Lead by example.

what we do / Privacy & Data Security

keep close watch on evolving standards to minimize risk

View Complete PDF

overview

Our Privacy & Data Security Group understands that the effective protection and management of information is critical for an organization to operate successfully. Businesses must comply with an increasingly complex web of state, federal, and international laws and regulations designed to protect commercially sensitive data and personally identifiable information. Our inter-disciplinary group of attorneys provides clients with practical solutions to comply with the requirements governing the gathering, storage, transfer, and use of information. We help companies implement preventive and loss mitigation measures as well as appropriate responses in the case of actual or potential release of or improper access to such information.

Our attorneys counsel clients regarding legal and practical techniques intended to maximize protection and minimize or avoid risks that may compromise sensitive and proprietary business information. Strategies to prevent data breaches include: updating and implementing comprehensive policies; reviewing contract terms and the contracting process; providing applicable training, training tools, and methods to proactively communicate expectations and requirements to employees and vendors; and confirming that relevant internal departments (IT, HR, Benefits, etc.) are aware of relevant risks. These groups must be committed to coming together as a team to best protect the company and those individuals whose personal or confidential information is held by the company.

We work closely with clients and internal and external response teams, including forensic investigators and accountants, computer consultants, press and media advisors, and other crisis management providers, to efficiently and effectively address the company’s immediate and long-term needs in the event of a data security breach. Our trial attorneys have the courtroom experience needed to address our clients’ privacy and data security litigation needs. We also provide the skills and experience in dealing with obligations of immediate disclosure, response, and remedial measures in the face of a data privacy or security breach. Our attorneys have handled internal investigations, government agency investigations, regulatory reporting, media communications, litigation, and customer/stakeholder service recovery when a breach has occurred.

Tucker Ellis attorneys have extensive subject matter knowledge in intellectual property and trade secrets, healthcare, banking and financial services, insurance, and human resource and benefits. Our team has substantial experience in drafting and addressing internal policies and investigations, and handling external and civil investigations under Sarbanes-Oxley, the Gramm-Leach-Bliley Act, HIPAA, PCI-DSS, GDPR, the Foreign Corrupt Practices Act, the False Claims Act, RICO, Qui Tam litigation, and similar statutes that can be implicated by data, privacy, and security concerns. Our lawyers also have hands-on business proficiency that enables us to provide strategic business consulting on all aspects of information policies, data privacy and security, incident response, internal audits, and records management.

For a description of our HIPAA and Medical Privacy Practice, click here.

areas of emphasis

Tucker Ellis assists clients of all sizes across industries in data privacy incidents that implicate:

Business Litigation (individual and class action litigation)
Financial Services Counseling (Gramm-Leach-Bliley Act/Sarbanes-Oxley)
PCI-DSS
GDPR
HIPAA/HITECH Enforcement and State Medical Privacy Laws
OCR Audit Preparation
Information Technology (storage, use, and access to personal and confidential information, both internal
and external)
Risk Avoidance (technological and legal initiatives)
Regulatory Compliance Reporting
Trade Secrets
White Collar Criminal Defense
Internal Corporate Investigations and Counseling

Key Contact

Robert J. Hanna

Partner

attorneys

experience

Developed HIPAA-compliant best practices policies and training for covered employers and providers
Audited compliance with data privacy and security laws and regulations
Represented large multinational corporations in data breach investigations
Defended large pharmaceutical manufacturer in a trade secret case involving alleged theft of clinical data
Negotiated technology license and use agreements, off-site data storage and security agreements, and data evaluation and manipulation agreement with client vendors
Counseled clients and provided emergency response services and disclosures with respect to inadvertent
disclosures and access to confidential consumer, employee, and customer information
Defended individuals and executives in response to allegations of actual or potential criminal conduct arising from data breaches and security related issues
Prosecuted Qui Tam actions in the healthcare industry resulting in the federal government’s interventions and recovery of funds against multi-state healthcare providers and medical device manufacturers
Defended organizations and individuals against False Claims Act litigation brought by the federal government and Qui Tam relators in the construction, healthcare, transportation, and government procurement industries
Defended healthcare providers, hospitals, and insurance coverage providers in response to claims of alleged HIPAA and state medical privacy law violations
Represented business claimants in allegations that other businesses and individuals have misappropriated and/or misused proprietary or confidential information
Engaged in a FINRA investigation arising from a violation of Reg SP, an SEC promulgated privacy regulation
Represented an international company in prosecuting a theft of trade secrets case relating to its Brazilian operations
Representations in connection with restrictive terms of use relative to electronic information access, including electronic files and electronic documents
Counseled clients in connection with electronic document security, including watermarking, glyphs, encryption, and tracking
Represented businesses and their employees alleged to have engaged in theft of trade secret claims

