Privacy & Data Security
Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.
We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.
Stites & Harbison will:
-
Educate and provide practical solutions to strengthen data security plans and improve policies.
-
Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.
-
Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.
-
Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.
-
Defend litigation arising from alleged privacy and security data breaches.
Members and associates actively participate in major professional organizations, including:

-
American Bar Association
-
American Health Lawyers Association
-
Defense Research Institute
-
Mortgage Bankers Association of America
-
International Association of Privacy Professionals
Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:
-
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.
-
Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.
-
Advised on a professional legal malpractice claim concerning a data breach.
-
Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.
-
Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.
-
Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.
-
Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.
-
Advised employer in connection with employees’ confidential postings on social media.
-
Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.
-
Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.
-
Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.
“To Text or Not to Text…” Challenges to Defending Employment Matters Involving Text Messages
A client recently received a litigation hold letter from an attorney representing a former employee. It demanded retention and preservation of all “documents and data” relating to or concerning the former employee, their work performance, and termination. The definition of documents and data also included all electronically stored information, “. . . such as e-mail, voicemail, . . . digital audio or video recordings, instant messages, text messages, social media posts, . . . and any other electronic information created, maintained or received by you.”
UK Women Innovators Network Panel Discussion
Time: 3:30pm - 5:30pm
University of Kentucky, Gatton Student Center, Ballroom 212A, 160 Avenue of Champions, Lexington, KY
Join Mandy Decker and the UK Office of Technology Commercialization for the UK Women Innovators Network panel discussion of the book "Funded Female Founders: How to traverse the uneven playing field and secure funding to grow your business."
Kentucky Lawmakers Considering Comprehensive Data Privacy Legislation
Kentucky may soon join the growing number of states that have enacted data privacy legislation. On January 3, 2023, Senator Whitney Westerfield and Senator John Schickel introduced Senate Bill 15, which, if passed, will create new sections of KRS Chapter 367 to establish consumer protection rights for Kentucky residents relating to personal data.
When Race & Gender Meet: Experiences of Black Women in the Law
Time: 4:00 p.m. - 5:30 p.m.
Louisville Bar Association Bar Center, 600 West Main Street, Louisville, KY 40202
Louisville office attorney Calesia Henson will be a member of the panel discussing "When Race & Gender Meet: Experiences of Black Women in Law" following the Louisville Bar Association's Justice William E. McAnulty Jr. Trailblazer Award presentation.
Ransomware Threats: Prevention Tips and Response Strategies
Time: 1:00 p.m. - 2:30 p.m.
Webinar
Stites & Harbison attorneys, Mari-Elise Paul and Sarah Cronan Spurlock, will participate in this upcoming ABA program focused on cybersecurity law and cyber incident response preparedness.
Data Security and Privacy Symposium
Time: 8:15 a.m. - 3:00 p.m.
State Bar of Georgia Conference Center, 104 Marietta Street NW, Atlanta, GA 30303
Shannon Sprinkle and Sarah Spurlock will be speakers at this Atlanta Bar Association seminar being held February 8th.
Kentucky Super Lawyers Honors 49 Stites & Harbison Attorneys for 2023
LOUISVILLE, Ky.—The 2023 edition of Kentucky Super Lawyers recently honored 49 Stites & Harbison, PLLC attorneys in the Covington, Frankfort, Lexington and Louisville, Ky., offices. The publication named 37 attorneys to the Super Lawyers list and 12 attorneys to the Rising Stars list.
Call to Action for Critical Infrastructure Businesses - New Federal Cyber Breach Reporting: Obligations and Ransomware Prevention Strategies
Kentucky Bar Association Bench & Bar article by Louisville office attorney Sarah Spurlock discussing cyber defenses and security breach reporting.
Nine Stites & Harbison Attorneys Honored by 2022 Mid-South Super Lawyers
NASHVILLE, Tenn.—The 2022 edition of Mid-South Super Lawyers recently honored nine Stites & Harbison, PLLC attorneys. Six attorneys were named to the Super Lawyers list and three were named to the Rising Stars list.
Ian Ramsey Appointed to Kentucky Bicycle and Bikeway Commission
LOUISVILLE, Ky.—Governor Andy Beshear has appointed Stites & Harbison, PLLC attorney Ian Ramsey to the Kentucky Bicycle and Bikeway Commission (KBBC).
Stites & Harbison Earns 87 Rankings in 2023 "Best Law Firms" List
LOUISVILLE, Ky.—U.S. News & World Report and Best Lawyers® have released their 2023 “Best Law Firms” rankings. Stites & Harbison, PLLC’s three National Tier 1 rankings include: Litigation – Construction, Litigation – Real Estate, and Trademark Law. The firm’s overall results include 87 metropolitan rankings in six regions.
Mari-Elise Paul Named a 2022 Go To Lawyer for Intellectual Property Law
ALEXANDRIA, Va.—Virginia Lawyers Weekly recently named Stites & Harbison, PLLC attorney Mari-Elise Paul to the 2022 list of Virginia’s Go To Lawyers for Intellectual Property Law. She is one of 19 attorneys honored.
Virginia Super Lawyers 2022 Honors John Teresinski
ALEXANDRIA, Va.—The 2022 edition of Virginia Super Lawyers recently honored Stites & Harbison, PLLC attorney John Teresinski. He was named to the Rising Stars list.
Revenue Cycle and Compliance Summit
Time: 12:00 p.m. - 4:30 p.m.
Online Event
The Revenue Cycle and Compliance Summit is an online half-day workshop to provide convenient education with CEUs and CLE for professionals. Stites attorneys Sarah Spurlock and Michael Denbow will be presenters at this Summit on June. 23, 2022.
Stites & Harbison Increases Rank on ABA Health Law Section’s Regional Top 10 List for 2020-21
LOUISVILLE, Ky.—The American Bar Association (ABA) Health Law Section has ranked Stites & Harbison, PLLC in 5th place in its Ninth Annual Regional Top 10 Law Firm Recognition List for the South for 2020-21.
Another Surprise! The No Surprises Act Requires Consumer Disclosures
In December 2020, Congress signed into law the No Surprises Act (NSA) addressing surprise medical billing. Specifically, the NSA prohibits out-of-network health care providers and facilities from balance billing certain commercially insured patients in certain circumstances.
Marjorie Farris Named as 2022 Business Women First Enterprising Women Award Honoree
LOUISVILLE, Ky.—Louisville Business First has named Stites & Harbison, PLLC Chair Marjorie A. Farris as a recipient of its 2022 Business Women First Enterprising Women Awards.