Litigation & Appeals

Privacy & Data Security

Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.

We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.

Stites & Harbison will:

  • Educate and provide practical solutions to strengthen data security plans and improve policies.

  • Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.

  • Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.

  • Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.

  • Defend litigation arising from alleged privacy and security data breaches.

Members and associates actively participate in major professional organizations, including:

Certified Information Privacy Professional
  • American Bar Association

  • American Health Lawyers Association

  • Defense Research Institute

  • Mortgage Bankers Association of America

  • International Association of Privacy Professionals

Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:

  • Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.

  • Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.

  • Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.

  • Advised on a professional legal malpractice claim concerning a data breach.

  • Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.

  • Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.

  • Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.

  • Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.

  • Advised employer in connection with employees’ confidential postings on social media.

  • Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.

  • Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.

  • Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.

Privacy & Data Security Specialty Areas
Main Contacts
See more related to Privacy & Data Security
Press Releases

Stites & Harbison Earns National and Regional Top 10 Honors from ABA Health Law Section

LOUISVILLE, Ky.—The American Bar Association (ABA) Health Law Section has ranked Stites & Harbison, PLLC in its Tenth Annual Regional Top 10 Law Firm Recognition List of Top 10. The firm ranked 8th in the inaugural National Top 10 list and 4th in the South Top 10 list. Stites & Harbison has been honored nine consecutive times to the South list.

by Stites & Harbison, PLLC May 19, 2023
Events

Navigating the Uncertainty of Nuclear Jury Verdicts and the FTC's Proposed Non-Compete Ban: What You Need to Know Now!

Date: 6/6/23
Time: 2:30 p.m. - 5:30 p.m.

Castle & Key Distillery, 4445 McCracken Pike, Frankfort, KY 40601

Please join the attorneys of Stites & Harbison on June 6th at Castle & Key Distillery as they discuss critical matters currently impacting employers.

Michael S. Hargis, Trevor T. Graves, Robin E. McGuffin, Robin D. Miller, and Emily Larish Startsman May 16, 2023
Client Alerts

Health Care Providers and Business Associates Beware: Use of Online Tracking Technology May Violate HIPAA

Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) may be surprised to learn that use of certain online tracking technology may result in inadvertently sharing information protected under HIPAA with unauthorized third parties. On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued guidance with far-reaching implications for HIPAA regulated entities highlighting their HIPAA compliance obligations when using third-party online tracking technologies designed to collect and analyze information pertaining to a user’s interaction with the regulated entity’s webpages and mobile apps.

by Stacy Shea Luna (Shea) and Sarah Cronan Spurlock April 28, 2023
Events

Kentucky Hospital Association 94th Annual Convention

Date: 5/15/23 - 5/17/23

Central Bank Center, 430 W Vine Street, Lexington, Kentucky 40507

Stites & Harbison attorneys Sarah Spurlock, Ameena Khan and Shea Luna will be speakers at this year's Kentucky Hospital Association Convention in Lexington, Ky.

Sarah Cronan Spurlock, Ameena R. Khan, and Stacy Shea Luna (Shea) April 05, 2023
Client Alerts

“To Text or Not to Text…” Challenges to Defending Employment Matters Involving Text Messages

A client recently received a litigation hold letter from an attorney representing a former employee. It demanded retention and preservation of all “documents and data” relating to or concerning the former employee, their work performance, and termination. The definition of documents and data also included all electronically stored information, “. . . such as e-mail, voicemail, . . . digital audio or video recordings, instant messages, text messages, social media posts, . . . and any other electronic information created, maintained or received by you.”

by Shannon Antle Hamilton March 31, 2023
Events

UK Women Innovators Network Panel Discussion

Date: 3/28/23
Time: 3:30pm - 5:30pm

University of Kentucky, Gatton Student Center, Ballroom 212A, 160 Avenue of Champions, Lexington, KY

Join Mandy Decker and the UK Office of Technology Commercialization for the UK Women Innovators Network panel discussion of the book "Funded Female Founders: How to traverse the uneven playing field and secure funding to grow your business."

Mandy Wilson Decker March 10, 2023
Client Alerts

Kentucky Lawmakers Considering Comprehensive Data Privacy Legislation

Kentucky may soon join the growing number of states that have enacted data privacy legislation. On January 3, 2023, Senator Whitney Westerfield and Senator John Schickel introduced Senate Bill 15, which, if passed, will create new sections of KRS Chapter 367 to establish consumer protection rights for Kentucky residents relating to personal data.

by Ameena R. Khan and Sarah Cronan Spurlock March 07, 2023
Events

When Race & Gender Meet: Experiences of Black Women in the Law

Date: 3/7/23
Time: 4:00 p.m. - 5:30 p.m.