related practices

business insights

Ohio Joins Growing Trend Requiring Cybersecurity Standards and Reporting Obligations for Insurance Industry
February 2019
Illinois Supreme Court Rules in Favor of Consumers in Landmark Biometric Data Case
January 2019
How Blockchain Can Help Secure Connected Devices
January 2019, Law360
Paul Janowicz Addresses Cyber Insurance in CIO Dive
January 2019, CIO Dive
The Future Awaits You! Enroll in the Newest CMBA Section
January 2019, Cleveland Metropolitan Bar Journal
The California Consumer Privacy Act of 2018: How Can Businesses Use Consumer Data?
January/February 2019, Nutrition Industry Executive
Berglund Comments to Law360 on New HHS Health Cybersecurity Guide
January 2019
Bill Berglund Makes New Year Cybersecurity Predictions in Law360
January 2019, Law360
Dan Messeloff Offers Insights into CCPA Compliance in TechTarget
December 2018, TechTarget
Rob Hanna and Elisa Arko Make Cybersecurity and Privacy Predictions for 2019 in Legaltech News
December 2018, Legaltech News
Connected Medical Devices: What Attorneys Need to Know
October 18 - Volume 18 Issue 2, HIT News, A Publication of the American Health Lawyers Association
Emily Knight Quoted in Hospitality Technology on Biometric Data Misuse Case
October 2018, Hospitality Technology
Carl Muller and Paul Janowicz Address Workplace Privacy Issues in OSBA WebCast
September 2018
Marc R. Greenberg Joins Tucker Ellis as Counsel in Los Angeles
September 2018
The Future Is in the Palm of Your Hand and in the Details of Your Eyes, Face, and Fingerprints as Businesses Handling Biometric Data Face a New Wave of Class-Action Litigation
Volume 22, Issue 4, DRI's The Business Suit
Cybersecurity Safe Harbor Against Data Breach Lawsuits Becomes Ohio Law
August 2018
Tucker Ellis Welcomes Raymond Krncevic as Trial Department Counsel
July 2018
California Passes Landmark Law Creating Broad Data Privacy Rights for California Residents
July 2018
GDPR Update: Your Questions About GDPR – Answered
July 2018
Vicky Vance Speaks at ACI 17th Annual Advanced Forum on Obstetric Malpractice Claims
June 2018
"Injury in Fact" Standing After Cambridge Analytica
June 2018, Law360
GDPR Focus: How the European Union's New Cybersecurity Measure Will Impact Your American Manufacturing Business
May 2018, Manufacturing Today
Tod Northman Comments to Law360 on DOT UAS Initiative
May 24, 2018, Law360
Assessing the Fine (Finger) Print: Biometric Data is the New Frontier in Data Security and the Next Wave of Litigation
May 2018, Cleveland Metropolitan Bar Journal
DOT Selects 10 Drone Operations Test Sites for Pilot Program
May 2018
Tod Northman Quoted in Law360 on Air Traffic Control System
April 2018, Law360
Roundtable: Cyber Risk & Security
May 2018, Financier Worldwide
The SEC's Latest on Disclosures: New Guidance Mandates Greater Attention to Cybersecurity Planning
April 2018, Corporate Compliance Insights
Tucker Ellis Welcomes New Partner Caroline Tinsley to MedPharm Group
April 2018
Countdown to the GDPR
March 2018, Manufacturing Business Technology
Countdown to the GDPR: What You Need to Know About the Impact of the European Union's New Cybersecurity Measures on Your American Business
March 2018
2018 Healthcare Compliance Outlook for Boards of Directors
March 2018, Cleveland Metropolitan Bar Journal
Risk Management in the Air: What You Need to Know About Insuring Your Drone
March 2018, Westlaw Journal Insurance Coverage
Bill Berglund Earns IAPP CIPP/US Certification
March 2018
Proposed Legislation Seeks to Safeguard Ohio's Election System against Cyberattacks
February 2018
