Privacy and Information Security Law
Data privacy and information security is a key concern for clients that operate in today’s business environment. Information technology is susceptible to unlawful intrusion by third parties. Appropriate safeguards of customer and employee data as well as of a business’ trade secrets and operations are of vital importance, yet navigating the legal terrain is challenging since the data privacy laws vary depending on the industry and the location of the data.
The Privacy and Information Security Law Group is an interdisciplinary group of business and litigation attorneys who are knowledgeable in both U.S. and international data privacy laws. The Group draws upon its collective experience to solve legal issues arising in connection with this fast-growing and dynamic area of law.
The Group regularly assists clients with formulating and implementing privacy policies and practices, including those required by the Gramm-Leach-Bliley Act, USA Patriot Act, Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act and the FTC's Identity Theft Red Flag Rules.
We use a coordinated approach to risk assessments and the development of compliance solutions for our clients, drawing upon the broad experience of our Group and the firm’s industry-specific knowledge. We believe that being proactive with respect to privacy and data security compliance obligations, and incorporating privacy by design principles where possible, will assist our clients to be responsive to government regulators’ expectations and ahead of their competition in this escalated privacy environment.
The Group’s attorneys assist with the following:
- The development and formulation of website security and privacy statements and disclosures
- Advertising and marketing issues, including those raised by targeted behavioral advertising
- Issues concerning identity theft, including medical identity theft
- Issues raised by federal computer security and trade secret statutes
- Record retention policies and practices
- Formulating Identity Theft Red Flag Programs and procedures
- Employment information confidentiality
- Education information privacy
- Reviewing and drafting third party service provider confidentiality agreements
- Planning for and responding to data security breaches throughout the country
- HIPAA compliant business associate agreements and data use agreements
- HIPAA privacy and security policies and procedures
For clients who have multinational operations, our attorneys provide assistance with international data privacy issues, whether assisting with the European Union Data Privacy Directive requirements in connection with cross-border data transfer or the U.S. Department of Commerce Safe Harbor self-certification or obtaining legal assistance in other countries through the firm’s membership in Multilaw.
Our clients include major utilities, telecoms, financial institutions, health care providers, insurance companies, securities firms, retailers and employers in multiple economic sectors as well as companies (both large and small) who require assistance with their legal and risk management obligations to protect the confidentiality of the personal information of their employees, clients and customers.
In the News
- The Fallout From The Equifax Security Breach And Steps You Should Take To Protect Your Credit
- Cybersecurity Spells Trouble For New York Firms
- Tri-State leaders set their sights on super-sizing foreign investment
- Software patents — the phoenix of patent subject matter
- Foreign Direct Investment Symposium coming to Cincinnati — key leaders to speak
- What does that "circle R" mean, anyway?
- Yahoo breach data reveals the need for ethical breach reporting
- Cincinnati companies could learn to like President Trump, unless he starts a trade war
- NKU presents 9th annual Cybersecurity Symposium on Oct. 21, features national and local experts
- Travelers Institute hosts cybersecurity panel at national women’s business conference in Columbus, Ohio
- When information breaches lead to lawsuits
- 12 artists are accusing Zara of stealing their designs
- Winners: Here's who took home NKY LEGACY Next Generation Leadership Awards
- Cincinnati companies bracing for Brexit impact
- LEGACY announces finalists for Next Generation Leader Awards
- What Does The First CFPB Order On Data Security Compliance Signal?
- Smart cookies: Girl Scouts make diligent use of trademarks
- Bingham Fellows names 2016 class
- Frost Brown Todd names new Cincinnati partners
- Cincinnati is becoming a magnet for Finnish companies
- Preparation, protection are essential assets for businesses’ cybersecurity, local attorneys say
- Ask for permission, not forgiveness, in telemarketing tactics, attorney says
- Law & Media Conference draws Ohio Lawyers, Judges, Journalists, Academics
- German clothing store to open at Moerlein brewery
- Foreign trips sell Cincinnati to overseas businesses
- Frost Brown Todd Attorney Milton Sutton Achieves Certification as an Information Privacy Professional
- Michael Nitardy Earns Global Standard Certification for Privacy Laws
- Frost Brown Todd Attorneys Jane Hils Shea and Melissa Kern Achieve Privacy Certification
- Ohio State Bar Foundation Honors Chad N. Eckhardt for Community Service
- Chris Burnside selected for Bingham Fellows Class
- Attention Website Operators and Online Service Providers:
- FTC to EU: We Take Our Privacy Shield Duties Seriously
- Data Privacy Detective Podcast - Episode 11 - Tech Support Scams
- Data Privacy Detective Podcast - Episode 10 - Cybersecurity & IoT
- Data Privacy Detective Podcast - Episode 9 - Phishing - How to Avoid Being Hooked
- Data Privacy Detective Podcast - Episode 8 - FBI CyberAlert about massive attack, July 25, 2017 – so what do we do?
