Skip to Main Content

what we do / Privacy & Data Security

keep close watch on evolving standards to minimize risk
overview

Our Privacy & Data Security Group understands that the effective protection and management of information is critical for an organization to operate successfully. Businesses must comply with an increasingly complex web of state, federal, and international laws and regulations designed to protect commercially sensitive data and personally identifiable information. Our inter-disciplinary group of attorneys provides clients with practical solutions to comply with the requirements governing the gathering, storage, transfer, and use of information. We help companies implement preventive and loss mitigation measures as well as appropriate responses in the case of actual or potential release of or improper access to such information.

Our attorneys counsel clients regarding legal and practical techniques intended to maximize protection and minimize or avoid risks that may compromise sensitive and proprietary business information. Strategies to prevent data breaches include: updating and implementing comprehensive policies; reviewing contract terms and the contracting process; providing applicable training, training tools, and methods to proactively communicate expectations and requirements to employees and vendors; and confirming that relevant internal departments (IT, HR, Benefits, etc.) are aware of relevant risks. These groups must be committed to coming together as a team to best protect the company and those individuals whose personal or confidential information is held by the company.

We work closely with clients and internal and external response teams, including forensic investigators and accountants, computer consultants, press and media advisors, and other crisis management providers, to efficiently and effectively address the company’s immediate and long-term needs in the event of a data security breach. Our trial attorneys have the courtroom experience needed to address our clients’ privacy and data security litigation needs. We also provide the skills and experience in dealing with obligations of immediate disclosure, response, and remedial measures in the face of a data privacy or security breach. Our attorneys have handled internal investigations, government agency investigations, regulatory reporting, media communications, litigation, and customer/stakeholder service recovery when a breach has occurred.

Tucker Ellis attorneys have extensive subject matter knowledge in intellectual property and trade secrets, healthcare, banking and financial services, insurance, and human resource and benefits. Our team has substantial experience in drafting and addressing internal policies and investigations, and handling external and civil investigations under Sarbanes-Oxley, the Gramm-Leach-Bliley Act, HIPAA, PCI-DSS, GDPR, the Foreign Corrupt Practices Act, the False Claims Act, RICO, Qui Tam litigation, and similar statutes that can be implicated by data, privacy, and security concerns. Our lawyers also have hands-on business proficiency that enables us to provide strategic business consulting on all aspects of information policies, data privacy and security, incident response, internal audits, and records management.

For a description of our HIPAA and Medical Privacy Practice, click here.

View More >

areas of emphasis

Tucker Ellis assists clients of all sizes across industries in data privacy incidents that implicate:

  • Business Litigation (individual and class action litigation)
  • Financial Services Counseling (Gramm-Leach-Bliley Act/Sarbanes-Oxley)
  • PCI-DSS
  • GDPR
  • HIPAA/HITECH Enforcement and State Medical Privacy Laws
  • OCR Audit Preparation
  • Information Technology (storage, use, and access to personal and confidential information, both internal
  • and external)
  • Risk Avoidance (technological and legal initiatives)
  • Regulatory Compliance Reporting
  • Trade Secrets
  • White Collar Criminal Defense
  • Internal Corporate Investigations and Counseling

Key Contact

Robert J. Hanna
Partner
experience
  • Developed HIPAA-compliant best practices policies and training for covered employers and providers
  • Audited compliance with data privacy and security laws and regulations
  • Represented large multinational corporations in data breach investigations
  • Defended large pharmaceutical manufacturer in a trade secret case involving alleged theft of clinical data
  • Negotiated technology license and use agreements, off-site data storage and security agreements, and data evaluation and manipulation agreement with client vendors
  • Counseled clients and provided emergency response services and disclosures with respect to inadvertent
  • disclosures and access to confidential consumer, employee, and customer information
  • Defended individuals and executives in response to allegations of actual or potential criminal conduct arising from data breaches and security related issues
  • Prosecuted Qui Tam actions in the healthcare industry resulting in the federal government’s interventions and recovery of funds against multi-state healthcare providers and medical device manufacturers
  • Defended organizations and individuals against False Claims Act litigation brought by the federal government and Qui Tam relators in the construction, healthcare, transportation, and government procurement industries
  • Defended healthcare providers, hospitals, and insurance coverage providers in response to claims of alleged HIPAA and state medical privacy law violations
  • Represented business claimants in allegations that other businesses and individuals have misappropriated and/or misused proprietary or confidential information
  • Engaged in a FINRA investigation arising from a violation of Reg SP, an SEC promulgated privacy regulation
  • Represented an international company in prosecuting a theft of trade secrets case relating to its Brazilian operations
  • Representations in connection with restrictive terms of use relative to electronic information access, including electronic files and electronic documents
  • Counseled clients in connection with electronic document security, including watermarking, glyphs, encryption, and tracking
  • Represented businesses and their employees alleged to have engaged in theft of trade secret claims
business insights
Driverless
A podcast that analyzes legal issues surrounding autonomous vehicles.
ERISA
Perspectives on employee benefits, executive compensation and ERISA litigation to help you attract and retain talent.
lingua negoti
The language of business.
Ohio Environmental
Insights and commentary for the business and legal community.