Blogs
Our team addresses the pressing questions you’re facing, breaks down recent legal developments, and provides timely guidance on the issues impacting your business, industry, and personal protection. From emerging trends to case law analysis, our attorneys share their expertise to help you navigate complex legal landscapes with confidence. Check back often for new posts.
Sports Entertainment & Media
Executives to Face Perjury Charges for Company Data Practices
Your name. Your signature. Your penalty of perjury declaration.
California just passed regulations making you personally criminally liable for the accuracy of cybersecurity audits and risk assessments your business submits to state regulators.
Starting January 1, 2026, if you’re an executive responsible for privacy, AI, or cybersecurity at a company doing business in California, you’ll personally certify under penalty of perjury that your company’s data practices comply with California law. Get it wrong and you face criminal perjury charges under California law, regardless of where you live or where your company is headquartered.
Why Florida, New York, and Texas Businesses Need to Pay Attention Now
Here’s what most executives outside California don’t understand: these regulations apply to your Florida business, your New York headquarters, your Texas operations. If you serve California consumers, you’re subject to California’s personal liability framework regardless of where your offices are located.
My team is advising clients across Florida, New York, and our other office locations who are scrambling to understand how California regulations create personal criminal liability for executives who’ve never set foot in California. A healthcare company headquartered in Fort Lauderdale with patients in California faces identical executive liability exposure as a San Francisco company. A financial services firm operating out of New York serving California customers must comply with the same personal certification requirements.
The dangerous part? Florida and New York are both considering similar regulations. Texas is watching closely. But California’s regulations take effect first and set the template other states will likely follow. The executive liability framework California just created will become the national standard, with executives in every state facing personal criminal exposure for their companies’ data practices.
As someone who has spent years helping businesses navigate the intersection of technology, privacy law, and regulatory compliance, I’m watching the regulatory landscape shift in ways most executives aren’t prepared for. California’s move to personal executive liability represents a fundamental change in how privacy enforcement works, and businesses operating under traditional corporate liability assumptions are heading toward disaster.
Who These Regulations Apply To
Most executives think California privacy laws only affect California companies. This misconception is destroying businesses when they discover the actual scope.
California’s CCPA regulations apply to any business meeting California’s definition, regardless of headquarters location, physical operations, or California office presence.
CCPA applies if:
- Annual gross revenues exceed $25 million
- You buy, sell, or share personal information of 100,000+ California consumers annually
- You derive 50%+ of annual revenue from selling or sharing California consumers’ personal information
If you do business with California consumers through online sales, services, or data collection from California residents, you’re subject to regulations requiring personal executive certifications under penalty of perjury.
This affects businesses in Florida, New York, Texas, and every state serving California customers. Your e-commerce platform ships to California addresses? You’re covered. Your SaaS product has California users? You’re covered. Your mobile app collects data from California residents? You’re covered. Geographic location of your headquarters is irrelevant.
The Multi-State Regulatory Cascade Coming
California’s personal liability framework is just the beginning. I’m tracking legislative developments in Florida, New York, and Texas that indicate similar executive liability provisions are coming to additional states within 18-24 months.
Florida’s legislature is considering privacy legislation that would mirror California’s approach to personal executive accountability. New York’s privacy proposals include provisions for individual executive liability for data protection failures. Texas lawmakers are evaluating frameworks that would impose personal responsibility on executives for cybersecurity and AI governance.
The pattern is clear: states are moving away from corporate penalty models toward personal executive liability for privacy and cybersecurity failures. California is the first mover, but won’t be the last. Executives who wait for their own states to pass similar laws before addressing personal liability exposure will find themselves facing multi-state certification requirements across different regulatory frameworks with conflicting standards.
The practical reality for national businesses: within three years, executives will likely face personal certification requirements under penalty of perjury in California, Florida, New York, Texas, and potentially a dozen other states, each with slightly different standards, deadlines, and enforcement mechanisms. The compliance burden won’t be “figure out California’s requirements.” It will be “navigate conflicting personal liability frameworks across multiple jurisdictions while trying to run a business.”
What “Under Penalty of Perjury” Actually Means
Perjury under California law is a felony punishable by up to four years in state prison. When you sign certifications stating your company’s risk assessments or cybersecurity audits are “true and correct” under penalty of perjury, you’re creating personal criminal liability if those statements are false.
You can be prosecuted for perjury if you make false statements under certification, even if the false statements resulted from negligence, inadequate due diligence, or relying on incomplete information from subordinates.
