internet of things.” The draft represents NIST’s latest attempt to produce a unified information security framework for the federal government that is now also bleeding into the private sector.
- 8/23/2017Client Alert: Delaware Adds New Cybersecurity Requirement and Expands Data Breach Notification RegulationsCompanies doing business in Delaware should be aware of a recent amendment to its cybersecurity and data breach notification law.
- 10/28/2016On Wednesday, the Federal Trade Commission (FTC) released its new Data Breach Response: A Guide for Businesses.
- 5/16/2016Financial Services Alert: Narrow Win For Spokeo at The U.S. Supreme Court: Plaintiffs Must Demonstrate Concrete Harm Even For Statutory ViolationsIn a highly-anticipated opinion, this morning the U.S. Supreme Court overturned the Ninth Circuit Court of Appeals’ decision in Spokeo, Inc. v. Robins.
- 3/4/2016Client Alert: Another Federal Regulator Steps Up Data Security Enforcement: CFPB Fines Online Payment Processor Dwolla for Lax Data SecurityOn March 2nd, the Consumer Financial Protection Bureau (CFPB) announced a $100,000 penalty and settlement with online payment processor Dwolla, Inc. (Dwolla) for weak data security practices.
- 1/14/2015Earlier this week, President Obama gave a speech at the FTC laying out an agenda on privacy and data security issues, and indicating that the topic is important enough to the administration that it will be included in his upcoming State of the Union address. Generally, the initiative’s goals include tackling identity theft, protecting the privacy of student data and working toward a general privacy “bill of rights” to provide comprehensive data and privacy protections.