Privacy and Data Security Law
Data privacy and information security is a key concern for clients that operate in today’s business environment. Information technology is susceptible to unlawful intrusion by third parties. Appropriate safeguards of customer and employee data as well as of a business’ trade secrets and operations are of vital importance, yet navigating the legal terrain is challenging since the data privacy laws vary depending on the industry and the location of the data.
The Privacy and Information Security Law Group is an interdisciplinary group of business and litigation attorneys who are knowledgeable in both U.S. and international data privacy laws. The Group draws upon its collective experience to solve legal issues arising in connection with this fast-growing and dynamic area of law.
The Group regularly assists clients with formulating and implementing privacy policies and practices, including those required by the Gramm-Leach-Bliley Act, USA Patriot Act, Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act and the FTC's Identity Theft Red Flag Rules.
We use a coordinated approach to risk assessments and the development of compliance solutions for our clients, drawing upon the broad experience of our Group and the firm’s industry-specific knowledge. We believe that being proactive with respect to privacy and data security compliance obligations, and incorporating privacy by design principles where possible, will assist our clients to be responsive to government regulators’ expectations and ahead of their competition in this escalated privacy environment.
The Group’s attorneys assist with the following:
- The development and formulation of website security and privacy statements and disclosures
- Advertising and marketing issues, including those raised by targeted behavioral advertising
- Issues concerning identity theft, including medical identity theft
- Issues raised by federal computer security and trade secret statutes
- Record retention policies and practices
- Formulating Identity Theft Red Flag Programs and procedures
- Employment information confidentiality
- Education information privacy
- Reviewing and drafting third party service provider confidentiality agreements
- Planning for and responding to data security breaches throughout the country
- HIPAA compliant business associate agreements and data use agreements
- HIPAA privacy and security policies and procedures
For clients who have multinational operations, whether as an online retailer, app provider, or due to the operation of physical facilities in other countries, our attorneys regularly provide assistance with international data privacy and security issues. We assist clients with their compliance obligations under the EU General Data Protection Regulation (GDPR), the Canadian Anti-Spam Law (CASL), and Mexico’s data protection laws, among others. We also provide guidance to clients in complying with global privacy laws through the Firm’s membership in Multilaw, an international consortium of law firms.
Our clients include major utilities, telecoms, financial institutions, health care providers, insurance companies, securities firms, retailers and employers in multiple economic sectors as well as companies (both large and small) who require assistance with their legal and risk management obligations to protect the confidentiality of the personal information of their employees, clients and customers.
In the News
- What to Look for in Your GDPR Mandated Data Protection Officer
- Why Organizations Still Struggle With Privacy
- Seeking Counsel: Privacy Concerns
- Preparing for the EU GDPR Changes
- Ahhh, Smart Offices, Hot Coffee. But Watch Out for Legal Risks
- Louisville's largest law firm names two new members
- FinCEN Policy Positions Offer Murky Guidance for ICOs
- McKinney professor instructs Cambodian officials on new laws
- Federal law regulates advertising
- The Fallout From The Equifax Security Breach And Steps You Should Take To Protect Your Credit
- Cybersecurity Spells Trouble For New York Firms
- Tri-State leaders set their sights on super-sizing foreign investment
- Software patents — the phoenix of patent subject matter
- Foreign Direct Investment Symposium coming to Cincinnati — key leaders to speak
- What does that "circle R" mean, anyway?
- Yahoo breach data reveals the need for ethical breach reporting
- Cincinnati companies could learn to like President Trump, unless he starts a trade war
- NKU presents 9th annual Cybersecurity Symposium on Oct. 21, features national and local experts
- Travelers Institute hosts cybersecurity panel at national women’s business conference in Columbus, Ohio
- When information breaches lead to lawsuits
- 12 artists are accusing Zara of stealing their designs
- Winners: Here's who took home NKY LEGACY Next Generation Leadership Awards
- Cincinnati companies bracing for Brexit impact
- LEGACY announces finalists for Next Generation Leader Awards
- What Does The First CFPB Order On Data Security Compliance Signal?
