Data breach lawsuits are highly public. Not a day goes by where a company, large or small, is not dealing with some level of privacy concern or public relations challenge that could be - or already is - a data breach. News headlines, and newly enacted regulations and statutes, show a clear and continuing trend, and individuals and regulators alike insist on the protection of personal, health, financial and identity information.
In these ways, legal exposure has been exponentially-broadened for every business and organization. Businesses must develop processes and safeguards to improve data security and mitigate exposure for damages.
SmithAmundsen’s Data Privacy, Security & Litigation Practice Group is comprised of powerhouse litigators and business attorneys who defend businesses in high stakes situations from class action lawsuits grounded in alleged violations of federal, state and local statutes to claims of breach within the healthcare industry or alleged failure to comply with HIPAA and HITECH - to everything in-between.
Our extensive litigation experience makes our team keenly aware of how to best team with our clients to prepare for potential privacy intrusions and data breaches. We craft data maintenance policies and data breach response plans so clients are equipped to respond appropriately in the event of unauthorized access to sensitive data.
We audit existing procedures and practices consistent with industry standards and legal requirements to reduce the risk of a data breach and counsel clients on compliance considerations involving consumer protection regulations, data privacy practices, notification requirements and advertising compliance. Further, our team will coordinate the incident response plan or data breach plan, which includes a team of forensic, security, public relations and insurance professionals.
Collectively, our group has handled more than 100 class action matters, including those alleging massive violations of consumer laws, breach of contract, invasion of privacy and misrepresentation. Our clients are Fortune 500 companies, small family-owned businesses, midsize tech companies and businesses just like yours.
The following serve as examples of our partnering with clients:
- Data breach response to a disclosure of protected health information maintained by a vendor for multiple HIPAA covered entities. This work included full investigation of the matter to determine the extent of the breach and the types of information exposed. From there, the disclosed records were reviewed and analyzed to ensure the company met its reporting and notification requirements under the various federal and state laws applicable to the personal and health information.
- Data breach response to a web server that inadvertently exposed social security numbers and payroll information to the public via Internet search engines. This work involved investigation of the matter to determine the extent of the breach and analysis of all applicable state and federal laws to determine notification and reporting obligations for the company.
- Data breach response plan for a small company, whose hardware was stolen and which hardware allowed access to centralized databases which contained encrypted PII. This work involved investigation into the Personal Information Protection Act of certain Midwestern states to confirm whether notification of the potential breach was required and reporting obligations and best practices, moving forward, for the company.
- Data breach response plan for a small company, whose customers’ accounts were accessed by persons located overseas. This work involved the following: forensic examination, with licensed analysts, into the breach; assessment of the scope of the breach; investigation into the Personal Information Protection Act of certain Midwestern states to confirm notification of the potential breach was required; working with the client and public relations specialists on notice; notifying federal officials; and, crafting a response plan and best practices, moving forward, for the company.
- Data Breach investigation of a matter where a company discovered that some of its mailings inadvertently disclosed customer social security numbers that could be viewed in the address window of the envelopes it mailed. This work involved full investigation of the mater to determine the number of individuals who may have been affected by the breach, the types of information involved, and a review of applicable state and federal laws to determine notification and reporting requirements.
- Revision and implementation of a record retention program for multi-state nursing, rehabilitation, and retirement facility. This work consisted of creating a record retention program for multiple facilities across twelve states. The facilities operated by the company maintained different types of electronic medical records and were subject to different state laws, and therefore, our team developed a record retention program that applied to all facilities, across all states.
- Drafting, reviewing, and revising numerous HIPAA Business Associate Agreements on behalf of covered entities, business associates, and sub-business associates.
News & Press Releases
- Molly Arranz Quoted in Chicago Lawyer Article, “Cyber Insurance: Are Insurers’ New Digital-Attack Policies Worth the Hype?”Chicago Lawyer , June 4, 2018
- Law360, May 28, 2018
- SmithAmundsen Attorney Philip List Elected to Indianapolis Public Library Foundation Board of DirectorsJanuary 5, 2018
- October 27, 2017
- Crain's Chicago Business, September 15, 2017
- Equality Illinois, August 1, 2017
- Crain's Chicago Business, September 10, 2016
- The American Lawyer, August 2016
- Equality Illinois, July 8, 2016
- Above the Law, April 18, 2016
- Above the Law, April 13, 2016
- Cybersecurity and Data Breach: Impact on Business in Illinois - Illinois Business Leader Interviews Colin GainerIllinois Chamber of Commerce's Illinois Business Leader, May 2015
- May 21, 2018
- October 21, 2016
- May 16, 2016
- April 8, 2016
- June 17, 2015
- October 21, 2014
- Indiana Bankers Association, December 8, 2017
- USLAW Magazine Spring/Summer 2015, April 9, 2015
Presentations & Events
- Illinois Chamber of Commerce; Webinar, April 12, 2018
- 3rd Annual Financial Services Cybersecurity Conference, Indiana Infragard Members Alliance; Carmel, IN, March 22, 2018
- Illinois Chamber of Commerce's Cybersecurity Conference; Glen Ellyn, IL, July 20, 2017
- Better Business Bureau; Chicago, IL, May 2, 2017
- Illinois Chamber of Commerce; Webinar, March 2, 2017
- 2016 USLAW Network Data Privacy Security Book Camp, Dallas, TX, November 2016
- Illinois Chamber of Commerce, Webinar, July 13, 2016
- Illinois Chamber of Commerce, Conference, Schaumburg, IL, July 12, 2016
- SmithAmundsen Webinar, August 4, 2015
- Emerging Cyber Perils and Designing Your Resiliency Plan: An Informative Discussion on the Cyber Risk LandscapeLockton, SmithAmundsen, Chicago, IL, May 12, 2015
- PLUS Midwest Chapter Seminar, Chicago, IL, May 6, 2015
- Building the Barricade Against The Breach: Incorporating Reasonable Security Into Your Business To Protect Against Data BreachesIllinois Chamber of Commerce, Webinar, February 12, 2015
- SmithAmundsen, Chicago, IL; Webinar, November 19, 2014
- Webinar, April 10, 2013