Law, Put to practice.

Privacy & Information Security

Online marketing. Social media. Electronic payment systems. Ubiquitous mobile devices and consumer electronics, all of which can ultimately be connected to the “Internet of Things.” Each of these is a communication channel that offers businesses wide access to personal information, allowing for convenient customization of products and services. The danger? Exposure and liability when criminal activity or internal technology failure results in lost or compromised customer and/or company data. When working with vendors there may be additional risk in the event of a data breach, and it’s imperative to show reasonable steps were taken to protect data.

The complexity of statutes and regulations that govern data collection, storage, and disposal is compounded by variances in-laws when your business operates in multiple states or internationally. With no single federal standard that answers every data privacy scenario, organizations are forced to mitigate risk by continuously updating their cybersecurity processes and policies — or face potentially significant legal consequences by failing to do so.

Healthcare and financial service organizations face intense scrutiny regarding their practices for collecting, using, and securing personal health and financial information under the Health Insurance Portability and Accountability Act (HIPPA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Fair Credit Reporting Act (FCRA) and the Gramm-Leach Bliley Act (GLBA).

Other industries are not immune, as evidenced by the Federal Trade Commission’s (FTC) increasing number of enforcement actions against retailers, hotels, technology companies, and fitness centers alleged to have insufficient steps to protect customers’ private information.

As federal and state legislators, regulatory agencies, and industry organizations consider additional legal requirements, all businesses need to know:

  • What types of information are protected
  • their legal obligations in the collection, security, and disposal of such information
  • their responsibilities for notifying customers, law enforcement, and regulatory agencies if there is a data security breach.

Our Privacy and information Security practice offers a wide range of knowledge, skills, and experience in counseling clients on electronic communications, cybersecurity, privacy, and data protection issues. The group includes members who are CIPP/US certified by the International Association of Privacy Professionals (IAPP) and have substantial experience advising and representing internet service providers, retailers, utilities, and companies in the telecommunications and healthcare industries. In addition, we counsel businesses in managing risk related to data collection and security through contracts with vendors and others and in preparing and adopting privacy and business policies.


Our work in this practice crosses over to the following industries:
Contact one of our Privacy Attorneys today.

We appreciate your interest in Stoll Keenon Ogden. If you are not a current client, do not include any confidential or secret information in your email. SKO may not have a duty or legal obligation to keep confidential any information that you provide to us (in person or electronically) until you become a client of the firm.

For your own protection, please do not send any information specific to your legal needs until you obtain approval from an SKO Attorney.

Explore Further: Related News

August 5, 2022
August 5, 2022 By Lynn H. Wangerin Member, Stoll Keenon Ogden PLLC (502) 560-4283 What is a WISP? A “WISP” is a Written Information Security Program which documents the measures that an organization takes to secure and protect the confidentiality and integrity of the personal information or other sensitive information (“protected information”) that the […]
February 1, 2022
On Wed., Jan 26, Lynn H. Wangerin presented the firm’s eleventh “SKO U” CLE WebEx for Indiana and Kentucky In-House Counsels – “Here, There and Everywhere – Where is and what should you do with data?”. Through her presentation, Lynn addressed what should be done about data collection, retention and use – laws and regulations […]
February 18, 2021
February 18, 2021 By Lynn H.Wangerin Member, Stoll Keenon Ogden PLLC (502) 560-4283 With the current focus on data privacy and security as well as the growing use of technology in your business, do your agreements with vendors contain the protections you need? Simply because you engaged a vendor for a particular task will […]