- Smart cookies: Girl Scouts make diligent use of trademarks
- Bingham Fellows names 2016 class
- Frost Brown Todd names new Cincinnati partners
- Cincinnati is becoming a magnet for Finnish companies
- Preparation, protection are essential assets for businesses’ cybersecurity, local attorneys say
- Ask for permission, not forgiveness, in telemarketing tactics, attorney says
- Law & Media Conference draws Ohio Lawyers, Judges, Journalists, Academics
- German clothing store to open at Moerlein brewery
- Foreign trips sell Cincinnati to overseas businesses
- Frost Brown Todd Partners with OneTrust to Power Clients with Global Privacy Management Tools
- Victoria E. Beckman Joins Frost Brown Todd’s Columbus Office
- 163 Frost Brown Todd Attorneys Listed in The Best Lawyers in America© 2019
- Neal Patel Selected for Landmark Program Advancing the Next Generation of Leaders in Law
- Frost Brown Todd Named to U.S. News & World Report’s Best Law Firms List for 2018
- Frost Brown Todd Attorney Milton Sutton Achieves Certification as an Information Privacy Professional
- Michael Nitardy Earns Global Standard Certification for Privacy Laws
- Frost Brown Todd Attorneys Jane Hils Shea and Melissa Kern Achieve Privacy Certification
- Ohio State Bar Foundation Honors Chad N. Eckhardt for Community Service
- Chris Burnside selected for Bingham Fellows Class
- Frost Brown Todd appoints six new members firmwide
- Data Privacy Detective Podcast Episode 42 - Encryption: When Data Privacy Best Practices are Not
- Collecting Biometric Data: What You Need to Know
- Data Privacy Detective Podcast Episode 41 - Hong Kong and Data Privacy
- Data Privacy Detective Podcast Episode 40 - Avoiding Cyber-Disasters: The Human Element
- Data Privacy Detective Podcast Episode 39 - GDPR One-year In: The UK Experience
- States Limit Employer Access to Employee Social Media and Other Internet Accounts
- Your California Consumer Privacy Act Checklist
- Data Privacy Detective Podcast Episode 38 - India and Data Privacy, Get Ready!
- Nevada Passes Online Consumer Privacy Legislation
- Data Privacy Detective Podcast Episode 37 - Catching Serial Killers, Employee Biometrics, Tracking and Personal Data Privacy
- The Latest on the California Consumer Privacy Act’s Amendments
- Data Privacy Detective Podcast Episode 36 - Five Hot U.S. Data Privacy Developments
- Data Privacy Detective Podcast Episode 35 - Hot Topics in Data Privacy - From the U.S. Front
- Data Privacy Detective Podcast Episode 34 - When Employees Cooperate With Law Enforcement And Expose Personal Data
- Motel 6 Pays Price for Exposing Guest Data in Effort to Cooperate with ICE
- Data Privacy Detective Podcast Episode 33 – Streaming Data Flows: Key Findings from an Important 2019 Data Privacy Maturity Study
- Data Privacy Detective Podcast Episode 32 – Discovering Personal Data: How the unknown becomes known
- How to Enhance School Security Without Violating Privacy
- Data Privacy Detective Podcast Episode 31 – Data Incidents and Breaches: What mid-sized companies do when one hits
- What Does a “No Deal Brexit” Mean For Personal Data Transfers From the UK to the U.S.?
- Data Privacy Detective Episode 30 - Good news for 2019 from Europe for US firms handling European personal data
- European Commission Provides a Last-Minute Holiday Gift
- Data Privacy Detective Podcast - Episode 29 -China’s Social Behavior Measurement
- Data Privacy Detective Podcast - Episode 28 - Russian Data Privacy and Protection
- Data Privacy Detective Podcast - Episode 27 - Digital Authoritarianism
- Ohio Data Breach Safe Harbor Law Now Effective
- Adding an “S” to IoT: New California Law Requires IoT Security
- Amendments Draw Future Battle Lines Over Landmark California Privacy Legislation
- FBI Warns of Cyber Threats to K-12 Students and Unsecured Ed Tech Systems
- California Consumer Privacy Act and Employers: Part 2
- California Consumer Privacy Act and Employers: Part 1
- Data Privacy Detective Podcast - Episode 26 - How safe is the personal data you provide to state governments?
- Ohio Enacts Law Acknowledging Blockchain Transactions and Granting Safe Harbor Protections to Eligible Businesses from Data Breach Claims
- Data Privacy Detective Podcast - Episode 25 - Europe’s GDPR - Representatives and Data Protection Officers
- Data Privacy Detective Podcast - Episode 24 - Internet Review Sites and Free Expression
- Does the New California Privacy Law Apply to Your Business?
- European Parliament Threatens Suspension of Privacy Shield
- Data Privacy Detective Podcast - Episode 23 - California’s New Data Privacy Law
- Carpenter v. U.S.
