Law, Put to practice.

Privacy & Information Security

Online marketing. Social media. Electronic payment systems. Ubiquitous mobile devices and consumer electronics, all of which can ultimately be connected to the “Internet of Things.” Each of these is a communication channel that offers businesses wide access to personal information, allowing for convenient customization of products and services. The danger? Exposure and liability when criminal activity or internal technology failure results in lost or compromised customer and/or company data. When working with vendors there may be additional risk in the event of a data breach, and it’s imperative to show reasonable steps were taken to protect data.

The complexity of statutes and regulations that govern data collection, storage, and disposal is compounded by variances in-laws when your business operates in multiple states or internationally. With no single federal standard that answers every data privacy scenario, organizations are forced to mitigate risk by continuously updating their cybersecurity processes and policies — or face potentially significant legal consequences by failing to do so.

Healthcare and financial service organizations face intense scrutiny regarding their practices for collecting, using, and securing personal health and financial information under the Health Insurance Portability and Accountability Act (HIPPA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the Fair Credit Reporting Act (FCRA) and the Gramm-Leach Bliley Act (GLBA).

Other industries are not immune, as evidenced by the Federal Trade Commission’s (FTC) increasing number of enforcement actions against retailers, hotels, technology companies, and fitness centers alleged to have insufficient steps to protect customers’ private information.

As federal and state legislators, regulatory agencies, and industry organizations consider additional legal requirements, all businesses need to know:

  • What types of information are protected
  • their legal obligations in the collection, security, and disposal of such information
  • their responsibilities for notifying customers, law enforcement, and regulatory agencies if there is a data security breach.

Our Privacy and information Security practice offers a wide range of knowledge, skills, and experience in counseling clients on electronic communications, cybersecurity, privacy, and data protection issues. The group includes members who are CIPP/US certified by the International Association of Privacy Professionals (IAPP) and have substantial experience advising and representing internet service providers, retailers, utilities, and companies in the telecommunications and healthcare industries. In addition, we counsel businesses in managing risk related to data collection and security through contracts with vendors and others and in preparing and adopting privacy and business policies.


Our work in this practice crosses over to the following industries:
Contact one of our Privacy Attorneys today.

We appreciate your interest in Stoll Keenon Ogden. If you are not a current client, do not include any confidential or secret information in your email. SKO may not have a duty or legal obligation to keep confidential any information that you provide to us (in person or electronically) until you become a client of the firm.

For your own protection, please do not send any information specific to your legal needs until you obtain approval from an SKO Attorney.

Explore Further: Related News

May 6, 2024
On April 4, 2024, Governor Andy Beshear signed into law the Kentucky Consumer Data Protection Act (the KCDPA). Currently, fifteen other states have also enacted a comprehensive privacy law. Like other comprehensive privacy laws, the KCDPA primarily (1) establishes certain rights of Kentucky consumers with respect to personal data; and (2) establishes obligations for businesses […]
September 4, 2020
September 8, 2020 By  Lynn H. Wangerin Member Stoll Keenon Ogden PLLC (502) 560-4283 Andrew Donovan Attorney Stoll Keenon Ogden PLLC (859) 231-3076 The summer of 2020 was a summer like no other. The COVID-19 pandemic has forced us into our homes for long periods of time and resulted in significant changes in […]
March 31, 2020
March 31, 2020 By Dana Howard Member, Stoll Keenon Ogden, PLLC (859) 231-3018 and Nealy Williams Attorney, Stoll Keenon Ogden PLLC (859) 231-3086 The COVID-19 pandemic has cast a spotlight on the importance of cybersecurity for newly remote-workplaces. As the number of teleworking employees increases, so too does an employer’s exposure to cybersecurity […]