Practice Areas
Industries
Education
- The Ohio State University Michael E. Moritz College of Law, J.D., 2010, cum laude
Ohio State Journal on Dispute Resolution, Business Editor, 2009-2010
- The Ohio State University, B.S.B.A., 2002, cum laude
Bar & Court Admissions
Chris is a partner in the Vorys Columbus office and a member of the litigation group. His practice focuses on privacy, data security, and defending organizations in litigation and regulatory investigations arising from data security and privacy matters. He has helped numerous organizations navigate through data security incidents and the multitude of legal issues that arise. Chris counsels clients through payment card industry investigations, compliance with the Payment Card Industry Data Security Standards (PCI DSS), and resolution of credit card companies’ assessments. He also counsels clients through ransomware incidents and ransom payment considerations.
Chris also has significant experience working with clients to develop customized incident response plans and information security programs. He counsels clients on compliance with privacy laws and regulations, such as the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”). He frequently presents on a variety of topics related to privacy and data security to professional and industry associations.
Notable experience includes:
- Serving as first-chair in jury trials in federal and state courts
- Representing clients in litigation where clients have been awarded over $32 million
- Defending a nationwide grocery store chain in multi-state consumer class actions, regulatory inquiries, and other matters arising out of data security incidents announced in the fall of 2014
- Successfully defending a bank against claims by a commercial customer that the bank was liable for unauthorized ACH transfers that occurred after a data breach
Chris is a Certified Information Privacy Professional (CIPP/US) and served as co-chair of the Columbus Chapter of the International Association of Privacy Professionals.
Chris served as a legislative aide to Sen. Jeff Jacobson, president pro tempore of the Ohio Senate, for five years. He also externed for the Honorable Maureen O'Connor, Supreme Court of Ohio.
Chris received his J.D. cum laude from The Ohio State University Michael E. Moritz College of Law. He received his B.S.B.A. cum laude in Management Information Systems from The Ohio State University.
Professional and Community Activities
- Chief Information Security Officers Executive Network, Host
- Nationwide Children’s Hospital Development Board
- Leadership Columbus Class of 2020
- International Association of Privacy Professionals Central Ohio Chapter, Past Co-Chair
News
- 1/2/2019Vorys is pleased to announce that Kari Coniglio, David Edelstein, Margaret Everett, Christopher Ingram and James W. Kelly II became partners of the firm on January 1, 2019.
- 3/29/2016Christopher Ingram, an associate in the Vorys Columbus office and a member of the litigation group, was quoted in a Convenience Store News story about a presentation he gave at M-PACT 2016.
- 1/3/2011
Events
- 2/25/2021Vorys attorneys Chris Ingram and Gretchen Rutz will host a webinar to discuss the newly approved California Privacy Rights Act of 2020 (CPRA), a new privacy law that significantly expands California residents’ privacy rights beyond those previously created by the California Consumer Privacy Act.
- 9/30/2020Vorys attorney Christopher L. Ingram spoke at the 2020 Central Ohio Information Security Summit.
- 3/3/2020Vorys Attorneys John Landolfi and Chris Ingram presented at the Ohio Insurance Institute Continuing Legal Education (CLE) Symposium on March 3, 2020.
- 10/16/2019Vorys Partner Chris Ingram spoke at a DRI conference on retail issues on October 16-19, 2019.
- 5/14/2018Vorys attorneys Chris Ingram and John Landolfi presented at the 2018 Central Ohio InfoSec Summit on May 14, 2018.
- 4/10/2018On April 10, 2018 Vorys Associate Chris Ingram presented at the 2018 IAPP Global Privacy Summit: Overview and Recap.
- 3/15/2018Vorys hosted a webinar series highlighting important topics in the consumer finance industry. Webinar dates included March 15, April 10 and May 8, 2018.
- 9/21/2017Chris Ingram and Chris LaRocco spoke at the 2017 Cybersecurity Days at The Ohio State University on September 21, 2017. They discussed the legal and regulatory requirements of cybersecurity.
- 6/30/2016Vorys attorney Chris Ingram hosted a webinar for the Pennsylvania Food Merchants Association on June 30, 2016.
- 3/30/2016Vorys attorneys Heather Enlow-Novitsky and Chris Ingram were speakers at the 2016 Central Ohio InfoSec Summit on March 30, 2016.