- California Passes Comprehensive Online Privacy Legislation
- Data Privacy Detective Podcast - Episode 22 - GDPR and non-EU Businesses
- Data Privacy Detective Podcast - Episode 21 - GDPR is here
- Data Privacy Detective Podcast - Episode 20 - China's New Data Privacy Standards
- Data Privacy Detective Podcast - Episode 19 - The EU/U.S. and Swiss Privacy Shield
- Data Privacy Detective Podcast - Episode 18 - How businesses outside the EU can comply with the GDPR
- Data Privacy Detective Podcast - Episode 17 - Consent: The meaning of it under GDPR
- Data Privacy Detective Podcast - Episode 16 - Lawful Processing of Personal Data under the GDPR
- Data Privacy Detective Podcast - Episode 15 - Personal Data and the GDPR
- Data Privacy Detective Podcast - Episode 14 - Controllers and Processors
- Data Privacy Detective Podcast - Episode 13 - Does the GDPR apply to a business outside the European Union?
- Data Privacy Detective Podcast - Episode 12 -The GDPR is Coming
- You Can’t Sue a Robot: Are Existing Tort Theories Ready for Artificial Intelligence?
- Kentucky Federal District Court Allows Claims in W-2 Data Breach Class Action to Proceed
- Artificial Intelligence and Data Privacy: Are We Sufficiently Protected?
- AI is Surging: Are We Ready for the Fallout?
- The United States Perspective on Data Protection in Financial Technology (Fintech), Insurance, and Medical Services
- Attention Website Operators and Online Service Providers:
- FTC to EU: We Take Our Privacy Shield Duties Seriously
- Data Privacy Detective Podcast - Episode 11 - Tech Support Scams
- Data Privacy Detective Podcast - Episode 10 - Cybersecurity & IoT
- Data Privacy Detective Podcast - Episode 9 - Phishing - How to Avoid Being Hooked
- Data Privacy Detective Podcast - Episode 8 - FBI CyberAlert about massive attack, July 25, 2017 – so what do we do?
- To Disclose or Not: Search Warrants for Data Stored Overseas
- It's Tax Season - Is Your Scam Alert on? (Update)
- Data Privacy Detective Podcast - Episode 7 - Big Data and Your Personal Privacy
- Data Privacy Detective Podcast - Episode 6 - Facial Recognition Technology and Our Privacy
- Data Privacy Detective Podcast - Episode 5 - Top Tips On Protecting Your Data
- Data Privacy Detective Podcast - Episode 4 - Your Personal Checklist for CyberSecurity
- Data Privacy Detective Podcast - Episode 3 - The Battleground of Data and Disclosure
- Data Privacy Detective Podcast - Episode 2 - Google and European Data Privacy
- Data Privacy Detective Podcast - Episode 1 - Data Privacy Starts with You
- Will Sixth Circuit Decision Further Open Doors to Data Breach Recovery Lawsuits?
- Second Circuit Says Federal Warrant Cannot Be Used to Obtain Customer Data Stored Overseas in Cloud
- It's official - EU approves Privacy Shield
- Federal Government Creates Action Plan to Enhance National Cybersecurity
- EU-U.S. Agreement Reached on Replacement for Safe Harbor Framework
- OCR’s HIPAA Enforcement Actions Against Oncology Group for Failure to Have a Policy on Hardware and Electronic Media
- Post Safe Harbor - What's Next?
- Is the Future of the Safe Harbor Safe?
- Disappearing Patent Royalties, No Superpowers Required
- “Why DOES Radio Shack Ask for Your Phone Number When You Buy Batteries?“
- U.S. Department of Education Provides Guidance on Protecting Student Privacy While Using Apps and Online Educational Services
- Will your business be financially responsible for cyber attack losses?
- State Law May Provide a Remedy for Breach of HIPAA’s Privacy Rules
- Canada's Anti-Spam Legislation effective July 1, 2014
- California's Do-Not-Track Law Presents Challenges to Online Businesses
- Retailer's Collection of Zip Codes at Point of Sale Violates Privacy Rights in Massachusetts
- U.S. Announces Participation in APEC Cross-Border Privacy Rules System
- Red Flag Rules Effective
- HIPAA Security Rule - OCR Final Guidance on Risk Analysis
- Red Flags Rule Enforcement Delayed Until December 31, 2010
- Data Security Law Deadline Looms
- Business Associate Agreements Deserve a Second Look - February Deadline Looms
- Red Flag Rules Effective
- FTC Extends Deadline for Compliance with ID Theft Red Flag Rules
- HIPAA Breach Notification Rules
- Enforcement Delayed Until November 1 for Red Flag Rules Identity Theft Prevention Program
- International Communiqué: Global Privacy Protection - How to Comply with European Rules
- Summary of Self-certification Under the US-EU Safe Harbor Framework
- Enforcement of Red Flag Rules Delayed Until August 1
- HITECH Act Adds New Requirements to HIPAA for Covered Entities and Business Associates
- What's in a (Domain) Name?