You’re certifying accuracy of complex technical assessments covering your entire company’s data practices, AI systems, and cybersecurity controls. If any material aspect is inaccurate when you sign, you’ve potentially committed perjury under California law.
From my experience working with companies implementing AI systems, automated decision-making technologies, and complex data processing operations, I can tell you that accurately assessing these systems’ privacy and security implications requires deep technical knowledge that most executives don’t possess. You’re being asked to certify under penalty of perjury that technical assessments of machine learning models, algorithmic decision systems, and data processing architectures are completely accurate, when the people who built those systems often can’t fully explain how they work.
Who Has to Sign These Certifications
California’s regulations require executive management team members to personally certify accuracy under penalty of perjury. Delegation to compliance staff is prohibited.
Risk assessment certifications must be signed by an executive management team member directly responsible for risk-assessment compliance, with sufficient knowledge to provide accurate information and authority to submit assessments to California’s Privacy Protection Agency.
Cybersecurity audit certifications must be signed by an executive management team member directly responsible for cybersecurity-audit compliance, with sufficient knowledge of the audit and authority to submit certifications.
The regulations limit signatures to executive management team members, typically a dozen or fewer individuals. Your compliance department, privacy team, or outside counsel cannot sign. Executive management must personally certify under penalty of perjury.
The AI and Automated Decision-Making Complexity
California’s regulations include specific requirements for automated decision-making technology (ADMT), and this is where executive liability gets particularly dangerous. Starting January 1, 2027, businesses must provide pre-use notice, opt-out choices, and access rights for ADMT.
Here’s the problem: most executives signing off on ADMT compliance have no idea how their company’s AI systems actually work. I’ve worked with businesses deploying machine learning models for hiring, lending, marketing, and customer service who couldn’t explain basic questions about training data, model architecture, or decision logic. Now executives at these companies will personally certify under penalty of perjury that their ADMT risk assessments are accurate and complete.
Modern AI systems operate as black boxes even to the engineers who build them. Neural networks make decisions based on patterns in training data that humans can’t interpret. Algorithmic systems evolve based on new data inputs in ways that weren’t anticipated during initial design. How does an executive certify accuracy of risk assessments covering systems that are inherently opaque and constantly changing?
The answer is they can’t, at least not with confidence. But California’s regulations require them to anyway, creating personal criminal liability for executives who are fundamentally unable to verify the technical accuracy of the certifications they’re required to sign.
The Certification Trap
For cybersecurity audits, you’re personally certifying that audit results are “true and correct” and that your business “has not made any attempt to influence the auditor’s decisions or assessments.”
You’re certifying under penalty of perjury that hundreds or thousands of employees didn’t improperly influence the auditor. You’re certifying that technical cybersecurity assessments covering complex systems are completely accurate. You’re certifying completeness of information you likely didn’t personally review.
The auditor relies on evidence including interviews with company personnel. How do you personally certify that every employee interviewed provided complete, accurate information? How do you certify no one attempted to influence the auditor when you weren’t present for those conversations?
You can’t. Yet you’re required to make these certifications under penalty of perjury anyway.
When Personal Liability Begins
January 1, 2026: Must start performing risk assessments for new processing presenting significant privacy risk. Executive management must review and approve assessments.
January 1, 2027: Must comply with automated decision-making technology requirements. Many businesses enter mandatory cybersecurity audit period.
April 1, 2028: Initial filings with California Privacy Protection Agency due for risk assessments and cybersecurity audits, signed by executive management under penalty of perjury.
Less than 15 months before personal liability begins. Most businesses haven’t started preparing executives for these certification requirements.
The Technology Governance Gap
Most businesses lack the technology governance infrastructure necessary to support executive certifications under penalty of perjury. I’ve seen this gap repeatedly working with companies on data privacy and technology compliance.
Executives are expected to certify accuracy of technical assessments, but most companies don’t have formal processes for technical teams to document how AI systems work, what data they process, what decisions they make, or what privacy risks they create. Development teams build and deploy systems without comprehensive privacy impact assessments. Security teams conduct audits without formal documentation of testing methodologies or findings. Data teams process information without clear records of data flows, retention periods, or access controls.
California’s regulations assume businesses have mature technology governance frameworks with clear documentation, formal review processes, and established accountability structures. Most businesses don’t. They have ad hoc processes, informal communications, and tribal knowledge that exists in employees’ heads rather than documented systems. Trying to retrofit formal governance onto these informal structures in 15 months while preparing executives for personal criminal liability is nearly impossible.
