Privacy & Data Protection
Baird Holm is trusted counsel for clients with data protection and privacy needs. We proactively guide our clients through implementation of data protection mechanisms and preparation of incident response plans. We react quickly to aid our clients when security breaches occur, whether the breach results from a failure of a security service provider or a third-party attack on client systems. We understand and know how to handle data breach investigations and forensic analysis to learn from incidents and respond to government inquiry or private action claims. Baird Holm does all this with cost-effective strategies and know-how because our attorneys come from multiple cross-sections of legal practice.
Data Breach Emergencies
We have formed teams to quickly respond to emergencies arising from data breaches of all sizes.
The emergency after-hours rapid response number is: 402.231.8585
The Data Breach Rapid Response Team:
Robert L. Kardell
Vickie B. Ahlers
At Baird Holm, our Privacy and Data Protection attorneys assist our clients throughout the life cycles of their information. We help clients identify applicable laws to ensure statutory and regulatory compliance, evaluate the status of their data security, draft policies for the management and retention of sensitive information, assess privacy and security business partners, prepare for and respond to security incidents, defend against government investigations and private litigation, and enforce data protection obligations among internal personnel and external service providers.
Our attorneys understand and regularly counsel clients through risk assessment exercises. We enable clients to safely evaluate their security strengths and pressure points under the protection of attorney-client privilege. We discuss our clients’ data management practices and provide tailored legal insight to meet strenuous industry rules and regulations, from PCI DSS compliance advice to HIPAA coverage profiles. We are also at the forefront of crafting and reconfiguring increasingly common cloud service agreements that create complicated privacy issues requiring vigilant data protection schemes.
Our attorneys help clients with their proactive steps to avoid data breaches. We guide clients through preparing and updating data breach response plans ready for compliance with changing laws and regulations across state and federal jurisdictions. We update and create policies and procedures for our clients that want to manage their data risks and prepare for security incidents of all scales.
Rapid response is crucial when there is a breach in privacy, data security, or the loss of sensitive information. Our rapid response team is available to assist clients in responding to such security or data breaches. Members of the team have experience in investigating potential breaches and engaging forensic experts under attorney-client privilege, when necessary. The rapid response team will assess the scope of the breach, determine controlling laws and regulations, advise regarding notification requirements and recommend strategies to reduce potential liability. We also assist clients in establishing in-house rapid response teams.
Our attorneys work to handle any government inquiry that may arise from a security incident. We work through investigations to limit disruptions to our clients’ business operations and to eliminate or mitigate the chance of regulatory penalties. We have attorneys with experience responding to inquiries from the Federal Trade Commission, Department of Health and Human Services, financial services regulators, and state attorneys general.
Data protection is not always about defense. Clients also need to enforce their chosen data security strategies and privacy rights. We are experienced in preparing and delivering cease-and-desist letters, as well as referrals to proper regulatory agencies. We understand and counsel our clients on the value of monitoring systems that warn them when suspicious or unusual activity is occurring. We also help clients document their privacy and security schemes meant to ward off and prevent phishers, spammers, scammers and other cybercriminals.
Our Privacy and Data Protection attorneys have been trusted with managing a diverse array of data privacy and security experiences. We have attorneys with deep expertise in privacy issues and breach of data security requirements for payment networks, consumer data breach notification obligations across all 50 states, and obligations under HIPAA for covered entities and business associates.
Our attorneys have handled data breaches ranging from very simple cases involving lost mobile devices to sophisticated data breaches caused by viruses, such as the Coreflood virus. We have represented insurance companies, financial institutions, health care providers, educational institutions, and businesses. We have represented clients from the moment breaches have been discovered through incident response, analyzing the extent of breaches, advising regarding responsibilities under applicable laws and regulations, and drafting notification letters to victims of the breach.
We have successfully defended our clients in complex litigation, class action lawsuits under FRCP Rule 23, and collective actions under FLSA Section 216(b).
We receive referrals and have access to invaluable legal resources as a member firm in Lex Mundi and the USLAW networks. Baird Holm has led the effort for USLAW to expand its network of law firms ready to respond to data breaches on a national and international basis.
- Banking and Financial Services
- Educational Institutions
- Employers and Human Resources
- Employer-Sponsored Group Health Plans
- Employee Benefits
- Exempt Organizations
- Franchise and Distribution
- Health Care
- Long-Term Care Facilities
- On-Site Medical Clinics
- Community Health Records
- Hospital Associations
- Accountable Care Organizations and Alliances
- Business Associates
- Wellness Providers
- Non-Bank Financial Service Providers
- Payment Card Providers
- Public and Private Foundations
- Software Developers and Service Providers
- State and Local Governmental Entities
- Mobile Devices
- Security Consultants
- ADA Employee Health Care Information Confidentiality
- Breach Notification
- Breach of Confidentiality
- Breach of Contract
- Cloud Computing
- Class Action Lawsuits
- Computer Fraud and Abuse Litigation
- Computer Security
- Confidential Information Agreements
- Constitutional Privacy Issues
- Data Breach Notification Laws (State and Federal)
- Data Breaches and Incident Response
- Data Brokers
- Data Protection
- Data Security
- Directors and Officers Liability
- E-Government Act
- Fair Credit Reporting Act
- Federal Privacy and Security Legislation
- Financial Privacy
- HIPAA/HITECH Compliance
- HIPAA and Related Common Law Claim Litigation
- Identity Theft
- Information Governance
- Information Security
- International/Cross-Boarders Privacy Law
- Invasion of Privacy
- Medical Privacy
- Mobile Privacy
- Online Data Tracking
- Online Privacy
- Payment Card Industry
- Polygraph Protection Act
- Privacy Litigation
- Regulatory Enforcement Actions
- Risk Assessments
- Securities Litigation
- Security Policy Development
- Social Media
- State Reference Check Laws
- Student Data Privacy
- Trade Secret Misappropriation Litigation
- Workforce Training
- Workplace Privacy
- Bad Credit Karma: FTC Settlements Show Importance of Securing Mobile App Data
- Iowa Broadens Security Breach Notification Provisions
- And the Money Keeps Rolling in … Recent HIPAA Settlements and the Focus on Encryption
- OCR Announces First HIPAA Settlement with County Government
- HIPAA Audits Round Two: Is Your Organization Prepared?
- HIPAA and CLIA Strengthen Rules on Direct Access to Laboratory Test Results
- New OCR Guidance on Disclosure of Mental Health Information under the HIPAA Privacy Rule
- FTC Joining the Regulatory Framework for Health Care Data Security Practices
- Meaningful Use Update: CMS Announces Revised Timeline
- HHS Announces Proposed Rule Amending the HIPAA Privacy Rule for Reporting to the National Instant Criminal Background Check System
- Update: EHR Donation Sunset Extended
- Reminder: The HIPAA “Omnibus Rule” is Now in Effect
- HIPAA Threat of Harm Exception Gets a Second Look
- It’s Complicated: Requests for Patient Information/Access for Research
- NLRB and EEOC Target Key Terms of Confidentiality and Severance Agreements
- Computer Fraud and Abuse Act Implications for Employers
- Attention Financial Institutions: FFIEC Issues Final Social Media Guidance
- Beware of Employee Medical Exams – GINA is Watching!
- Protecting Your Digital Assets
- “Unlimited Operations”: FFIEC Guidance against a 21st Century Bank Heist
- Disclosures on a Mobile Device: Key Take-Aways from Limited Federal Guidance