- ID Theft Red Flag Rules Require Increased Scrutiny by Healthcare Providers and Other Credit Providers
- Will Anyone be Ready for the Next Level of Identity Theft Protection?
- EU Provides Additional Guidance for Binding Corporate Rules to Permit Cross-Border Data Transfer
- CAN-SPAM Act Clarified
- Ask the Legal Professional: As a business that extends credit to its customers, do I need to be concerned about the new federal “Red Flag” Identity Theft Rules?
- FTC “Dumpster Diving” Nets $50,000 Fine for Alleged Failure to Shred or Burn Consumer Data
- Year End Issuances by Federal Regulators Address a Multitude of Privacy Issues
- Merchants Face New Liability for Data Security Breaches
- Legislative Update – Federal Data Breach Notification Bills Move Forward
- Dubai Becomes First Arab Nation to Enact Data Protection Law
- Data Security Breaches – Beware
- Attitudes Toward Privacy: A Comparison of India and the United States
- Business Law Advisory
- An Overview of the National Association of Insurance Commissioners and its Role in Creating Regulations for Compliance with the Gramm-Leach Bliley Act
- Russia Adopts Privacy Protection Legislation
- Business Law Advisory
- Federal Trade Commission Increases Scrutiny of Customer Data Security in Matter of DSW, Inc.
- Global Outsourcing and Legal Compliance
- Information Privacy Protection in Australia
- Privacy and Information Security Law Client Advisory
- RFID Working Guidelines Issued
- The Clash of Global Privacy and Whistleblower Rules: How to implement a lawful whistleblowing system in EU countries
- Top Privacy Issues 2005
- Administrative And Private Civil Enforcement Of Customer Data Security Laws
- Federal Data Security Breach Legislation – Status Report
- Michael Douglas & Catherine Zeta-Jones v. Hello!: The Use of the Law of Confidence in the Protection of Privacy in the UK
- The Clash of Global Privacy and Whistleblower Rules
- Ohio Passes Data Security Breach Legislation
- Global Privacy – Japan Sets its Rules for Personal Data
- Privacy and Information Security Group News
- The Impact of the Privacy Laws on Business Cybersecurity
- Global Privacy Protection – No One Set of Rules
- Mike Nitardy and Doug Gastright to Represent FBT at the NKY Cybersecurity Symposium
- Webinar: Impacts of the Electronic Payment Rule Changes Effective October 1st
- Data Privacy Rx
- Data Privacy and Security in the Crosshairs: Are You Covered?
- Continuing Legal Education: Privacy & Information Security
- Privacy & Information Security Breakfast Forum
- Privacy and Information Security Group Breakfast Forum
Data Privacy Detective Podcast:
What a Difference a Year Makes: Recent Developments in Privacy Compliance and Cybersecurity- Melissa Kern and Jane Shea, November 8, 2018.
Data Ethics and Obligations: Your Data Footprint and Third-Party Data- Melissa Kern, November 1, 2018.
GDPR Fundamentals- Jane Shea, October 18, 2018.
Imported Privacy Rights: From California to the GDPR- Melissa Kern Oct. 1, 2018.
Update on Regulation CC and remote data capture technology- Melissa Kern, May 17, 2018.
GDPR Breakfast Panel- Jane Shea, April 25, 2018.
Cybersecurity Developments- Jane Shea, March 2, 2018
GDPR Basics- Jane Shea, January 30, 2018.
Hot Topics in Copyright Law- Melissa Kern, Oct. 13, 2017.
Protecting Privacy and Security in the Ed Tech Era- Melissa Kern and Jane Shea, Oct. 3 and 5, 2017.
Data Privacy and Security: U.S. Legal Framework and its Impact on Business- Jane Shea, September 14, 2017.
Cybersecurity for Small Businesses- Jane Shea, September 20, 2016.
Employee Privacy in the Electronic Workplace- Jane Shea, April 19, 2016.
OSBA Cyberlaw 2016: Technology and the Law Seminar- Melissa Kern, March 18, 2016.
Cloud Computing: You're already using it, learn how to maximize it- Melissa Kern, September 6, 2012.