The D&O Insurance Problem
Standard Directors and Officers liability insurance may not cover criminal perjury charges or regulatory penalties from false certifications to state agencies. Most D&O policies exclude intentional misconduct and may exclude individual criminal liability coverage.
Executives facing personal certification requirements need to confirm their D&O insurance covers good faith errors or omissions in regulatory filings, including defense costs for perjury investigations and penalties if certifications prove inaccurate.
Without proper D&O coverage, executives signing these certifications bear personal financial liability for defense costs and potential penalties if certifications are challenged, even when acting in good faith based on subordinate information.
The Sub-Certification Approach
Given criminal liability for false certifications, businesses are implementing sub-certification processes where functional managers certify accuracy of information within their domains before executive management signs final certifications to California regulators.
Before the Chief Privacy Officer signs the risk assessment certification under penalty of perjury, the heads of IT, Marketing, Sales, Operations, and other departments each certify that information from their areas is accurate and complete.
Sub-certification doesn’t eliminate executive liability, but creates documentation showing reasonable due diligence. If the certification proves inaccurate, the executive can demonstrate good faith efforts to verify accuracy rather than signing blindly.
Most businesses haven’t established sub-certification frameworks. Executives are being asked to personally certify accuracy of information they can’t practically verify without formal subordinate certification processes.
Internal vs. External Audits
Businesses must decide whether to conduct cybersecurity audits internally or hire external auditors. This decision has major implications for executive personal liability.
External audits cost more but provide independent verification that may reduce executive liability exposure. External auditors provide professional opinions executives can rely on when making certifications.
Internal audits cost less but create complexity around ensuring the auditor is free from “undue influence.” The internal auditor must report to an executive who doesn’t have direct responsibility for cybersecurity. Your CISO can’t oversee the audit. This creates organizational challenges and potentially increases executive liability if internal audit processes are questioned.
External audits provide executives with independent professional opinions supporting certifications. Internal audits require executives to certify that internal processes were free from undue influence, which is much harder to assert confidently under penalty of perjury.
What to Do Now
Waiting until 2026 or 2027 means waiting too long. Executive management needs immediate action.
Identify which executives will sign certifications. Determine which executive management team members are directly responsible for risk assessment and cybersecurity audit compliance. These individuals need to understand their personal criminal liability exposure.
Establish sub-certification processes. Implement formal subordinate certification procedures requiring functional managers to certify accuracy before executives sign final certifications to regulators.
Review D&O insurance coverage. Confirm Directors and Officers liability insurance covers good faith errors in regulatory certifications, including defense costs for perjury investigations.
Decide internal vs. external audit approach. Evaluate whether external cybersecurity audits justify additional cost given reduced personal liability exposure.
Document decision-making processes. Create formal governance structures showing how risk assessments are reviewed, who participates, and what due diligence executives perform before signing certifications.
Build technology governance infrastructure. Establish formal documentation requirements for AI systems, data processing operations, and cybersecurity controls that will support accurate risk assessments and audit certifications.
The Reality
California changed data privacy enforcement from corporate penalties to individual criminal liability for executives. Starting January 2026, executive management personally certifies under penalty of perjury that their companies’ privacy and cybersecurity practices comply with California law.
This affects every business serving California consumers, regardless of headquarters location. Businesses operating out of Florida, New York, Texas, and every other state face identical executive liability exposure if they serve California markets. Florida, New York, and Texas are likely implementing similar personal liability frameworks within 18-24 months, creating multi-state certification requirements with conflicting standards.
Executives who haven’t prepared face criminal perjury exposure for certifications they’ll be required to sign in less than 15 months. Address personal liability exposure now, before certification deadlines arrive and unprepared executives face choosing between refusing to sign (losing their positions) or signing certifications they can’t verify (facing criminal charges).
My team helps businesses implement executive certification frameworks, establish sub-certification processes, build technology governance infrastructure, and prepare executive management for personal liability obligations under California’s new privacy regulations and similar frameworks emerging in other states.
Contact me directly at tshields@kelleykronenberg.com to discuss your executive team’s personal liability exposure and certification preparation strategy.
About the Author:
Timothy Shields
Partner/Business Unit Leader, Data Privacy & Technology
Kelley Kronenberg-Fort Lauderdale, FL.
