Experience

Defense of Data Breach Class Actions

Representation of health care and other industry clients in data breach class action litigation in both federal and state courts, drawing upon extensive expertise in litigation, data privacy and security laws and regulations, and data breach incident response and remediation, achieving dismissal of claims, successful narrowing of classes and prevailing on class certification, and favorable resolutions for clients up to and including outright dismissal.

Representation in Cyber Incident Response and Remediation

Representation of private and governmental entities in all aspects of cyber incident response, including working with federal and state authorities, conducting forensic investigations, guiding mitigation and remediation efforts, ensuring compliance with federal and state notification and other regulatory obligations and enforcement actions.

Representation of Health Care Clients in OCR/HIPAA Enforcement Actions and Investigations

Representation of numerous health care clients in OCR investigations relating to alleged HIPAA violations. The vast majority of these investigations have resulted in OCR deciding either: 1) no breach or violation occurred or 2) to close its investigation after the client’s response and documentation were provided.

Advise hospital on data access arrangement that allows safe patient information sharing

We worked with a hospital to build a data access arrangement that enabled them to share data between coding staff and off-site providers. We worked with the client to help structure the agreements to ensure protected and sensitive health care records and information are properly protected, as well as to build policies to ensure controls are in place.

Advise Parking Company on New Key Card Vendor at College Campus

We worked with a company that manages vehicle parking. Our client was seeking to replace their current electronic key cards and access systems and was working with a new software vendor. The system provides information on each parker, such as their name and status at the institution and also tracks financial information related to parking fines or tickets.

Advise Pre-paid Card Provider on CAN SPAM and TCPA Compliance

We worked with a prepaid card provider to advise on their CAN SPAM and TCPA compliance issues regarding the gathering and distribution of customer data. We helped to vet our client’s policies and ensure they remained strong in the face of evolving legislation and threats.

Advised Client on Policies to Project Customer Data Used in Software Application

Our client developed a new software application that helped customers take inventory of their purchases and also notifications for recalls, maintenance, upgrades and other services related to their purchase. The application required gathering a tremendous amount of data, including purchase history, geographic location and other potentially sensitive information. We worked with our client to develop policies that dictated how and when this information could be shared with other businesses, as well as ensuring the data remained protected and was in compliance with the applicable federal and state laws.

Build Data Sharing Platform for Client to Enable Information Sharing

We built a data sharing platform for a retirement community to enable their providers throughout the country to share information. We advised the client on compliance with myriad of regulations that govern health care data and ensured their platform met their needs while also remaining protected from potential breaches.

Represent Client in Creation of Loyalty Program

We represented a transportation company in their negotiation with a vendor to implement a new loyalty program for their customers. The program required the gathering of customer data, including sensitive information about location and travel. We worked on behalf of our client to fully vet the vendor and ensure the collection and use of this information would be in compliance with the appropriate regulations.

Advise Client on Building a Compliant Database

We advised a sports organization that promotes their game for all ages across the country, on the development of a software application that required gathering information on players and coaches. Since the application would involve sharing of data, some of which could be deemed personal or private, we worked with the client to ensure they remained in compliance with all the applicable federal and state laws governing the collection, distribution and sharing of such data.

Advise Client on Encryption Laws

Our client, a transport company, was seeking to strengthen their internal security practices relating to data management. We advised them on the applicable encryption laws, including how to prioritize encryption levels. We also worked with the client to develop and implement policies to govern future encryption procedures.

Email Spoofing Using Company Officials’ Addresses

Our client, a food manufacturer, noticed a pattern of email attempts, purportedly from company officials, requesting money wire transfers. We worked with them to determine the email spoofs were coming from an external source. We then worked with their technical staff to implement measures to ensure the email spoofs were eliminated and also helped to put in place policies that would guide potential information breaches that could occur because of the spoofing.

Represent Credit Union in Data Breach, Advise on Prevention

We represented a credit union that suffered a data breach when a rogue employee made confidential information public. We assisted the client with the data breach notification process and worked with their technical staff to perform a risk analysis on the systems and data to determine how the breach may have happened. We determined the full extent of the breach, and advised the client on implementing internal controls to prevent the situation from occurring again.

Represent Financial Institution After Potential Data Breach, Advise on Policies

We represented a financial institution after a data breach occurred. Someone broke into our client’s facility and stole computer equipment and files that contained potentially confidential information. However, the files were appropriately redacted and the equipment was encrypted, both of which prevented any confidential information from being discovered or released. Following the incident, we worked with the client to ensure their policies remained strong and also evaluated their response to the breach to ensure they remain proactive in the case of another incident.

Advise clients on marketing compliance issues

We routinely counsel a variety of clients, including multimedia, technology and wireless companies on proposed marketing initiatives for print, TV, radio and internet media. Our role includes reviewing proposed copy, drafting necessary disclaimers and restrictions, and providing detailed assistance complying with CAN-SPAM, FTC endorsement rules, the Telephone Consumer Protection Act, and other relevant laws and regulations. Our work also includes drafting contest/sweepstakes rules and advising on compliance with state and federal contest laws and rules, as well as advising on contest/sweepstakes rules specific to social media platforms.

Assist client in creating ride share program to help patients get to doctor appointments

We worked with a subsidiary of a transport group on a medical ridesharing program. Our client contracted with taxi companies to arrange rides for patients to get to doctor appointments. The nature of the program provided personal information to the taxi companies, including a person’s name, address and doctor, so we worked with them to structure data access arrangements that ensured sensitive and confidential information was protected.