Spencer Fane LLP Logo

Cybersecurity Regulatory Investigations and Litigation

When companies face cyber and privacy-related regulatory investigations or litigation, Spencer Fane Data Privacy and Cybersecurity attorneys serve as fierce protectors, working to minimize risk so businesses can uphold their reputations by showing they appropriately use and protect customer information.

Whether proactive or reactive, we help identify and manage risk by understanding a client’s business and overall objectives. This allows us to develop strategies to manage a breach and then effectively resolve related issues – up to and including the litigation process.

The team’s varied experience in complex investigations and litigation prepares our attorneys to successfully defend clients in a multitude of scenarios. We have a strong track record representing clients in investigations with the Office for Civil Rights (OCR), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), and state regulators such as the Attorneys General and Department of Insurance.

Cybersecurity incidents pose risks to a company’s reputation, and if not handled appropriately, the financial consequences can be dire. Clients can purchase insurance, but harm done to a company’s name through negative publicity can’t be covered for any concrete dollar amount. Spencer Fane works to put safeguards in place that put clients in a position of strength if faced with a regulatory investigation and/or litigation related to a data breach or cybersecurity incident. Our goal is to help clients maintain the trust of their consumers, business partners, and investors.

Representative Experience 

  • Resolved an investigation with OCR through voluntary compliance following a breach reported by the hospital after its vendor inadvertently published the financial information of over 8,000 individuals on the internet.
  • Responded to inquiries from several state Attorneys General related to voluntary breach notifications or consumer complaints regarding privacy or security practices.
  • On behalf of a non-profit organization, resolved an OCR and Attorney General investigation following a ransomware attack affecting the organizations’ computer systems and storage of personal information.
  • Defended multiple claims brought by patients against hospitals and other health care providers in state court alleging privacy violations based on unauthorized employee access, inadvertent disclosure to an employer, release of information under an invalid subpoena, and other disclosure situations.