- 3/24/2016Vorys attorney Chris Ingram was a speaker at M-PACT 2016, an event targeted toward the Midwest’s petroleum marketers/convenience store associations on March 24, 2016.
- 4/30/2015Vorys attorneys Craig Auge, Jason Elvers, Chris Ingram, John Landolfi and Eric Whisler presented at the Advertising & Marketing Law 2015 CLE hosted by the Central Ohio Chapter – Association of Corporate Counsel on April 30, 2015.
- 3/26/2015Vorys attorneys Chris Ingram, Jonathan Ishee, John Landolfi, Angel Lisinski and Eric Whisler participated in a panel titled “Monthly Update for February 2015,” on March 26, 2015.
- 10/9/2012Vorys attorneys Elizabeth Smith, Jackie Ford, Martha Brewer and Christopher Ingram spoke at the Ohio Alliance for Public Charter Schools 6th Annual Conference on October 9-10.
- 12/7/2011
- 9/16/2011
Insights
- 6/10/2022Last week, the U.S. House and Senate released a discussion draft of the American Data Privacy and Protection Act (ADPPA). This is the first bipartisan data privacy bill released at the federal level. The introduction of the ADPPA comes in the wake of a profusion of comprehensive state data privacy laws passed and considered over the last few months. To date, five states have passed comprehensive privacy laws, including Connecticut just last month. If passed, the ADPPA would largely preempt state privacy laws, with some narrow exceptions.
- 5/25/2022On May 10, 2022, Connecticut became the fifth state to pass a comprehensive privacy law.
- 3/25/2022On March 24, 2022, Utah Governor Spencer Cox signed into law the fourth state comprehensive privacy law in the United States.
- 3/8/2022The Rise of “Zero-Click” Hacks Provides Cautionary Tale when Using Personal Devices for Business UseA new threat, known as “zero-click” hacks, is emerging from well documented state-sponsored spyware schemes.
- 10/29/2021In a 3-2 decision, the Federal Trade Commission (FTC) announced on Wednesday important updates to its Standards for Safeguarding Customer Information.
- 6/9/2021This week, the Colorado House of Representatives passed a new state privacy bill by a vote of 57-7.
- 5/5/2021Florida lawmakers failed to pass an expansive privacy law before the legislative session adjourned last Friday.
- 4/26/2021Last week, the Florida House of Representatives passed a new privacy bill, House Bill 969, by a vote of 118-1.
- 3/3/2021Yesterday, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law.
- 2/22/2021Last week, Virginia’s Senate and House of Delegates sent identical versions of a new privacy bill to Virginia Governor Ralph Northam’s desk.
- 1/20/2021After failing to pass in 2019 and 2020, the Washington state legislature has introduced a comprehensive consumer privacy law for a third year in a row.
- 1/8/2021On January 6, New York legislators introduced Assembly Bill 27, the Biometric Privacy Act (BPA).
- 12/14/2020On December 10, 2020, the California Attorney General proposed modifications to its recent California Consumer Privacy Act (CCPA) regulations.
- 11/4/2020California voters are set to approve the California Privacy Rights Act of 2020 (CPRA).
- 9/29/2020Governor Gavin Newson signed a bill on Friday, September 25 to amend the California Consumer Privacy Act (CCPA) to exempt certain health information from the CCPA, among other things.
- 9/28/2020On September 23, at a U.S. Chamber of Commerce event, Indiana Attorney General Curtis Hill announced his intention to establish a rule to give businesses an incentive to implement cybersecurity plans to protect Indiana consumers’ information from cyberattacks.
- 9/2/2020On Sunday, August 30th, the California Legislature passed AB 1281, a bill extending the business-to-business and employee carve-outs to California Consumer Privacy Act (CCPA) compliance until January 1, 2022.
- 6/26/2020On June 24, the California Privacy Rights Act (CPRA) became eligible for the November 2020 general election ballot in California. The CPRA would expand and amend the recently-operable California Consumer Privacy Act (CCPA).
- 6/5/2020On June 1, California Attorney General Xavier Becerra submitted the final proposed regulations to the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).
- 5/7/2020U.S. Senators Roger Wicker, John Thune, Jerry Moran, and Marsha Blackburn recently announced their plan to introduce the COVID-19 Consumer Data Protection Act, seeking to provide Americans more transparency and control over the collection and use of “covered data” during the COVID-19 public health emergency.