(954) 370-9970
Email
Bio
Timothy Shields holds a Doctorate in Education and Juris Doctor, serves as Partner and Business Unit Leader for Data Privacy & Technology at Kelley Kronenberg, and is a certified NFL agent. He specializes in representing college athletes in Loss of Value insurance negotiations, NIL matters, and coverage disputes involving career-altering injuries.
Your name. Your signature. Your penalty of perjury declaration.
California just passed regulations making you personally criminally liable for the accuracy of cybersecurity audits and risk assessments your business submits to state regulators.
Starting January 1, 2026, if you’re an executive responsible for privacy, AI, or cybersecurity at a company doing business in California, you’ll personally certify under penalty of perjury that your company’s data practices comply with California law. Get it wrong and you face criminal perjury charges under California law, regardless of where you live or where your company is headquartered.
Why Florida, New York, and Texas Businesses Need to Pay Attention Now
Here’s what most executives outside California don’t understand: these regulations apply to your Florida business, your New York headquarters, your Texas operations. If you serve California consumers, you’re subject to California’s personal liability framework regardless of where your offices are located.
My team is advising clients across Florida, New York, and our other office locations who are scrambling to understand how California regulations create personal criminal liability for executives who’ve never set foot in California. A healthcare company headquartered in Fort Lauderdale with patients in California faces identical executive liability exposure as a San Francisco company. A financial services firm operating out of New York serving California customers must comply with the same personal certification requirements.
The dangerous part? Florida and New York are both considering similar regulations. Texas is watching closely. But California’s regulations take effect first and set the template other states will likely follow. The executive liability framework California just created will become the national standard, with executives in every state facing personal criminal exposure for their companies’ data practices.
As someone who has spent years helping businesses navigate the intersection of technology, privacy law, and regulatory compliance, I’m watching the regulatory landscape shift in ways most executives aren’t prepared for. California’s move to personal executive liability represents a fundamental change in how privacy enforcement works, and businesses operating under traditional corporate liability assumptions are heading toward disaster.
Who These Regulations Apply To
Most executives think California privacy laws only affect California companies. This misconception is destroying businesses when they discover the actual scope.
California’s CCPA regulations apply to any business meeting California’s definition, regardless of headquarters location, physical operations, or California office presence.
CCPA applies if:
- Annual gross revenues exceed $25 million
- You buy, sell, or share personal information of 100,000+ California consumers annually
- You derive 50%+ of annual revenue from selling or sharing California consumers’ personal information
If you do business with California consumers through online sales, services, or data collection from California residents, you’re subject to regulations requiring personal executive certifications under penalty of perjury.
This affects businesses in Florida, New York, Texas, and every state serving California customers. Your e-commerce platform ships to California addresses? You’re covered. Your SaaS product has California users? You’re covered. Your mobile app collects data from California residents? You’re covered. Geographic location of your headquarters is irrelevant.
The Multi-State Regulatory Cascade Coming
California’s personal liability framework is just the beginning. I’m tracking legislative developments in Florida, New York, and Texas that indicate similar executive liability provisions are coming to additional states within 18-24 months.
Florida’s legislature is considering privacy legislation that would mirror California’s approach to personal executive accountability. New York’s privacy proposals include provisions for individual executive liability for data protection failures. Texas lawmakers are evaluating frameworks that would impose personal responsibility on executives for cybersecurity and AI governance.
The pattern is clear: states are moving away from corporate penalty models toward personal executive liability for privacy and cybersecurity failures. California is the first mover, but won’t be the last. Executives who wait for their own states to pass similar laws before addressing personal liability exposure will find themselves facing multi-state certification requirements across different regulatory frameworks with conflicting standards.
The practical reality for national businesses: within three years, executives will likely face personal certification requirements under penalty of perjury in California, Florida, New York, Texas, and potentially a dozen other states, each with slightly different standards, deadlines, and enforcement mechanisms. The compliance burden won’t be “figure out California’s requirements.” It will be “navigate conflicting personal liability frameworks across multiple jurisdictions while trying to run a business.”
What “Under Penalty of Perjury” Actually Means
Perjury under California law is a felony punishable by up to four years in state prison. When you sign certifications stating your company’s risk assessments or cybersecurity audits are “true and correct” under penalty of perjury, you’re creating personal criminal liability if those statements are false.
You can be prosecuted for perjury if you make false statements under certification, even if the false statements resulted from negligence, inadequate due diligence, or relying on incomplete information from subordinates.
You’re certifying accuracy of complex technical assessments covering your entire company’s data practices, AI systems, and cybersecurity controls. If any material aspect is inaccurate when you sign, you’ve potentially committed perjury under California law.
