Privacy & Data Security
Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.
We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.
Stites & Harbison will:
-
Educate and provide practical solutions to strengthen data security plans and improve policies.
-
Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.
-
Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.
-
Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.
-
Defend litigation arising from alleged privacy and security data breaches.
Members and associates actively participate in major professional organizations, including:

-
American Bar Association
-
American Health Lawyers Association
-
Defense Research Institute
-
Mortgage Bankers Association of America
-
International Association of Privacy Professionals
Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:
-
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.
-
Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.
-
Advised on a professional legal malpractice claim concerning a data breach.
-
Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.
-
Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.
-
Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.
-
Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.
-
Advised employer in connection with employees’ confidential postings on social media.
-
Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.
-
Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.
-
Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.
Stites & Harbison Earns National and Regional Top 10 Honors from ABA Health Law Section
LOUISVILLE, Ky.—The American Bar Association (ABA) Health Law Section has ranked Stites & Harbison, PLLC in its Tenth Annual Regional Top 10 Law Firm Recognition List of Top 10. The firm ranked 8th in the inaugural National Top 10 list and 4th in the South Top 10 list. Stites & Harbison has been honored nine consecutive times to the South list.
Navigating the Uncertainty of Nuclear Jury Verdicts and the FTC's Proposed Non-Compete Ban: What You Need to Know Now!
Time: 2:30 p.m. - 5:30 p.m.
Castle & Key Distillery, 4445 McCracken Pike, Frankfort, KY 40601
Please join the attorneys of Stites & Harbison on June 6th at Castle & Key Distillery as they discuss critical matters currently impacting employers.
Health Care Providers and Business Associates Beware: Use of Online Tracking Technology May Violate HIPAA
Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) may be surprised to learn that use of certain online tracking technology may result in inadvertently sharing information protected under HIPAA with unauthorized third parties. On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued guidance with far-reaching implications for HIPAA regulated entities highlighting their HIPAA compliance obligations when using third-party online tracking technologies designed to collect and analyze information pertaining to a user’s interaction with the regulated entity’s webpages and mobile apps.
Kentucky Hospital Association 94th Annual Convention
Central Bank Center, 430 W Vine Street, Lexington, Kentucky 40507
Stites & Harbison attorneys Sarah Spurlock, Ameena Khan and Shea Luna will be speakers at this year's Kentucky Hospital Association Convention in Lexington, Ky.
“To Text or Not to Text…” Challenges to Defending Employment Matters Involving Text Messages
A client recently received a litigation hold letter from an attorney representing a former employee. It demanded retention and preservation of all “documents and data” relating to or concerning the former employee, their work performance, and termination. The definition of documents and data also included all electronically stored information, “. . . such as e-mail, voicemail, . . . digital audio or video recordings, instant messages, text messages, social media posts, . . . and any other electronic information created, maintained or received by you.”
UK Women Innovators Network Panel Discussion
Time: 3:30pm - 5:30pm
University of Kentucky, Gatton Student Center, Ballroom 212A, 160 Avenue of Champions, Lexington, KY
Join Mandy Decker and the UK Office of Technology Commercialization for the UK Women Innovators Network panel discussion of the book "Funded Female Founders: How to traverse the uneven playing field and secure funding to grow your business."
Kentucky Lawmakers Considering Comprehensive Data Privacy Legislation
Kentucky may soon join the growing number of states that have enacted data privacy legislation. On January 3, 2023, Senator Whitney Westerfield and Senator John Schickel introduced Senate Bill 15, which, if passed, will create new sections of KRS Chapter 367 to establish consumer protection rights for Kentucky residents relating to personal data.
When Race & Gender Meet: Experiences of Black Women in the Law
Time: 4:00 p.m. - 5:30 p.m.
Louisville Bar Association Bar Center, 600 West Main Street, Louisville, KY 40202
Louisville office attorney Calesia Henson will be a member of the panel discussing "When Race & Gender Meet: Experiences of Black Women in Law" following the Louisville Bar Association's Justice William E. McAnulty Jr. Trailblazer Award presentation.
Ransomware Threats: Prevention Tips and Response Strategies
Time: 1:00 p.m. - 2:30 p.m.
Webinar
Stites & Harbison attorneys, Mari-Elise Paul and Sarah Cronan Spurlock, will participate in this upcoming ABA program focused on cybersecurity law and cyber incident response preparedness.
Data Security and Privacy Symposium
Time: 8:15 a.m. - 3:00 p.m.
State Bar of Georgia Conference Center, 104 Marietta Street NW, Atlanta, GA 30303
Shannon Sprinkle and Sarah Spurlock will be speakers at this Atlanta Bar Association seminar being held February 8th.
Kentucky Super Lawyers Honors 49 Stites & Harbison Attorneys for 2023
LOUISVILLE, Ky.—The 2023 edition of Kentucky Super Lawyers recently honored 49 Stites & Harbison, PLLC attorneys in the Covington, Frankfort, Lexington and Louisville, Ky., offices. The publication named 37 attorneys to the Super Lawyers list and 12 attorneys to the Rising Stars list.
Call to Action for Critical Infrastructure Businesses - New Federal Cyber Breach Reporting: Obligations and Ransomware Prevention Strategies
Kentucky Bar Association Bench & Bar article by Louisville office attorney Sarah Spurlock discussing cyber defenses and security breach reporting.
Nine Stites & Harbison Attorneys Honored by 2022 Mid-South Super Lawyers
NASHVILLE, Tenn.—The 2022 edition of Mid-South Super Lawyers recently honored nine Stites & Harbison, PLLC attorneys. Six attorneys were named to the Super Lawyers list and three were named to the Rising Stars list.
Ian Ramsey Appointed to Kentucky Bicycle and Bikeway Commission
LOUISVILLE, Ky.—Governor Andy Beshear has appointed Stites & Harbison, PLLC attorney Ian Ramsey to the Kentucky Bicycle and Bikeway Commission (KBBC).
Stites & Harbison Earns 87 Rankings in 2023 "Best Law Firms" List
LOUISVILLE, Ky.—U.S. News & World Report and Best Lawyers® have released their 2023 “Best Law Firms” rankings. Stites & Harbison, PLLC’s three National Tier 1 rankings include: Litigation – Construction, Litigation – Real Estate, and Trademark Law. The firm’s overall results include 87 metropolitan rankings in six regions.
Mari-Elise Paul Named a 2022 Go To Lawyer for Intellectual Property Law
ALEXANDRIA, Va.—Virginia Lawyers Weekly recently named Stites & Harbison, PLLC attorney Mari-Elise Paul to the 2022 list of Virginia’s Go To Lawyers for Intellectual Property Law. She is one of 19 attorneys honored.
Virginia Super Lawyers 2022 Honors John Teresinski
ALEXANDRIA, Va.—The 2022 edition of Virginia Super Lawyers recently honored Stites & Harbison, PLLC attorney John Teresinski. He was named to the Rising Stars list.