Privacy & Data Security
Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.
We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.
Stites & Harbison will:
-
Educate and provide practical solutions to strengthen data security plans and improve policies.
-
Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.
-
Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.
-
Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.
-
Defend litigation arising from alleged privacy and security data breaches.
Members and associates actively participate in major professional organizations, including:

-
American Bar Association
-
American Health Lawyers Association
-
Defense Research Institute
-
Mortgage Bankers Association of America
-
International Association of Privacy Professionals
Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:
-
Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.
-
Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.
-
Advised on a professional legal malpractice claim concerning a data breach.
-
Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.
-
Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.
-
Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.
-
Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.
-
Advised employer in connection with employees’ confidential postings on social media.
-
Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.
-
Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.
-
Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.
Information You Need on the COVID-19 Coronavirus
Stites & Harbison has assembled a Coronavirus Response Team which consists of a cross-disciplinary task force of attorneys and critical staff members to ensure our firm remains “On the Job” for you. Updated 01/11/21
Stites & Harbison Promotes Three Attorneys
LOUISVILLE, Ky.—Stites & Harbison, PLLC announced today that three attorneys have been promoted within the law firm effective January 2021.
Kentucky Super Lawyers Honors 41 Stites & Harbison Attorneys for 2021
LOUISVILLE, Ky.—The 2021 edition of Kentucky Super Lawyers recently honored 42 Stites & Harbison, PLLC attorneys in the Covington, Frankfort, Lexington and Louisville, Ky., offices.
Sarah Spurlock Named IADC Cyber Committee Chair
LOUISVILLE, Ky.—The International Association of Defense Counsel (IADC) has appointed Stites & Harbison, PLLC attorney Sarah Cronan Spurlock as Chair of its Cyber Security, Data Privacy and Technology Committee.
Marjorie Farris to Be First Woman to Lead Stites & Harbison Law Firm
LOUISVILLE, Ky.—Stites & Harbison, PLLC, announced today that Kentucky native Marjorie A. Farris will become the firm’s new Chair effective January 2021. She will be the first woman to lead the firm since its founding in 1832.
Joint Agency Cyber Alert Warns of Imminent and Credible Ransomware Threat Against U.S. Health Care and Public Health Sectors
A joint cybersecurity advisory alert issued October 28, 2020, warns of an imminent cybercrime threat to the U.S. health care sector.
Stites & Harbison, PLLC Lawyers Named to 2021 Best Lawyers® Publications
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 82 lawyers are included in the 2021 Edition of The Best Lawyers in America©.
Kentucky Health Law Institute
Time: 8:00 a.m. - 5:00 p.m.
WEBINAR (via Zoom)
Sarah Spurlock, Janet Craig and Dustyn Jones will be presenters at this WEBINAR presented by UK Law Continuing Legal Education on September 2-3, 2020.
Data Breach Class Action Litigation on the Rise: Winning Strategies
Time: 12:00 p.m. - 2:00 p.m.
LIVE WEBINAR
Updated CDC Guidance for Essential Workers
On April 8, 2020, the Center for Disease Control and Prevention (“CDC”) provided updated guidance for COVID-19 exposed employees for essential businesses, such as groceries, hospitals, and first responders.
Benchmark Litigation names Stites & Harbison as Litigation Firm of the Year for Kentucky
LOUISVILLE, Ky.—Benchmark Litigation recently named Stites & Harbison, PLLC as Litigation Firm of the Year for Kentucky at its 2020 Annual Awards Gala.
SBA Issues Interim Final Rule for Paycheck Protection Program
Provisions of the Paycheck Protection Program of the Coronavirus/COVID-19 economic relief legislation remain subject to change. On Thursday, April 2, 2020, the SBA issued a 31-page interim final rules to update and clarify the existing requirements. The content of this article is current as of Tuesday, April 7, 2020.
COVID-19 and Your Business — What You Need to Know
Time: 11:00 a.m. - 1:15 p.m.
WEBINAR
Please join us for a WEBINAR discussing the impacts of COVID-19 on your business. You can join the webinar at any time and attend whichever presentation(s) that are of interest to you.
Department of Labor to Employers: You Must Notify Your Employees of New Paid Leave Laws by April 1, 2020
The Families First Coronavirus Response Act, effective April 1, 2020, requires certain public employers and private employers with fewer than 500 employees to provide E-FMLA and Emergency Paid Sick Leave to eligible employees. Employers must notify current employees of these benefits by circulating the official Notice of Employee Rights published by the Department of Labor.
OCR Eases HIPAA Burdens for Telehealth during COVID-19 National Emergency
In response to the unprecedented public health emergency presented by COVID-19, the Department of Health and Human Services, Office for Civil Rights (OCR), responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, issued a notification of enforcement discretion for telehealth remote communications effective immediately.
The PTO's Valentine: Rule Changes for Email Addresses and Specimens
On February 15, 2020, the PTO’s new examination guide will go into effect in accordance with new rule changes. In this post, we highlight two of the changes described in the guide that may have more of an impact on brand owners, namely, those pertaining to new email address and specimen requirements.