Louisville Bar Association Bar Center, 600 West Main Street, Louisville, KY 40202

Louisville office attorney Calesia Henson will be a member of the panel discussing "When Race & Gender Meet: Experiences of Black Women in Law" following the Louisville Bar Association's Justice William E. McAnulty Jr. Trailblazer Award presentation.

Calesia Henson February 22, 2023
Events

Ransomware Threats: Prevention Tips and Response Strategies

Date: 2/28/23
Time: 1:00 p.m. - 2:30 p.m.

Webinar

Stites & Harbison attorneys, Mari-Elise Paul and Sarah Cronan Spurlock, will participate in this upcoming ABA program focused on cybersecurity law and cyber incident response preparedness.

Mari-Elise Paul and Sarah Cronan Spurlock February 08, 2023
Events

Data Security and Privacy Symposium

Date: 2/8/23
Time: 8:15 a.m. - 3:00 p.m.

State Bar of Georgia Conference Center, 104 Marietta Street NW, Atlanta, GA 30303

Shannon Sprinkle and Sarah Spurlock will be speakers at this Atlanta Bar Association seminar being held February 8th.

Shannon M. Sprinkle and Sarah Cronan Spurlock January 25, 2023
Press Releases

Kentucky Super Lawyers Honors 49 Stites & Harbison Attorneys for 2023

LOUISVILLE, Ky.—The 2023 edition of Kentucky Super Lawyers recently honored 49 Stites & Harbison, PLLC attorneys in the Covington, Frankfort, Lexington and Louisville, Ky., offices. The publication named 37 attorneys to the Super Lawyers list and 12 attorneys to the Rising Stars list.

by Stites & Harbison, PLLC January 12, 2023
Articles

Call to Action for Critical Infrastructure Businesses - New Federal Cyber Breach Reporting: Obligations and Ransomware Prevention Strategies

Kentucky Bar Association Bench & Bar article by Louisville office attorney Sarah Spurlock discussing cyber defenses and security breach reporting.

by Sarah Cronan Spurlock December 08, 2022
Press Releases

Nine Stites & Harbison Attorneys Honored by 2022 Mid-South Super Lawyers

NASHVILLE, Tenn.—The 2022 edition of Mid-South Super Lawyers recently honored nine Stites & Harbison, PLLC attorneys. Six attorneys were named to the Super Lawyers list and three were named to the Rising Stars list.

by Stites & Harbison, PLLC December 01, 2022
Press Releases

Ian Ramsey Appointed to Kentucky Bicycle and Bikeway Commission

LOUISVILLE, Ky.—Governor Andy Beshear has appointed Stites & Harbison, PLLC attorney Ian Ramsey to the Kentucky Bicycle and Bikeway Commission (KBBC).

by Stites & Harbison, PLLC November 09, 2022
Press Releases

Stites & Harbison Earns 87 Rankings in 2023 "Best Law Firms" List

LOUISVILLE, Ky.—U.S. News & World Report and Best Lawyers® have released their 2023 “Best Law Firms” rankings. Stites & Harbison, PLLC’s three National Tier 1 rankings include: Litigation – Construction, Litigation – Real Estate, and Trademark Law. The firm’s overall results include 87 metropolitan rankings in six regions.

by Stites & Harbison, PLLC November 04, 2022
Press Releases

Mari-Elise Paul Named a 2022 Go To Lawyer for Intellectual Property Law

ALEXANDRIA, Va.—Virginia Lawyers Weekly recently named Stites & Harbison, PLLC attorney Mari-Elise Paul to the 2022 list of Virginia’s Go To Lawyers for Intellectual Property Law. She is one of 19 attorneys honored.

by Stites & Harbison, PLLC September 28, 2022
Press Releases

Virginia Super Lawyers 2022 Honors John Teresinski

ALEXANDRIA, Va.—The 2022 edition of Virginia Super Lawyers recently honored Stites & Harbison, PLLC attorney John Teresinski. He was named to the Rising Stars list.

by Stites & Harbison, PLLC June 03, 2022