Our Privacy & Data Security Group understands that the effective protection and management of information is critical for an organization to operate successfully. Businesses must comply with an increasingly complex web of state, federal, and international laws and regulations designed to protect commercially sensitive data and personally identifiable information. Our inter-disciplinary group of attorneys provides clients with practical solutions to comply with the requirements governing the gathering, storage, transfer, and use of information.
Our attorneys counsel clients regarding legal and practical techniques intended to maximize protection and minimize or avoid risks that may compromise sensitive and proprietary business information. In the event of a breach, we work closely with clients and internal and external response teams, including forensic investigators and accountants, computer consultants, press and media advisors, and other crisis management providers, to efficiently and effectively address the company’s immediate and long-term needs.
Our trial attorneys have the courtroom experience needed to address our clients’ privacy and data security litigation needs. We also provide the skills and experience in dealing with obligations of immediate disclosure, response, and remedial measures in the face of a data privacy or security breach. Our attorneys have handled internal investigations, government agency investigations, regulatory reporting, media communications, litigation, and customer/stakeholder service recovery when a breach has occurred.
For a description of our HIPAA and Medical Privacy Practice, click here.
View More >
areas of emphasis
Tucker Ellis assists clients of all sizes across industries in data privacy incidents that implicate:
- Business Litigation (individual and class action litigation)
- Financial Services Counseling (Gramm-Leach-Bliley Act/Sarbanes-Oxley)
- General Data Protection Regulation (GDPR)
- HIPAA/HITECH Enforcement and State Medical Privacy Laws
- OCR Audit Preparation
- Insurance Coverage
- Information Technology (storage, use, and access to personal and confidential information, both internal
- and external)
- Risk Avoidance (technological and legal initiatives)
- Regulatory Compliance Reporting
- Biometric Data Analysis
- State and Federal Cybersecurity Laws
- PCI-DSS
- Trade Secrets
- White Collar Criminal Defense
- Internal Corporate Investigations and Counseling
presentations
- “Bracing for the New Normal in Data Privacy: GDPR, CCPA, and Other Initiatives Impacting the Business World in 2020 and Beyond," 2019 In-House Counsel Summit, Tucker Ellis LLP, Cleveland, Ohio (November 2019) "
- “Preservation, Discovery, and Presentation of Cyber Evidence,” IADC Webinar (June 2019)
- “GDPR and International Compliance” and “Health Care Sector Deep Dive,” Cybersecurity & Privacy Protection Conference 2019, Cleveland, Ohio (May 2019)
- “Global Security Risk Management Update: Impact on Cyber, Intellectual Property, Personal and Corporate Physical Security,” Cleveland Metropolitan Bar Association, Cleveland, Ohio (May 2019)
- “The Impact of GDPR on Enforcing Intellectual Property Rights on the Internet,” Harvard Law School, Cambridge, Massachusetts (March 2019)
- “Avoiding Legal Liability,” The Information Security Summit, Cleveland, Ohio (October 2018)
- “Workplace Privacy: Developments in Monitoring and Use of Genetic Information,” Ohio State Bar Association WebCast (September 2018)
- “Cyber Ohio Business Summit on Cyber Risk Assessment,” Office of Ohio Attorney General Mike DeWine, Columbus, Ohio (March 2018)
- “Technology in the Workplace: Data Protection in Practice,” Warren Regional CLE, Ohio State Bar Association, Warren, Ohio (May 2017)