Lessons for Data Breach Lawyers from Product Liability
January 2018, Law360
Bloomberg BNA Quotes Bill Berglund on Office Cybersecurity
January 2018
Ohio Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
December 2017
Rob Hanna Quoted in Mimecast Blog on the Importance of Email Search Speed in Client and Court Requests
October 2017
Rob Hanna Quoted in Mimecast Blog on Mobile Email Management
September 2017
FAA Regs Still Apply to "Commercial" Drone Use
August 2017, Law360
Drone Operators Beware: FAA Drone Regulations Continue to Apply to "Commercial" Uses
July 2017
Law360 Quotes Tod Northman on FAA Air Traffic Control Provisions
June 2017, Law360
Arbitration Agreements in Long-Term Care Facilities: CMS Dismisses Appeal of Injunction and Issues New Proposed Rule -- and Other Health Care Industry News
June 2017
Paul Janowicz Speaks at OSBA's Warren Regional CLE on Data Protection in Practice
May 2017
Tom Peppard Presents at OSBA Business Law Conference
May 12, 2017
Corporate Representative Deposition Update - Traps Remain for the Unwary
Spring 2017, OACTA's The Update
Data Security Breaches Land General Counsel on Chopping Block; Lessons from Yahoo!
March 2017
Six Tucker Ellis Attorneys Speak at Health Care Law Update & Medical/Legal Summit
March 27, 2017
Don't Let a Data Breach Derail the Deal
January 14, 2017, Crain's Cleveland Business
Corporate Representative Depositions and Proportionality
Winter 2017, DRI's In-House Defense Quarterly
Enhancing Board Oversight of Cyber Risk - The Board's Increasingly Important Role
December 19, 2016, Corporate Compliance Insights
Paul Janowicz Discusses Cyber Liability Policies at Akron Bar Association Insurance Seminar
December 2016
HIPAA Phase 2 Audits Are Here. Are Business Associates Ready?
September 2016
Hanna and Janowicz Quoted in Crain's Cleveland Business on Cleveland-Marshall's Cybersecurity Center
August 2016
Think Fast: The Potential for Tension Between Insureds and Data Security Insurers
August 1, 2016, Bloomberg BNA's Privacy and Security Law Report
Paul Janowicz Quoted in Westlaw Journal on Dismissal of Data Breach Suit
July 2016
FAA Approves Expanded Commercial Operations for Drones; Senate Version of 2016 FAA Reauthorization Makes It Out of Committee
April 2016
Tod Northman Quoted in Law360 on FAA Funding Fix
March 2016
Tod Northman Quoted in Law360 on FAA Reauthorization Bill
February 2016
Hobbyists Required to Register Drones
December 2015
Federal Task Force Recommends Drone Registration
December 2015
Drug and Device Lawyers Need to Be Mindful of Recent HIPAA and State Medical Privacy Law Developments
October 2015, DRI's RX for the Defense
Legal Update on Drones: FAA Provides Needed Guidance to Model Airplane Hobbyists
September 2015
The Greatest Cybersecurity Risk Comes From Within
September 2015, Law360
Data Security Plans: Why Financial Institutions Must Continuously Assess and Update Their Data Security Plans
June 19, 2015
Taber and Vance Speak at OHA Centennial Annual Meeting
June 2015
A Murky Trade Secret Landscape: What Employers Can Do
December 19, 2014, Law360
The "Heartbleed" Bug and Responding to a Data Security Breach
April 2014
Data Security: What You Don't Protect Can Cost You
1Q2013, FOCUS, ACC Northeast Ohio Chapter

podcast

Driverless

A podcast that analyzes legal issues surrounding autonomous vehicles.

Blogs

ERISA

Perspectives on employee benefits, executive compensation and ERISA litigation to help you attract and retain talent.

lingua negoti

The language of business.

Ohio Environmental

Insights and commentary for the business and legal community.

News & Publications