Skip to Main Content.

Data Security & Privacy

Helping clients comply as they innovate.

Our team of business, intellectual property and litigation attorneys advises on all aspects of privacy compliance, information handling, data security, breach preparation and response, enforcement and other related litigation. We guide clients in taking practical steps to meet their legal obligations and mitigate operational and reputational risks.

Several of our privacy professionals have achieved their International Association of Privacy Professionals privacy credential. Our ranks also include former technology professionals, engineers, and software developers. While each attorney on our team brings a distinct skillset, the one common denominator is that we are fluent in the technology and sophisticated data management systems used by businesses competing in today’s economy.

We recognize that an effective compliance program must be tailored to each client’s operations, data practices, and risk profile. We draw upon our collective experience and deep regulatory knowledge to help clients enhance their cybersecurity architecture and navigate their legal and regulatory requirements in the U.S., Europe and globally.

Incident Response Services | Learn More

Cyber Incident Response Planning

Our Privacy & Data Security Team not only understands the cyber-threat landscape, but we know where to prioritize. We help clients identify system vulnerabilities, incorporate security-by-design principles where necessary, and develop proactive incident response plans to minimize the legal and reputational impact of cybersecurity threats. In the event of a data breach or ransomware attack, we work with clients to contain the threat, recoup losses, draft and issue disclosure statements, and take appropriate steps to limit their legal and regulatory exposure.

To help prevent the unthinkable, we provide training to industry groups as well as company or non-profit boards of directors, executives, and employees, to ensure that your team understands the threat landscape. We also provide experienced counsel for your organization’s overall data privacy and cybersecurity policies, procedures, and insurance protection. We integrate your IT and compliance teams to ensure a concerted approach to the growing ransomware threat, or we can bridge the gap if your organization does not have an internal team.

Representative Incident Experience
  • Advising private and publicly traded companies regarding the collection, use, protection, and disclosure of confidential and personal information.
  • Advising companies regarding compliance with the European Union’s General Data Protection Regulation (GDPR) and related laws.
  • Advising companies regarding compliance with the California Consumer Privacy Act and similar state laws.
  • Advising companies on domestic and international laws affecting cross-border transfers of confidential information, as well as the necessary content of privacy notices.
  • Preparing and implementing comprehensive information governance and security programs and policies.
  • Providing education and training to employees, officers, and directors relating to applicable privacy and information security policies.
  • Assisted a national restaurant chain with a credit card data breach in dozens of states with over one million card exposures. Responsibilities included emergency response coaching, breach evaluation, breach notification, breach vendor management, liability assessments, negotiations with processors, acquiring banks, issuing banks and card brands, and litigation support.
  • Assisted a large multinational corporation with its evaluation of and response to a ransomware attack that crippled all corporate servers, including human resources and payroll.
  • Assisted a company with response and notification arising from infiltration of the company’s system that altered payroll files processed by a third-party payroll processor. Responsibilities included working with a forensics investigation firm, coordination of notification to employees, and negotiation with the cyber liability insurance provider.
  • Consulted with an international manufacturing business regarding a “phishing” incident directed at employees’ personal data. Responsibilities included identification of the scope of attempted intrusion, analysis of potentially applicable law of multiple jurisdictions, and assessment of technological safeguards in place to prevent an actual security breach of the information systems in question.
  • Advised a midsized consumer retail services business on response to employee theft of personal information from company systems. Worked with the client’s IT department to identify access and attempted misappropriation of information and coordinated with law enforcement for potential prosecution and assessment of any breach notification.
  • Preparing and, if necessary, executing incident response plans in the event of a security breach.
  • Overseeing and directing breach response activities, including forensic investigations, coordination with law enforcement agencies, compliance with all applicable state breach notification laws, compliance with contractual notice obligations, and responding to inquiries from the Federal Trade Commission and state attorneys general.
  • Conducting internal investigations regarding employee theft of confidential information and trade secrets.
  • Representing numerous companies in responding to security breaches, including, most recently, two publicly-traded Fortune 500 companies.
  • Providing advice regarding the scope and application of cyber risk insurance policies, including the negotiation of favorable terms and conditions.

Key Contacts

A man in a suit and tie poses against a plain white background.
Jean Paul Yugo Nagashima

Partner

Washington, D.C.

A smiling person wearing a suit with a tie stands against a plain background.
Gene F. Price

Partner

Louisville, KY

Photo of the United States Capitol with overlayed computer circuitry.  The Intersection of freedom and artificial intelligence
Decoding the American Privacy Rights Act of 2024: What Your Business Needs to Know about the Propose...

May 1, 2024 | Publications

*This article was published by Security Info Watch on May 17, 2024. The American Privacy Rights Act ...

Abstract digital composite of gavel and binary codes.
Kentucky Joins Growing List of States to Enact a Comprehensive Data Privacy Act. What Does It Mean f...

April 18, 2024 | Publications

The Kentucky Consumer Data Protection Act, or KCDPA, was signed into law by Governor Andy Beshear on...

Digital chatbot, A.I., robot application, conversation assistant, AI Artificial Intelligence concept. Woman using mobile smart phone chatting with digital chatbot customer service
AI Chatbots, Hallucinations, and Legal Risks

April 15, 2024 | Publications

Artificial intelligence (AI), particularly in the form of large language models (LLMs), has become a...

an abstract representation of solving problems using artificial intelligence to increase reliability and reduce losses and accidents during the transmission of electrical energy
AI and Energy: Network Innovation and Growth

April 9, 2024 | Publications

*This article was also published in Pratt’s Energy Law Report’s June 2024 edition. This ...

"Montage of an eye, binary code and people walking on a city pavement."
What Happens to Your Sensitive Data After It Is Submitted to the Government Under the Corporate Tran...

March 29, 2024 | Corporate Transparency Act

The Corporate Transparency Act (CTA)[1] is designed to combat the use of shell company structures t...

Surgeon Medical Technology
AI and Health Care Providers: Managing the Risks with Data

March 12, 2024 | Blogs

Artificial intelligence (AI) applications in health care can create better, stronger, and faster sol...

Long exposure highway at night with blue and orange lights
Frost Brown Todd’s AutoConnect Conference to Focus on Road Ahead as Industry Reaches an Inflection...

March 11, 2024 | Press Releases

Thought leaders from across the U.S. will assemble in Nashville to assess opportunities and challeng...

A busy factory floor with machinery and conveyor belts, suggesting a highly industrialized setting with automation.
Using Generative AI in Manufacturing: Three Key Considerations

February 16, 2024 | Publications

This is the second in a series of articles outlining successful approaches to integrating AI into bu...

Photo of the United States Capitol with overlayed computer circuitry.  The Intersection of freedom and artificial intelligence
Will AI Destroy the DMCA Copyright Compromise?

February 14, 2024 | Publications

In the 1990s, as today, the internet ran on content, which meant that it both had, and was, a proble...

Young Female Teacher Giving a Data Science Presentation in a Dark Auditorium with Projecting Slideshow with Artificial Intelligence Neural Network Architecture. Business Startup and Education Concept
Three Steps to AI Success for CEOs

February 4, 2024 | Publications

How to perfectly surf the artificial intelligence (AI) wave is a challenge for many businesses and t...

Stay ahead of the law.

Subscribe to receive email updates and choose your topics.