Privacy & Data Security
Our attorneys are trusted privacy and information security advisors and advocates. We maintain strong relationships with local law enforcement officials and data breach response vendors to better serve clients by offering proactive advice and quick response in the critical time following a data breach. Whether you are a company needing help or a professional advisor seeking local assistance, we are ready to assist you with your compliance, incident response, or litigation needs.
We understand and solve complex problems for service professionals, manufacturers, and contractors, as well as state and federally regulated health care providers, health plans, financial institutions, and retailers.
Stites & Harbison will:
-
Educate and provide practical solutions to strengthen data security plans and improve policies.
-
Review and draft vendor contracts, business associate agreements, terms of use and privacy policies, or transactional agreements involving data security.
-
Advise and respond to government investigations, including HIPAA and HITECH audits and regulatory compliance requirements.
-
Provide immediate advice when a data breach occurs to comply with state and federal data breach laws, investigate, and formulate effective strategies to mitigate damages.
-
Defend litigation arising from alleged privacy and security data breaches.
Members and associates actively participate in major professional organizations, including:

-
American Bar Association
-
American Health Lawyers Association
-
Defense Research Institute
-
Mortgage Bankers Association of America
-
International Association of Privacy Professionals
Stites & Harbison attorneys work on a variety of privacy and security matters. Notable assignments include:
-
Successfully obtained summary judgment for a healthcare provider in Jefferson Circuit Court in a putative class action asserting claims for negligence, negligence per se, and invasion of privacy stemming from an alleged data breach disclosing patient information. Judgment was obtained prior to any class being certified.
Obtained summary judgment for defendant in putative class action asserting multiple claims arising from alleged data breach.
-
Investigated and advised an employer-sponsored health plan on breach reporting obligations following a cyber-attack involving malicious software.
-
Advised on a professional legal malpractice claim concerning a data breach.
-
Advised an online retail business in responding to and investigating a data breach, including working with various State’s Attorney General offices.
-
Assisted client in responding to Office for Civil Rights complaint investigations and desk audits arising from alleged HIPAA violations and data breach reports.
-
Worked with domestic financial institutions to recover client funds unlawfully transferred to foreign banks.
-
Advised client and collaborated with FBI and other law enforcement concerning theft of funds arising from multiple data breaches.
-
Advised employer in connection with employees’ confidential postings on social media.
-
Analyzed and identified HIPAA-regulated product offerings for a financial institution and worked with internal legal, compliance, and business teams in developing a comprehensive HIPAA compliance plan.
-
Represented a medical practice in a data breach investigation and notification to individuals following insider theft of social security numbers from patient medical records.
-
Performed an enterprise-wide data classification analysis for an organization regulated by numerous state and federal privacy laws; drafted vendor contract with requirements to safeguard information in compliance with applicable laws.
President Issues Landmark Executive Order on Artificial Intelligence and Directives for the U.S. Patent and Trademark Office
On October 30, 2023, President Joe Biden issued a landmark executive order (the Order) directed to promoting use and managing risks of artificial intelligence (AI). The order recognizes the vast potential of AI and directs sweeping actions to protect against the risks of AI. Attorney John Teresinski takes at look at the order in this Stites & Harbison Client Alert.
Kentucky Now Allows Persons Age 70 and Over To Opt Out of Jury Service
In March 2023, Kentucky enacted KRS 29A.080, a new law that allows persons 70 and older to voluntarily opt out of jury service. Attorneys Ashley Ward and Kyle Schroader take a look at that new law in this Stites & Harbison Client Alert.
Stites & Harbison Earns 88 Rankings in 2024 Best Law Firms®
LOUISVILLE, Ky.—Stites & Harbison, PLLC has been ranked in the 2024 edition of Best Law Firms®. The firm’s National Tier 1 rankings include: Litigation – Construction, Litigation – Real Estate, and Trademark Law.
Stites & Harbison Signature Event
Time: 5:30 p.m. - 8:30 p.m.
Rupp Arena at Central Bank Center, 430 West Vine Street, Lexington, KY 40507
Join Stites & Harbison for this Signature Event in Lexington for a special evening at Rupp Arena.
Corporate Counsel Recognizes Marjorie A. Farris with 2023 Women, Influence & Power in Law Award – Managing Partner of the Year
LOUISVILLE, Ky.—Corporate Counsel has honored Stites & Harbison, PLLC Chair Marjorie A. Farris as a “Managing Partner of the Year” in its 2023 Women, Influence & Power in Law (WIPL) Awards. She is one of six women honored in this category across the country.
Stites & Harbison, PLLC Lawyers Named to 2024 Best Lawyers® Publications
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that 101 of its lawyers are included in the 2024 edition of The Best Lawyers in America®.
“To Text or Not to Text…” Challenges to Defending Employment Matters Involving Text Messages
Time: 12:00 p.m. - 1:40 p.m.
