Privacy & Data Security

Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.

We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.

Stites & Harbison will:

• Educate and provide practical solutions to strengthen data security plans and improve policies.

• Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.

• Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.

• Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.

• Defend litigation arising from alleged privacy and security data breaches.

Members and associates actively participate in major professional organizations, including:

• American Bar Association

• American Health Lawyers Association

• Defense Research Institute

• Mortgage Bankers Association of America

• International Association of Privacy Professionals

Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:

• Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.

• Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.

• Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.

• Advised on a professional legal malpractice claim concerning a data breach.

• Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.

• Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.

• Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.

• Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.

• Advised employer in connection with employees’ confidential postings on social media.

• Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.

• Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.

• Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.