- 4/14/2020Although the draft regulations implementing the California Consumer Privacy Act (CCPA) have not been finalized, businesses are already encountering a wave of CCPA class action lawsuits.
- 4/13/2020With tens of millions of Americans suddenly working from home data privacy issues have taken on new urgency.
- 3/12/2020Yesterday, California Attorney General Xavier Becerra released a third set of draft regulations (the New Modifications) implementing the California Consumer Privacy Act (CCPA).
- 2/18/2020Washington legislators recently reintroduced the Washington Privacy Act (WPA). Learn more about this draft bill.
- 2/10/2020On February 7, 2020, California Attorney General Xavier Becerra released proposed modifications (the Modifications) to the previously-released draft regulations implementing the California Consumer Privacy Act (CCPA).
- 10/16/2019Last Friday, California Governor Gavin Newsom signed several last-minute amendments to the California Consumer Privacy Act (CCPA).
- 7/30/2019On July 9, 2019, the California Consumer Privacy Act (CCPA) amendment picture got a little clearer as the California Senate Judiciary Committee advanced several amendments while also eroding and eliminating others.
- 7/26/2019Governor Cuomo signed the Stop Hacks and Improve Electronic Data Act (SHIELD) on July 25, 2019, providing stronger protections for New Yorkers by imposing strict cybersecurity requirements on all companies, broadening the Attorney General’s oversight over data breaches, and expanding data breach notification requirements.
- 6/7/2019Last week Nevada amended its law that governs online privacy policy disclosures to now give Nevada residents the right to opt out of the sale of certain personal information.
- 5/28/2019Earlier this month, New Jersey joined a growing list of states which require companies to provide notification under their respective data breach laws where non-traditional personal informational is compromised.
- 5/15/2019Governor Jay Inslee recently signed Substitute House Bill 1071, amending Washington’s data breach notification law.
- 2/18/2019Ohio recently added comprehensive cybersecurity requirements to its insurance laws through Substitute Senate Bill 273, which take effect on or about March 19, 2019.
- 1/23/2019Massachusetts Governor Charlie Baker recently signed House Bill 4806, amending the state’s data breach notification law. In relevant part, the amendment expands the information that must be reported to Massachusetts regulators in connection with a data breach involving the personal information of Massachusetts residents, imposes new requirements on compromised entities, and adds some clarification to when entities are required to issue notice of a breach. These changes take effect on April 11, 2019.
- 11/5/2018Recently, the Securities and Exchange Commission (SEC) imposed a $1 million penalty against Voya Financial Advisors, Inc. (VFA).
- 10/31/2018Canada’s new mandatory breach-notification requirements in the Personal Information Protection and Electronic Documents Act (PIPEDA) take effect on November 1, 2018.
- 8/6/2018On August 3, Governor John Kasich signed Senate Bill 220, also known as the Ohio Data Protection Act.
- 6/29/2018Yesterday, California enacted the California Consumer Privacy Act of 2018. The law imposes new regulations on the collection, use, and disclosure of consumers’ personal information that will significantly impact companies doing business in California.
- 8/25/2017The National Institute of Standards and Technology (NIST) recently released an updated draft of its Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations that sets forth cybersecurity guidance for securing devices and software commonly referred to as the “internet of things.” The draft represents NIST’s latest attempt to produce a unified information security framework for the federal government that is now also bleeding into the private sector.
- 8/23/2017Companies doing business in Delaware should be aware of a recent amendment to its cybersecurity and data breach notification law.
- 10/28/2016On Wednesday, the Federal Trade Commission (FTC) released its new Data Breach Response: A Guide for Businesses.
- 5/16/2016In a highly-anticipated opinion, this morning the U.S. Supreme Court overturned the Ninth Circuit Court of Appeals’ decision in Spokeo, Inc. v. Robins.
- 3/4/2016On March 2nd, the Consumer Financial Protection Bureau (CFPB) announced a $100,000 penalty and settlement with online payment processor Dwolla, Inc. (Dwolla) for weak data security practices.
- 1/14/2015Earlier this week, President Obama gave a speech at the FTC laying out an agenda on privacy and data security issues, and indicating that the topic is important enough to the administration that it will be included in his upcoming State of the Union address. Generally, the initiative’s goals include tackling identity theft, protecting the privacy of student data and working toward a general privacy “bill of rights” to provide comprehensive data and privacy protections.