Professionals

Name / Keyword Office Practice Industry Language Show All
Practices

Business and Corporate

Construction

Coronavirus (COVID-19): Navigating the Path Ahead

Data Protection, Privacy and Cybersecurity

Emerging Companies

Environment, Social and Governance (ESG)

Financial Services

Global Business

Government Enforcement and Investigations

Government Relations and Public Policy

Health Law

Hospitality

Immigration

Intellectual Property

Labor & Employment

Litigation

Mergers and Acquisitions

Product Liability, Class Action and Mass Tort

Real Estate

Securities

Tax

Technology

Transportation and Logistics
Industries

Automotive

Aviation and Aerospace

Construction

Disaster Recovery and Government Services

Drug, Device and Life Sciences

Education

Energy

Financial Services

Gaming

Governmental Entities

Health Care

Hospitality

Long Term Care

Manufacturing

Real Estate

Retail

Technology

Telecommunications

Transportation and Logistics
Experience

Featured Case Study
Community Healthcare Trust Incorporated Community Healthcare Trust Incorporated More Case Studies

Search Experience
Keywords Practice Industry
News & Events

Professionals
Practices
Industries
Experience
News & Events
Other Pages

Quick Results

View More Results

Practices

Data Incident Response

Print Version

When incidents arise, Baker Donelson's credentialed data incident response team provides real-time legal and highly technical advice 24/7/365.

Featured Videos

Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT May 17, 2023

Top 10 Cybersecurity and Privacy Issues for 2023 January 25, 2023

Cybersecurity and Privacy – Trending Topics for Financial Institutions September 22, 2022

The New GLBA Safeguards Rule – What Financial Institutions Need to Know November 17, 2021

Breaking Down a Ransomware Attack: Recent Observations, How Ransom Negotiations Work, and What You Need to Know October 20, 2021

Crisis Communications During a Data Incident: Essentials for Your Organization August 18, 2021

Practice Overview

When incidents arise, Baker Donelson's credentialed data incident response team provides real-time legal and highly technical advice 24/7/365. We assist clients through all phases of a data incident. Our established relationships with forensic investigators, consumer notification mail houses, call centers and public relations firms provide clients the ability to staff even the largest breach matters from the first call. Baker Donelson has been recognized as an authorized NetDiligence Breach Coach^® signifying it as a top tier law firm for Data Security, Privacy and Incident Response.

More than one-third of our Data Incident Response Team includes members who are certified by the International Association of Privacy Professionals (IAPP) as Certified Information Privacy Professionals (CIPP/US, CIPP/E, CIPP/A and/or CIPP/C) and two attorneys who are Certified Information Privacy Managers (CIPM). In addition, our team includes a member certified in the Law of Data Security and Investigations (GLEG), a Fellow of Information Privacy (FIP), a Privacy Law Specialist (PLS) and another who is certified as a Payment Card Industry Professional (PCIP).We have attorneys who specialize in handling incident responses in highly regulated industries, such as education, financial institutions and health care.

We assist clients through all phases of a data incident including:

Working with industry experts to assist with detection, containment and recovery;
Collaborating with expert third-party ransomware responders to advise clients on ransomware negotiations;
Coordinating e-Discovery efforts when intrusions are identified;
Communicating on behalf of our clients with state and federal law enforcement agencies with whom we have established relationships;
Assisting with assessment and drafting of any state and federal notification obligations;
Managing communications with vendors, employees, customers and other stakeholders;
Responding to any state and federal government investigations that result from an incident;.
Providing analysis to assist in developing post-incident remediation; and
Representing clients in ensuing litigation, including class action cases, involving data incident issues.