From my experience working with companies implementing AI systems, automated decision-making technologies, and complex data processing operations, I can tell you that accurately assessing these systems’ privacy and security implications requires deep technical knowledge that most executives don’t possess. You’re being asked to certify under penalty of perjury that technical assessments of machine learning models, algorithmic decision systems, and data processing architectures are completely accurate, when the people who built those systems often can’t fully explain how they work.
Who Has to Sign These Certifications
California’s regulations require executive management team members to personally certify accuracy under penalty of perjury. Delegation to compliance staff is prohibited.
Risk assessment certifications must be signed by an executive management team member directly responsible for risk-assessment compliance, with sufficient knowledge to provide accurate information and authority to submit assessments to California’s Privacy Protection Agency.
Cybersecurity audit certifications must be signed by an executive management team member directly responsible for cybersecurity-audit compliance, with sufficient knowledge of the audit and authority to submit certifications.
The regulations limit signatures to executive management team members, typically a dozen or fewer individuals. Your compliance department, privacy team, or outside counsel cannot sign. Executive management must personally certify under penalty of perjury.
The AI and Automated Decision-Making Complexity
California’s regulations include specific requirements for automated decision-making technology (ADMT), and this is where executive liability gets particularly dangerous. Starting January 1, 2027, businesses must provide pre-use notice, opt-out choices, and access rights for ADMT.
Here’s the problem: most executives signing off on ADMT compliance have no idea how their company’s AI systems actually work. I’ve worked with businesses deploying machine learning models for hiring, lending, marketing, and customer service who couldn’t explain basic questions about training data, model architecture, or decision logic. Now executives at these companies will personally certify under penalty of perjury that their ADMT risk assessments are accurate and complete.
Modern AI systems operate as black boxes even to the engineers who build them. Neural networks make decisions based on patterns in training data that humans can’t interpret. Algorithmic systems evolve based on new data inputs in ways that weren’t anticipated during initial design. How does an executive certify accuracy of risk assessments covering systems that are inherently opaque and constantly changing?
The answer is they can’t, at least not with confidence. But California’s regulations require them to anyway, creating personal criminal liability for executives who are fundamentally unable to verify the technical accuracy of the certifications they’re required to sign.
The Certification Trap
For cybersecurity audits, you’re personally certifying that audit results are “true and correct” and that your business “has not made any attempt to influence the auditor’s decisions or assessments.”
You’re certifying under penalty of perjury that hundreds or thousands of employees didn’t improperly influence the auditor. You’re certifying that technical cybersecurity assessments covering complex systems are completely accurate. You’re certifying completeness of information you likely didn’t personally review.
The auditor relies on evidence including interviews with company personnel. How do you personally certify that every employee interviewed provided complete, accurate information? How do you certify no one attempted to influence the auditor when you weren’t present for those conversations?
You can’t. Yet you’re required to make these certifications under penalty of perjury anyway.
When Personal Liability Begins
January 1, 2026: Must start performing risk assessments for new processing presenting significant privacy risk. Executive management must review and approve assessments.
January 1, 2027: Must comply with automated decision-making technology requirements. Many businesses enter mandatory cybersecurity audit period.
April 1, 2028: Initial filings with California Privacy Protection Agency due for risk assessments and cybersecurity audits, signed by executive management under penalty of perjury.
Less than 15 months before personal liability begins. Most businesses haven’t started preparing executives for these certification requirements.
The Technology Governance Gap
Most businesses lack the technology governance infrastructure necessary to support executive certifications under penalty of perjury. I’ve seen this gap repeatedly working with companies on data privacy and technology compliance.
Executives are expected to certify accuracy of technical assessments, but most companies don’t have formal processes for technical teams to document how AI systems work, what data they process, what decisions they make, or what privacy risks they create. Development teams build and deploy systems without comprehensive privacy impact assessments. Security teams conduct audits without formal documentation of testing methodologies or findings. Data teams process information without clear records of data flows, retention periods, or access controls.
California’s regulations assume businesses have mature technology governance frameworks with clear documentation, formal review processes, and established accountability structures. Most businesses don’t. They have ad hoc processes, informal communications, and tribal knowledge that exists in employees’ heads rather than documented systems. Trying to retrofit formal governance onto these informal structures in 15 months while preparing executives for personal criminal liability is nearly impossible.
The D&O Insurance Problem
Standard Directors and Officers liability insurance may not cover criminal perjury charges or regulatory penalties from false certifications to state agencies. Most D&O policies exclude intentional misconduct and may exclude individual criminal liability coverage.