- “Regulating Information: A Candid Conversation About HIPAA and Privacy,” Cleveland-Marshall College of Law, Cleveland, Ohio (April 2017)
- “Healthcare Cybersecurity and Privacy Litigation,” Health Care Law Update & Medical/Legal Summit 2017, Cleveland Metropolitan Bar Association/Academy of Medicine Education Foundation/The Academy of Medicine of Cleveland & Northern Ohio, Cleveland, Ohio (March 2017)
- “HIPAA Best Practices and Audit Readiness,” Health Action Council Webinar (February 2017)
- “Understanding & Navigating Cyber Liability Policies,” Advanced Issues in Insurance Coverage Law, Akron Bar Association, Akron, Ohio (December 2016)
- “Healthcare Update – Regulations, HIPAA, and Risk Avoidance," 2016 In-House Counsel Summit, Tucker Ellis LLP, Cleveland, Ohio (October 2016)
- “Cyber Security Month – Security Panel,” Case Western Reserve University, Cleveland, Ohio (October 2016)
- “A Practical Guide to Your Incidence Response Plan,” Practical Tips and Tools to Deal with Cybersecurity Challenges, Tucker Ellis LLP, Cleveland, Ohio (July 2016)
- “Identifying, Calculating, and Mitigating Covered Loss under New Cyber Liability Policies,” Cleveland Metropolitan Bar Association Insurance Law Section, Cleveland, Ohio (November 2015)
- “Surviving the Breach: Immediate Steps and Responses,” and “What Are the Risks: An Introduction to Exposures, Costs, and Trends,” Tucker Ellis Privacy and Data Security Risks: Are You Prepared?, Cleveland, Ohio (July 2015)
- “Protecting the Net: Cybersecurity,” Tucker Ellis/McGladrey Marching Through the Madness: Making Your
- Financial Services Team a Winner in Risk and Compliance, Cleveland, Ohio (March 2015)
- “Data Security: Managing the Crisis,” 2014 In-House Counsel Summit, Tucker Ellis LLP, Cleveland, Ohio
- (October 2014)
- “HIPAA HITECH Compliance Seminar: What Organizations and Their Business Associates Need to Know,”
- sponsored by Tri-C and Jurlnnov (July 2013)
- “Technology and Cyber Risks – Exposures and Coverage Options,” Public Agency Risk Managers Association (May 2012)
- Webinar: “Great Ideas for Media and Technology in Schools.” Available online at:
- http://training.sia-jpa.org/Academy/ViewCourse.aspx?CourseID=24
- Speaker at seminars on “Data Breach: Understanding the Risk and Managing a Crisis”
- Presented “Data Security Risks and Crisis Management” to individual firm clients
- “Navigating the Stringent Legal e-Discovery Requirements and Patient Confidentiality Concerns Associated with Electronic Documentation,” Advanced Forum on Healthcare Provider Disputes & Litigation, American Conference Institute, Chicago, Illinois (July 2012)
- “The Risks and Rewards of EMR: Meaningful Use or Tool for Abuse?,” 7th Annual National Medical Liability Insurance ExecuSummit, Mohegan Sun, Connecticut (September 2011)
publications
- “Are You Ready for the California Consumer Privacy Act?”, Tucker Ellis Client Alert (July 2019)
- “Ohio Joins Growing Trend Requiring Cybersecurity Standards and Reporting Obligations for Insurance Industry,” Tucker Ellis Client Alert (February 2019)
- “Illinois Supreme Court Rules in Favor of Consumers in Landmark Biometric Data Case,” Tucker Ellis Client Alert (January 2019)
- “The Future Is in the Palm of Your Hand and in the Details of Your Eyes, Face, and Fingerprints as Businesses Handling Biometric Data Face a New Wave of Class-Action Litigation,” DRI’s The Business Suit (Vol. 22, Issue 4)
- “Cybersecurity Safe Harbor Against Data Breach Lawsuits Becomes Ohio Law,” Tucker Ellis Client Alert (August 2018)
- “California Passes Landmark Law Creating Broad Data Privacy Rights for California Residents,” Tucker Ellis Client Alert (July 2018)
- “GDPR Update: Your Questions About GDPR – Answered,” Tucker Ellis Client Alert (July 2018)