Led an incident response team for a medical information technology company after a ransomware incident. Oversaw HIPAA issues, regulator issues and breach notification in multiple states, and managed law enforcement interaction, overseeing crisis communications and litigation arising from the data breach.
Managed a ransomware incident for a national transportation and logistics company. Led the incident response team in managing breach notification in multiple states, law enforcement interaction, overseeing crisis communications, and compliance with relevant breach notification laws in 30 states.
Represented a U.S. distribution company for an international lubricants company in managing phishing incident that led to significant wire fraud. Managed the response in dealing with U.S. privacy laws, GDPR, law enforcement interaction and breach notification in more than 14 states.
Represented a national bank whose vendor experienced a data incident that impacted hundreds of the bank’s corporate customers and more than 250,000 individuals.
Successfully negotiated a ransomware incident on behalf of a school board in a ransomware attack that resulted in network interruptions to schools providing education to more than 5,000 children.
Advised a leading e-commerce company that was severely impacted by a phishing attack on multiple employee e-mail accounts that required assessment of regulatory issues under the Payment Card Industry Data Security Standards (PCI-DSS) and responding to regulatory investigations by state attorneys general.
Successfully represented a large hospital system that experienced a data breach in the subsequent investigation by the Office for Civil Rights.
Advised a national brokerage firm with respect to potential individual and regulatory notification obligations arising from employee theft of electronic information.
Represented a bank in a wire fraud incident which resulted in a return of a portion of the stolen funds.
Assisted a mental health facility in responding to an incident involving a former employee's theft and misappropriation of patient mental health records.
Advised a network of automotive dealerships on breach notification obligations and remediation of a data incident related to theft of employee information.
Successfully resolved class action litigation against a national company resulting from data incident relating to a phishing attack on a company employee.
Assisted a national mortgage company with notification to individuals as well as state and federal regulators in response to an inadvertent email incident.
Represented a client who was a business associate with their response to an Office for Civil Rights (OCR) investigation regarding an alleged data breach that potentially impacted 3.5 million individuals. We assisted the client with documenting their security protocols and responding to the OCR investigation. The OCR dismissed the investigation with no adverse action.

"FTC Proposes Rulemaking to the Health Breach Notification Rule to Include Information Disclosures by Health Apps and Other Technologies" (May 2023)
"SEC Issues Multiple Cybersecurity Rule Proposals," republished May 3, 2023, in Corporate Compliance Insights (March 2023)
"VPPA Claims Are on the Rise – Latest Trend in Consumer Privacy Class Action Litigation," republished in Daily Business Review (March 2023)
"NCUA Approves New Cyber Incident Reporting Requirements: What Credit Unions Need to Know" (February 2023)
"U.S. Health Care Sector Should Take Immediate Mitigating Actions Due to Targeted Attacks by Pro-Russia Hacktivist Group" (February 2023)
"Beware of Cyber Attacks During the Holiday Season – Royal Ransomware Group Highlighted as Threats to the Health and Public Health Sectors" (December 2022)
"Software Developers With Federal Government Customers Must Provide Confirmation of NIST Standards," republished November 16, 2022, in Federal News Network (September 2022)
"New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
"New Safeguards Rule: How Will It Impact Financial Institutions?," Westlaw (December 2021)
"Protecting Privileged Forensic Reports," Today's General Counsel (December 2021)
"Ransomware State of the Union: Regulations, Trends and Mitigation Strategies," Rueters and Westlaw Today (October 2021)
"What Boards of Directors Need to Know about Cyber Incident Response," Rueters and Westlaw Today (August 2021)
"Incident Response Considerations: Protecting the Attorney-Client Privilege," Rueters and Westlaw Today (June 2021)
"How to Contend With a 21st Century Ransom Note," ABA Banking Journal (April 2021)
"NYDFS Surges Ahead with Cybersecurity Enforcement: Recent Fine Highlights Need for Financial Institutions to Focus on Incident Response" (March 2021)
"Key Takeaways from Recent Cyberattack Resulting in Demise of Hedge Fund" (February 2021)
"U.S.'s First Cyber Insurance Risk Framework Issued by New York Department of Financial Services," republished in Property Casualty 360 (February 2021)
"Data Privacy Day: Top Considerations for 2021," republished in CPO Magazine (January 2021)
"Proposed NY Privacy Bill Would Increase Business Obligations and Litigation/Enforcement Exposure for Businesses, Including Financial Institutions," republished in Banking Exchange (January 2021)
"Faster and More Comprehensive Breach Notification Requirements Proposed for Banks," republished in BankBeat (January 2021)
"The Year Ahead: Privacy and Cybersecurity Issues Facing Financial Institutions in 2021," republished in Bank Beat (January 2021)
"New Ransomware Advisories from OFAC and FinCEN Create Additional Challenges for Financial Institutions" (January 2021)
"Cyber Criminals Now Have the Keys to Your "House"" (December 2020)
"FBI Warns Hospital and Health Care Providers are Under Attack" (October 2020)
"HHS Releases Update to Security Risk Assessment Tool" (September 2020)
"OCC Issues Guidance on Safekeeping and Custody Services for Cryptocurrency," republished in Corporate Compliance Insights (August 2020)
"Lessons Learned from the NYDFS First Cybersecurity Regulation Enforcement Action," republished August 26, 2020, in Westlaw (July 2020)
"Human Resources and Employment Counsel Beware: Increase in Malware Attacks Raising New Concerns for Employers" (June 29, 2020)
"COVID-19 – Cybersecurity Risks for Health Care and Research Institutions are Heightened," republished June 2, 2020 in Corporate Compliance Insights (May 18, 2020)
"Critical Guidance for Financial Institutions on Security Considerations for Cloud Computing Environments," republished in Banking Exchange (May 2020)
"Don't Forget About Cyber Hygiene During Coronavirus (COVID-19) Outbreak," republished in Corporate Counsel (March 3, 2020) and Beazley Academy (March 17, 2020)
"Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
"Updated Version of HHS Security Risk Assessment Tool Released " (November 2019)
"FDA Issues Cybersecurity Alert to Health Care Providers and Device Manufacturers " (October 2019)
"Failure to Comply with the Cybersecurity Requirements of Your Government Contracts Can Lead to False Claims Act Liability," (August 2019); republished in Westlaw Journal Government Contracts (September 2019)
"Cybersecurity Preparedness: Standardization is Key," republished October 2019, in Westlaw Journal Bank & Lender Liability (August 2019)
"FERC Imposes Cybersecurity Standards on Third-Party Utility Vendors" (February 2019)
"More Help for Health Care Organizations: HHS Releases Voluntary Cybersecurity Practices Developed with Industry Input" (January 2019)