WEBINAR
Employment attorney Shannon Hamilton challenges an employer may face when defending an employment matter that involves text messaging as evidence along with other matters in this myLawCLE webinar.
Reevaluating Your Company’s Compliance Program
The United States Department of Justice’s Criminal Division (“Division”) announced a new program—called the Compensation Incentives and Clawbacks Pilot Program (“program”)—that will shift the burden of corporate financial penalties away from shareholders and onto culpable corporate employees.
Kelly White Bryant Promoted to Chair of Stites & Harbison’s Health Care Service Group
LOUISVILLE, Ky.—Stites & Harbison, PLLC is pleased to announce that attorney K. Kelly White Bryant has been promoted to Chair of the firm’s Health Care Service Group.
Supreme Court: Employers Must Accommodate Employees’ Religious Practices Absent “Substantial” Increased Costs in Relation to the Conduct of the Business
Employment attorneys Robin McGuffin and Kyle Schroader take a look at the Supreme Court's decision on Title VII stating that employers must accommodate employee's religious practices.
Stites & Harbison Earns National and Regional Top 10 Honors from ABA Health Law Section
LOUISVILLE, Ky.—The American Bar Association (ABA) Health Law Section has ranked Stites & Harbison, PLLC in its Tenth Annual Regional Top 10 Law Firm Recognition List of Top 10. The firm ranked 8th in the inaugural National Top 10 list and 4th in the South Top 10 list. Stites & Harbison has been honored nine consecutive times to the South list.
Health Care Providers and Business Associates Beware: Use of Online Tracking Technology May Violate HIPAA
Entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) may be surprised to learn that use of certain online tracking technology may result in inadvertently sharing information protected under HIPAA with unauthorized third parties. On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued guidance with far-reaching implications for HIPAA regulated entities highlighting their HIPAA compliance obligations when using third-party online tracking technologies designed to collect and analyze information pertaining to a user’s interaction with the regulated entity’s webpages and mobile apps.
Kentucky Hospital Association 94th Annual Convention
Central Bank Center, 430 W Vine Street, Lexington, Kentucky 40507
Stites & Harbison attorneys Sarah Spurlock, Ameena Khan and Shea Luna will be speakers at this year's Kentucky Hospital Association Convention in Lexington, Ky.
“To Text or Not to Text…” Challenges to Defending Employment Matters Involving Text Messages
A client recently received a litigation hold letter from an attorney representing a former employee. It demanded retention and preservation of all “documents and data” relating to or concerning the former employee, their work performance, and termination. The definition of documents and data also included all electronically stored information, “. . . such as e-mail, voicemail, . . . digital audio or video recordings, instant messages, text messages, social media posts, . . . and any other electronic information created, maintained or received by you.”
UK Women Innovators Network Panel Discussion
Time: 3:30pm - 5:30pm
University of Kentucky, Gatton Student Center, Ballroom 212A, 160 Avenue of Champions, Lexington, KY
Join Mandy Decker and the UK Office of Technology Commercialization for the UK Women Innovators Network panel discussion of the book "Funded Female Founders: How to traverse the uneven playing field and secure funding to grow your business."
Kentucky Lawmakers Considering Comprehensive Data Privacy Legislation
Kentucky may soon join the growing number of states that have enacted data privacy legislation. On January 3, 2023, Senator Whitney Westerfield and Senator John Schickel introduced Senate Bill 15, which, if passed, will create new sections of KRS Chapter 367 to establish consumer protection rights for Kentucky residents relating to personal data.
When Race & Gender Meet: Experiences of Black Women in the Law
Time: 4:00 p.m. - 5:30 p.m.
Louisville Bar Association Bar Center, 600 West Main Street, Louisville, KY 40202
Louisville office attorney Calesia Henson will be a member of the panel discussing "When Race & Gender Meet: Experiences of Black Women in Law" following the Louisville Bar Association's Justice William E. McAnulty Jr. Trailblazer Award presentation.
Ransomware Threats: Prevention Tips and Response Strategies
Time: 1:00 p.m. - 2:30 p.m.
Webinar
Stites & Harbison attorneys, Mari-Elise Paul and Sarah Cronan Spurlock, will participate in this upcoming ABA program focused on cybersecurity law and cyber incident response preparedness.
Data Security and Privacy Symposium
Time: 8:15 a.m. - 3:00 p.m.
State Bar of Georgia Conference Center, 104 Marietta Street NW, Atlanta, GA 30303
Shannon Sprinkle and Sarah Spurlock will be speakers at this Atlanta Bar Association seminar being held February 8th.
Kentucky Super Lawyers Honors 49 Stites & Harbison Attorneys for 2023
LOUISVILLE, Ky.—The 2023 edition of Kentucky Super Lawyers recently honored 49 Stites & Harbison, PLLC attorneys in the Covington, Frankfort, Lexington and Louisville, Ky., offices. The publication named 37 attorneys to the Super Lawyers list and 12 attorneys to the Rising Stars list.