- “‘Injury in Fact’ Standing After Cambridge Analytica,” Law360 (June 2018)
- “GDPR Focus: How the European Union’s New Cybersecurity Measure Will Impact Your American Manufacturing Business,” Manufacturing Today (May 2018) “Assessing the Fine (Finger) Print: Biometric Data Is the New Frontier in Data Security and the Next Wave of Litigation,” Cleveland Metropolitan Bar Journal (May 2018)
- “Roundtable: Cyber Risk & Security,” Financier Worldwide (May 2018)
- “The SEC’s Latest on Disclosures: New Guidance Mandates Greater Attention to Cybersecurity Planning,” Corporate Compliance Insights (April 2018)
- “Countdown to the GDPR,” Manufacturing Business Technology (March 2018)
- “Countdown to the GDPR: What You Need to Know About the Impact of the European Union’s New Cybersecurity Measures on Your American Business,” Tucker Ellis White Paper (March 2018)
- “Proposed Legislation Seeks to Safeguard Ohio’s Election System Against Cyberattacks,” Tucker Ellis Client Alert (February 2018)
- “Lessons for Data Breach Lawyers from Product Liability,” Law360 (January 2018)
- “Ohio Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs,” Tucker Ellis Client Alert (December 2017)
- “Data Security Breaches Land General Counsel on Chopping Block; Lessons from Yahoo!,” Tucker Ellis Client Alert (March 2017)
- “Don’t Let a Data Breach Derail the Deal,” Crain’s Cleveland Business (January 2017)
- “Enhancing Board Oversight of Cyber Risk – The Board’s Increasingly Important Role,” Corporate Compliance Insights (December 2016)
- White Paper and associated Proposed Internal Policies and Guidelines regarding proper use, access, and protection of technology, Internet, personal digital assistants (PDAs), and cellular telephones, and individual Technology User Agreements
- “Think Fast: The Potential for Tension Between Insureds and Data Security Insurers,” Bloomberg BNA’s Privacy and Security Law Report (August 2016)
- “The Greatest Cybersecurity Risk Comes From Within,” Law360 (September 2015)
- “Data Security Plans: Why Financial Institutions Must Continuously Assess and Update Their Data Security Plans,” Bloomberg BNA’s Corporate Law & Accountability Report (June 2015)
- “The ‘Heartbleed’ Bug and Responding to a Data Security Breach,” Tucker Ellis Client Alert (April 2014)
- “Data Security: What You Don’t Protect Can Cost You,” published in FOCUS, quarterly newsletter of the Association of Corporate Counsel Northeast Ohio Chapter (1Q2013)
media quotes
- “Why You Should Create a Forward-Thinking Privacy Policy,” InformationWeek (August 2019)
- “Banks Feeling the Heat Over Fintech Partners’ Cyber Risks,” Law360 (June 2019)
- “DC Circ. Piles Onto Standing Split With Data Breach Ruling,” Law360 (June 2019)
- “Data Breach Legislation Proposes Jail Time for CIO, HR Execs,” TechTarget (April 2019)
- “CCPA Compliance Begins with Data Inventory Assessment,” TechTarget (December 2018)
- “Legal Tech’s Predictions for 2019 in Cybersecurity and Privacy,” Legaltech News (December 2018)
- “Lawyers Weigh In on the Loews Hotel Biometric Data Misuse Case,” Hospitality Technology (October 2018)
- “The Coca-Cola Hack and Who’s on Hook for Office Cybersecurity,” Bloomberg BNA (January 2018)
- “Cloud Archiving: The Benefits of Super-Fast Email Searches,” Mimecast Blog (December 2017)
- “5 Reasons Your Archive Data Solution Will Do You Wrong,” Mimecast Blog (November 2017)
- “Not Just a Nice to Have. 7 Reasons an All-in-One Cloud Archive Is a Business Necessity,” Mimecast Blog (October 2017)
- “The 5 Biggest Challenges of Mobile Email Management,” Mimecast Blog (September 2017)
- “Scottrade Wins Dismissal of Data Breach Suit,” Westlaw Journal Computer & Internet (July 2016)