Attorneys & ProfessionalsView List
Privacy & Data Security
Privacy & Data Security
Growing companies benefit directly from the collection and use of data. Whether it’s collecting customer information, fine-tuning online advertising, or purchasing new programs to help synthesize the two, Vorys has worked with companies for more than a decade to keep their data safe and abide by constantly-changing domestic and global regulations. Doing so requires attorneys who are familiar with the technology you use, the policies by which you must abide, and the nuances and risks that can cause problems. Vorys regularly navigates these waters, and our team works with companies like yours to ensure you can confidently use data to grow your business.
Privacy of data cannot be ensured without security, and data security is the subject of increased scrutiny from regulators, litigants, industry and boards. Our attorneys have deep experience in advising a range of clients during all stages of the data lifecycle, including data security breaches, litigation, regulatory investigations, privileged and non-privileged forensic investigations, privacy policies and procedures, cross-border data transfers, employee privacy issues, training programs, compliance audits, commercial transactions, and email and telemarketing regulation.
- Representing a national grocer in its defense against a proposed class of shoppers in customer data security breach litigation. In the case, several class actions were consolidated into multi-district litigation and the shoppers alleged that they were harmed when hackers gained access to and installed malicious software on the payment-processing network for payment card transactions at stores where the payment-processing network was used. Vorys successfully showed that the shoppers failed to allege sufficient harm to pursue their claims in court. The judge dismissed the shoppers’ claims before significant discovery occurred.
- Represented payment processors in data breach litigation in the First, Third and Fifth Circuits; in each case, the favorable rulings from the district courts were substantially upheld. Each of these cases was one of first impression in their respective Circuit, and resulted in groundbreaking opinions in the area of data security breach law.
- Representing one of the nation’s largest financial institutions in its role as payment card processor in one of the largest-ever compromises of credit and debit card data from a merchant. The litigation stemmed from the reported theft of nearly 50 million payment cards from the T.J. Maxx chain of stores. Vorys successfully assisted in abating and mitigating the compromise and developing strategies to address numerous liabilities. Vorys successfully defended against dozens of class actions filed by consumers and financial institutions in numerous federal courts throughout the country, obtained consolidation of those cases through the Judicial Panel on Multidistrict Litigation, defeated class certification and obtained dismissal of the remaining claims. Additionally, our firm was intimately involved in sensitive negotiations with payment card networks that yielded tens of millions of dollars in recovery to issuers of payment cards (unprecedented in the industry at the time), and with no liability to our client.
- Assisting with the data breach that occurred at a large university, involving 700,000 individuals. We worked with a committee made up of various groups within the university, including IT, information security, treasury, public relations, alumni, legal and others to put together a plan for the response. We also worked with the companies providing forensic reviews of the incident and assisted with finalizing the contract with Experian for credit monitoring for and notification of the affected individuals. From the HR side, we conducted interviews at the conclusion of the events to prepare a report with recommendations.
- Representing a restaurant chain with multiple franchisees in a data breach event involving approximately one-third of the restaurants. We worked with the forensic investigator to encourage them to continue to look for the actual cause of the breach, and the investigator did discover a flaw in the certified software. Although the amount of counterfeit fraud in this matter was significant, the result of the software discovery and our efforts significantly limited the assessments to the client from the payment card brands.
- Working with a national retailer to create and implement a privacy audit, evaluate the results of the audit and prepare recommendations to address gaps discovered during the audit.
- Participating in desktop incident response trainings with an international energy company over several years. The training then provided the opportunity to amend the incident response plans that we had put in place for the client.
- Negotiating with American Express, Visa and MasterCard on numerous occasions to address liabilities related to data breaches. We understand the formulaic processes applied in these cases, and we are able to significantly reduce assessments by the payment card brands after data breach events.
- Providing data breach coaching services for retailers, conducting customized tabletops for senior management, advising on incident response planning, and negotiating with data breach related vendors.
- Representing a national food & beverage chain before the Federal Trade Commission during the investigation related to a data breach. Negotiated the resulting consent decrees with no monetary liability to our client, and advised on the compliance obligations imposed by those consent agreements.
- Advising clients on TCPA risks, compliance measures and strategies, and best practices, as well as representing clients in TCPA litigation.
- Assisting a financial institution to avoid any liability whatsoever in a dispute that arose from a data breach of one of its customers.