Data Security & Breach Response

We offer prompt and efficient data breach response and clear practical guidance in the face of complex regulatory requirements and negative brand reputation.

Our approach

The compromise of confidential customer, patient or employee information can have a serious impact on your company’s reputation and finances and has serious consequences for those whose privacy is violated.

We take the stress out of the situation. Our team helps clients protect their data long before an incident occurs, plan for situations beyond their control and respond quickly and appropriately to data breaches.

We have the systems and assets already in place that make the difference between a scramble and an efficient and compliant response. We manage media responses and coordinate with trusted vendors who provide high-volume breach notification, call center functions, credit monitoring, forensic analysis and remediation efforts. Our team also provides step-by-step navigation of any litigation or government investigation.

The combination of many well-meaning federal and individual state laws means increasingly complex requirements for data security, data breach notification and data destruction/disposal. We clarify your compliance needs, analyze your risk of data breach, evaluate your existing privacy policies and practices, train employees and help you put best-practice procedures into action.

Who we work with

  • Companies at any stage of data theft or loss, whether intentional or accidental, including victims of hacking, disgruntled or careless employees and natural disasters
  • All businesses, organizations and government entities that collect, transmit or store sensitive or personally identifiable information
  • All industries including technology, health care, finance, infrastructure, defense, energy, big data, social media, data storage and professional services
  • Health care providers, business associates and others impacted by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Law firms, accounting firms and other professional advisors working with sensitive client information


  • Recognized by Chambers USA as a nationwide leader in the Field of Privacy Law

Recent experience

  • Provided emergency response and strategy for numerous clients following the theft or loss of large amounts of sensitive information
  • Represented multiple companies in incidents involving misdirected e-mails containing personal information and requiring notification under state law
  • Represented several manufacturers, food service companies and service providers in data breach response
  • Helped a large corporation respond to a hacking incident
  • Helped various companies address the theft of personal information by employees
  • Provide ongoing counseling to various areas of the health care industry, helping with security risk assessments following an unauthorized access, use or disclosure of data and helping determine whether notification is required under state and federal breach notification regulations

European Union law on data protection takes effect

Rochester Business Journal | June 08, 2018

Rochester corporate group partner Jeremy Wolk and associate Jenny Holmes co-wrote this contributed article on the introduction of the General Data Protection Regulation, “a set of tougher rules designed to give European Union citizens more control over their personal data.” The regulation applies to all organizations, regardless of location, that handle the personal data of EU citizens.

Three shady—and all too common—things that digital health startups do to make money

CNBC | November 17, 2017

Los Angeles health care partner Jill Gordon, who this article identifies as a “top lawyer” in the digital health space, provides in-depth commentary regarding the three common practices she’s seen among health technology startups that may violate medical regulations and what companies should be aware of to avoid costly penalties.

Aetna's HIV lapse shows snail mail's privacy pitfalls

Law360 | August 25, 2017

Chicago health care partner Valerie Montague is quoted in this article about how Aetna Inc.’s mailed letters to policy holders regarding prescriptions for HIV drugs violated the Health Insurance Portability and Accountability Act.

What businesses need to know about the Internet of things

WJAR-TV (Providence NBC affiliate) | July 13, 2017

Providence commercial litigation counsel Steven Richard is interviewed in this television segment about what steps companies can take to better secure their data and be less vulnerable to hacking.

Employees' smartphones threaten company security

Rochester Business Journal | January 20, 2017

Chief Information Officer Mike Green and Rochester labor and employment associate Jenny Holmes are quoted in this article about data protection issues surrounding bring your own device policies.

HIPAA spotlight: key stats from a banner year

Law360 | January 17, 2017

This article recaps HIPAA stats and highlights from the past year. Chicago health care partner Valerie Montague is quoted throughout discussing privacy breaches and how health care organizations react.

No immunity from cyberattacks and data breaches in 2016 and beyond

Rochester Business Journal | January 13, 2017

Rochester private equity and investment funds partner Jeremy Wolk and labor and employment associate Jenny Holmes co-authored this column about cyber security. The column provides an overview of the risks and potential legislative changes that could help small businesses and tips for creating a privacy policy.

Ransomware is Rampant & Your Risk Analysis Might Save You

Health Information Compliance Alert | June 01, 2016

Providence commercial litigation counsel Steven Richard is quoted in this article focused on the results of a new study highlighting a new trend toward specialized data breach insurance policies.

The Risk of Data Misuse by Health Care Co. Employees

Law360 | May 25, 2016

Government Investigations & White Collar Defense partner Tina Sciocchetti, health care partner Laurie Cohen and commercial litigation associate Michal Ovadia co-authored this column discussing the risks companies that collect or maintain sensitive personal information face when a rogue employee compromises data security.

Back to top