Cybersecurity & Data Privacy
Data ranks among a company’s most important assets, accompanied by an ever-increasing potential for liability. It is important to prioritize and protect sensitive, confidential and proprietary information. If a breach or data loss occurs, it immediately places a company’s reputation and bottom line at risk.
Lathrop Gage has a tradition of excellence in this evolving area of the law, and routinely guides clients through the high-paced investigation, notification and response involved in a data breach or loss. Once these immediate obligations are resolved, we help our clients face any ongoing regulatory scrutiny and seize upon opportunities for improvement.
With an eye toward prevention, our multidisciplinary team of attorneys and data specialists can assess regulatory requirements, identify risk and develop strategies to protect personally identifiable information (PII), personal health information (PHI) and proprietary data. In addition, our insurance lawyers in the practice group can assist in considering appropriate cyberinsurance coverage.
Our data privacy and security experience extends to public and private organizations across industries such as healthcare, insurance, finance, technology, media, and education. We engage in a wide variety of data litigation and regulatory matters, from class actions under the Telephone Consumer Protection Act to individual claims. We deal with the more than 50 laws enforced by the Federal Trade Commission and state attorneys general, as well as the EU and other international data protection authorities.
A sample of some of our core competencies:
Data Breach Response
- Incident and breach risk assessment
- Management of data breach response
- Individual and regulatory notifications
- Regulatory investigation response
- Office for Civil Rights
- Federal Trade Commission
- State Attorneys General
- State Insurance Commissioners
- Media notification
- Insurance tender and response
- Individual data and privacy litigation
- Class-action litigation defense
- TCPA litigation defense
- Assessment of obligations
- Insurance regulations
- FDIC and banking regulations
- State privacy/security laws
- PCI DSS compliance
- Key Data Policies & Documents
- HIPAA/HITECH policies
- Business associate agreements
- Confidentiality agreements
- Insurance coverage analysis
- Training and education
- We have managed a wide variety of data loss and data breach incidents such as:
- Thefts of laptops, mobile phones and other devices containing PII and/or PHI
- Infiltrations of company databases for corporate or government espionage
- Thefts of credit card information and subsequent improper charges
- Postings of key trade secret information on social media and other websites
- Employee transfers of proprietary data to personal email, external drives, cloud, etc.
- Dedicated Denial of Service attacks upon company websites
- Representation of a hospital in the coordination of data breach investigation and response following a vendor’s inadvertent internet publication of financial information of over 8,000 individuals. The subsequent investigation by Office for Civil Rights was resolved without fines or penalties through demonstration of voluntary compliance including timely notification, mitigation of harm to individuals, and revision of policies and procedures.
- Resolution of multiple Office for Civil Rights investigations of healthcare providers related to HIPAA complaints related to patient access, accounting of disclosures, access to electronic systems, inadvertent disclosures, and loss of paper records.
- Investigation and coordination of a healthcare facility’s response of a complaint involving improper access to patient data by an employee. Our representation included investigation and termination of the employee, development and coordination of breach notification in compliance with HIPAA and state requirements, and mandatory reporting to the Office of Civil Rights and state licensure board.
- Counseling numerous health care providers, health plans, and business associates in the development and implementation of more robust HIPAA Compliance programs to integrate requirements of the Omnibus HIPAA regulations promulgated in January 2013.
- August 16, 2018
- June 12, 2018
- March 8, 2018
- August 23, 2016
- November 21, 2018
- Tedrick Housh Interviewed by Kansas City's ABC Station on Hacking Attempt on Senator Claire McCaskill's EmailJuly 31, 2018
- July 23, 2018
- November 14, 2018
- May 30, 2018
- Petya Global Ransomware Attack Shows Why Businesses Should Prepare for Loss or Unwanted Encryption of Key Data6/29/2017
- WannaCry Global Ransomware Attack Shows Why Businesses Should Prepare for Loss or Unwanted Encryption of Key Data5/16/2017
- Second Circuit Tells Defense Bar to Put Up Its "Dukes" in Copyright Class Actions: Google Scores Rule 23 Victory in Authors Guild Litigation7/2/2013
- Recent Seventh Circuit Decision Illustrates Legal Pitfalls to Individuals Who Lose Personal Information2/27/2013
- Data Breach: No Duty, No Harm, No Foul - Illinois Court of Appeals Issues Ruling on Chicago Public Schools Data Breach2/11/2011