McDonald Hopkins LLC

We don’t just practice data privacy law. We live it 24/7.

Unfortunately, no industry or business is immune from data privacy incidents. As you increase the collection of personal information about your customers and employees, you become a bigger target for a data privacy incident. And you can’t just be concerned with external threats – there is a rise in the misappropriation of information by rogue employees. Even a compromise of old-fashioned paper records can result in a cyber breach!

Breaches can have devastating effects to your bottom line and your reputation – which is why a comprehensive and proactive approach is the most effective way to keep your business safe. You need a plan in place, knowledge of regulations and effective and efficient legal support.

Our national data privacy and cybersecurity attorneys have a wealth of experience advising clients in a myriad of industries on the rapidly changing state, federal, international, and industry privacy and breach notification laws. We can also provide support on a daily basis and during investigations by state and federal regulators, as well assistance with:

• Breach coaching and incident notification
• International privacy compliance
• Payment cards and ecommerce
• Privacy litigation and class action
• Proactive measures and breach compliance
• Regulatory investigation and government response
• Vendor relationships

Representative Matters

• Defended a transcription company in a class action involving patients’ Protected Health Information visible on the Internet. We were successful on a Motion for Summary Disposition based on lack of standing which dismissed our client from the still pending lawsuit.
• Advising several colleges and universities on appropriate data breach response, including compliant notification to students, alumni and faculty throughout the United States and around the world. We are also managing regulatory investigations for these colleges and universities, from state attorneys general and the Office for Civil Rights.
• Defended a professional service provider in litigation involving a stolen laptop. The laptop contained a large database of information related to the customers of the professional service provider’s customer. The action was filed in state court, but was resolved prior to the commencement of discovery.
• Represented a large financial institution in a putative class action filed in federal court stemming from the theft of computer hardware containing customers’ personal and confidential information. We filed a motion to dismiss the lawsuit on the grounds that the plaintiff alleged only “identity exposure,” not “identity theft,” and therefore lacked standing as a matter of law. The federal court granted our motion, and the lawsuit was dismissed with prejudice. Tod R. Kidman v. Wells Fargo & Co., et al., United States District Court for Northern District of Ohio, Case No. 1:07 CV 3685.
• Acted as a breach coach to several large and elite colleges and universities. In addition, we have assisted them in complying with applicable state and federal privacy statutes.
• Counsel some of the largest medical groups in the country on the HIPAA Privacy, Security and Notification Rules, including investigations, breach coaching, incident notification, and investigations by the Office for Civil Rights.
• Investigated a scheme run on a multi-billion dollar publicly traded company in which a third party impersonated the company’s CEO or CFO to obtain materials on credit charged to the company. The third party had access to, and used in furtherance of the scheme, the company’s D&B number, FEIN, Bank relationships (including individual names) among other things.
• Prosecuted third party vendors for indemnification due to vendors’ negligence resulting in data breaches.
• Acted as counsel to a publicly traded company whose confidential and non-public information was inadvertently left in an airport.
• Represented a software company when a software vendor advised the client that it had uncovered a security issue in its supplied software which could allow a security breach to end users (large retailers) of the client’s software. We advised the client regarding liability issues, notifications, indemnifications, and other related matters.
• Counsel for one of the largest data security and erasure providers, providing advice and counsel to it, and its clients related to data storage and erasure best practices, post data breach obligations and loss mitigation. We also counseled and advised on lost and stolen laptops and hard-drives which were improperly erased resulting in exposure of confidential and proprietary information.
• Investigated a pornographer spoofing a client’s server and sending emails purporting to be the client to the client’s customers containing a link to pornography. We were able to immediately shut down the linked website and advised with respect to the required interaction with the relevant government agencies.
• Advise clients on compliance with Massachusetts Data Privacy Standards.
• Drafts and implements Written Information Security Programs and Incident Response Plans for numerous businesses and organizations.
• Coordinate training of employees on organizations’ data security programs and policies.
• Conducted an investigation on behalf of a public technology sector company in relation to a foreign based email purchasing scheme utilizing the company’s identifying information, and developed and implemented responsive countermeasures.
• Advised numerous clients on website privacy policies and practices.
• Broad experience in internet and technology litigation and investigations.
• Counseling on handbook provisions for employees of a client in the credit card processing industry relating to preserving security.
• General counsel to a leading provider of data security, data erasure and IT Asset Retirement. In that role, we counsel our client and its clients as to best practices and liability relating to data security and data erasure.