- To Disclose or Not: Search Warrants for Data Stored Overseas
- It's Tax Season - Is Your Scam Alert on? (Update)
- Data Privacy Detective Podcast - Episode 7 - Big Data and Your Personal Privacy
- Data Privacy Detective Podcast - Episode 6 - Facial Recognition Technology and Our Privacy
- Data Privacy Detective Podcast - Episode 5 - Top Tips On Protecting Your Data
- Data Privacy Detective Podcast - Episode 4 - Your Personal Checklist for CyberSecurity
- Data Privacy Detective Podcast - Episode 3 - The Battleground of Data and Disclosure
- Data Privacy Detective Podcast - Episode 2 - Google and European Data Privacy
- Data Privacy Detective Podcast - Episode 1 - Data Privacy Starts with You
- Will Sixth Circuit Decision Further Open Doors to Data Breach Recovery Lawsuits?
- Second Circuit Says Federal Warrant Cannot Be Used to Obtain Customer Data Stored Overseas in Cloud
- It's official - EU approves Privacy Shield
- Federal Government Creates Action Plan to Enhance National Cybersecurity
- EU-U.S. Agreement Reached on Replacement for Safe Harbor Framework
- OCR’s HIPAA Enforcement Actions Against Oncology Group for Failure to Have a Policy on Hardware and Electronic Media
- Post Safe Harbor - What's Next?
- Is the Future of the Safe Harbor Safe?
- Disappearing Patent Royalties, No Superpowers Required
- “Why DOES Radio Shack Ask for Your Phone Number When You Buy Batteries?“
- U.S. Department of Education Provides Guidance on Protecting Student Privacy While Using Apps and Online Educational Services
- Will your business be financially responsible for cyber attack losses?
- State Law May Provide a Remedy for Breach of HIPAA’s Privacy Rules
- Canada's Anti-Spam Legislation effective July 1, 2014
- California's Do-Not-Track Law Presents Challenges to Online Businesses
- Retailer's Collection of Zip Codes at Point of Sale Violates Privacy Rights in Massachusetts
- U.S. Announces Participation in APEC Cross-Border Privacy Rules System
- Red Flag Rules Effective
- HIPAA Security Rule - OCR Final Guidance on Risk Analysis
- Red Flags Rule Enforcement Delayed Until December 31, 2010
- Data Security Law Deadline Looms
- Business Associate Agreements Deserve a Second Look - February Deadline Looms
- Red Flag Rules Effective
- FTC Extends Deadline for Compliance with ID Theft Red Flag Rules
- HIPAA Breach Notification Rules
- Enforcement Delayed Until November 1 for Red Flag Rules Identity Theft Prevention Program
- International Communiqué: Global Privacy Protection - How to Comply with European Rules
- Summary of Self-certification Under the US-EU Safe Harbor Framework
- Enforcement of Red Flag Rules Delayed Until August 1
- HITECH Act Adds New Requirements to HIPAA for Covered Entities and Business Associates
- What's in a (Domain) Name?
- ID Theft Red Flag Rules Require Increased Scrutiny by Healthcare Providers and Other Credit Providers
- Will Anyone be Ready for the Next Level of Identity Theft Protection?
- EU Provides Additional Guidance for Binding Corporate Rules to Permit Cross-Border Data Transfer
- CAN-SPAM Act Clarified
- Ask the Legal Professional: As a business that extends credit to its customers, do I need to be concerned about the new federal “Red Flag” Identity Theft Rules?
- FTC “Dumpster Diving” Nets $50,000 Fine for Alleged Failure to Shred or Burn Consumer Data
- Year End Issuances by Federal Regulators Address a Multitude of Privacy Issues
- Merchants Face New Liability for Data Security Breaches
- Legislative Update – Federal Data Breach Notification Bills Move Forward
- Dubai Becomes First Arab Nation to Enact Data Protection Law
- Data Security Breaches – Beware
- Attitudes Toward Privacy: A Comparison of India and the United States
- Business Law Advisory
- An Overview of the National Association of Insurance Commissioners and its Role in Creating Regulations for Compliance with the Gramm-Leach Bliley Act
- Russia Adopts Privacy Protection Legislation
- Business Law Advisory
- Federal Trade Commission Increases Scrutiny of Customer Data Security in Matter of DSW, Inc.
- Global Outsourcing and Legal Compliance
- Information Privacy Protection in Australia
- Privacy and Information Security Law Client Advisory
- RFID Working Guidelines Issued
- The Clash of Global Privacy and Whistleblower Rules: How to implement a lawful whistleblowing system in EU countries
- Top Privacy Issues 2005
- Administrative And Private Civil Enforcement Of Customer Data Security Laws
- Federal Data Security Breach Legislation – Status Report
- Michael Douglas & Catherine Zeta-Jones v. Hello!: The Use of the Law of Confidence in the Protection of Privacy in the UK
- The Clash of Global Privacy and Whistleblower Rules
- Ohio Passes Data Security Breach Legislation
- Global Privacy – Japan Sets its Rules for Personal Data
- Privacy and Information Security Group News
- The Impact of the Privacy Laws on Business Cybersecurity
- Global Privacy Protection – No One Set of Rules
- Webinar: Impacts of the Electronic Payment Rule Changes Effective October 1st
- Data Privacy Rx
- Data Privacy and Security in the Crosshairs: Are You Covered?
- Continuing Legal Education: Privacy & Information Security
- Privacy & Information Security Breakfast Forum
- Privacy and Information Security Group Breakfast Forum