Executives facing personal certification requirements need to confirm their D&O insurance covers good faith errors or omissions in regulatory filings, including defense costs for perjury investigations and penalties if certifications prove inaccurate.
Without proper D&O coverage, executives signing these certifications bear personal financial liability for defense costs and potential penalties if certifications are challenged, even when acting in good faith based on subordinate information.
The Sub-Certification Approach
Given criminal liability for false certifications, businesses are implementing sub-certification processes where functional managers certify accuracy of information within their domains before executive management signs final certifications to California regulators.
Before the Chief Privacy Officer signs the risk assessment certification under penalty of perjury, the heads of IT, Marketing, Sales, Operations, and other departments each certify that information from their areas is accurate and complete.
Sub-certification doesn’t eliminate executive liability, but creates documentation showing reasonable due diligence. If the certification proves inaccurate, the executive can demonstrate good faith efforts to verify accuracy rather than signing blindly.
Most businesses haven’t established sub-certification frameworks. Executives are being asked to personally certify accuracy of information they can’t practically verify without formal subordinate certification processes.
Internal vs. External Audits
Businesses must decide whether to conduct cybersecurity audits internally or hire external auditors. This decision has major implications for executive personal liability.
External audits cost more but provide independent verification that may reduce executive liability exposure. External auditors provide professional opinions executives can rely on when making certifications.
Internal audits cost less but create complexity around ensuring the auditor is free from “undue influence.” The internal auditor must report to an executive who doesn’t have direct responsibility for cybersecurity. Your CISO can’t oversee the audit. This creates organizational challenges and potentially increases executive liability if internal audit processes are questioned.
External audits provide executives with independent professional opinions supporting certifications. Internal audits require executives to certify that internal processes were free from undue influence, which is much harder to assert confidently under penalty of perjury.
What to Do Now
Waiting until 2026 or 2027 means waiting too long. Executive management needs immediate action.
Identify which executives will sign certifications. Determine which executive management team members are directly responsible for risk assessment and cybersecurity audit compliance. These individuals need to understand their personal criminal liability exposure.
Establish sub-certification processes. Implement formal subordinate certification procedures requiring functional managers to certify accuracy before executives sign final certifications to regulators.
Review D&O insurance coverage. Confirm Directors and Officers liability insurance covers good faith errors in regulatory certifications, including defense costs for perjury investigations.
Decide internal vs. external audit approach. Evaluate whether external cybersecurity audits justify additional cost given reduced personal liability exposure.
Document decision-making processes. Create formal governance structures showing how risk assessments are reviewed, who participates, and what due diligence executives perform before signing certifications.
Build technology governance infrastructure. Establish formal documentation requirements for AI systems, data processing operations, and cybersecurity controls that will support accurate risk assessments and audit certifications.
The Reality
California changed data privacy enforcement from corporate penalties to individual criminal liability for executives. Starting January 2026, executive management personally certifies under penalty of perjury that their companies’ privacy and cybersecurity practices comply with California law.
This affects every business serving California consumers, regardless of headquarters location. Businesses operating out of Florida, New York, Texas, and every other state face identical executive liability exposure if they serve California markets. Florida, New York, and Texas are likely implementing similar personal liability frameworks within 18-24 months, creating multi-state certification requirements with conflicting standards.
Executives who haven’t prepared face criminal perjury exposure for certifications they’ll be required to sign in less than 15 months. Address personal liability exposure now, before certification deadlines arrive and unprepared executives face choosing between refusing to sign (losing their positions) or signing certifications they can’t verify (facing criminal charges).
My team helps businesses implement executive certification frameworks, establish sub-certification processes, build technology governance infrastructure, and prepare executive management for personal liability obligations under California’s new privacy regulations and similar frameworks emerging in other states.
Contact me directly at tshields@kelleykronenberg.com to discuss your executive team’s personal liability exposure and certification preparation strategy.
About the Author:
Timothy Shields
Partner/Business Unit Leader, Data Privacy & Technology
Kelley Kronenberg-Fort Lauderdale, FL.
(954) 370-9970
Email
Bio
Timothy Shields holds a Doctorate in Education and Juris Doctor, serves as Partner and Business Unit Leader for Data Privacy & Technology at Kelley Kronenberg, and is a certified NFL agent. He specializes in representing college athletes in Loss of Value insurance negotiations, NIL matters, and coverage disputes involving career-altering injuries.