"The International Cyber Drill Experience: Cross-Border Breach" (December 2019)
"Local Perspective: How Louisiana is Addressing Cyber Attacks and What Businesses Can Do to Protect Themselves" (November 2019)
"Data Privacy and Security: The Role of the Tennessee Attorney General's Office" (October 2019)
"Cybercon 2019" (September 2019)
"JW Signature Cybersecurity Conference" (January 2019)
"Women in Tech, Securing Medical Devices, Health Records, and Cloud" (October 2018)
"Cybercon 2018" (October 2018)
"Cybercon 2017" (October 2017)
"Cybersecurity for the C-Suite and Management" (August 2017)
"Secure Chattanooga - Cyber Summit" (May 2017)
"Ransomware: More than a Technical Issue – Do You Need to Disclose?" (May 2017)
"Cyber Threats to Your Business" (October 2016)
"Cybercon 2016" (September 2016)
"Cybersecurity Forum with Israel and the American South," Atlanta, Georgia (August 2015)
"Chattanooga Cyber Summit" (May 2015)
"Tri-City Cyber Summit" (May 2015)
"Knoxville Cyber Summit" (February 2015)
"Data Security and Privacy Essentials for an Unsecure World" (October 2014)
"Will Your Company Survive a Data Breach?" (March 2014)

Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT (May 2023)
Top 10 Cybersecurity and Privacy Issues for 2023 (January 2023)
Cybersecurity and Privacy – Trending Topics for Financial Institutions (September 2022)
The New GLBA Safeguards Rule – What Financial Institutions Need to Know (November 2021)
Breaking Down a Ransomware Attack: Recent Observations, How Ransom Negotiations Work, and What You Need to Know (October 2021)
Crisis Communications During a Data Incident: Essentials for Your Organization (August 2021)
Ransomware Attacks in 2021: How to Navigate the Evolving Threat Landscape (July 2021)
Session Replay Technology and State Wiretap Class Actions: The Emerging Class Action Trend of 2021 (July 2021)
An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program (June 2021)
Additional Incident Response Considerations – Protecting the Attorney-Client Privilege and Involving Your Board of Directors (May 2021)
Incident Response: What You Need to Know (April 2021)
Enterprise Cyber Risk Management for Financial Services Organizations (April 2021)
How To Prepare for a Cybersecurity Incident (February 2021)
Cybersecurity for Financial Institutions: Essential Information on Cyber Incidents and Regulatory Issues (November 2020)
COVID-19: Cybersecurity and Data Privacy Considerations for Financial Institutions (April 2020)
Coronavirus: Privacy, Security and Telehealth for Long Term Care Providers (March 2020)
Coronavirus (COVID-19): What Your Business Should Do Right Now (March 2020)
M&A and Cyber Risk: The Intersection Between Growth and Risk (May 2019)
Cybersecurity and Data Privacy Essentials for Financial Service Providers (July 2018)
Ransomware: Preparing for a Modern Threat to Patient Safety (June 2017)
The Evolving Landscape of Data Privacy and Cybersecurity in the Financial Services Industry (January 2017)
Financial Institutions and Data Breach Diligence (May 2016)

Baker Donelson Authorized as Top Tier Firm by NetDiligence^® for Data Security, Privacy, and Incident Response (December 5, 2022)
Baker Donelson Corporate Attorney Justin S. Daniels Co-Authors Data Reimagined: Building Trust One Byte at a Time (October 11, 2022)
Baker Donelson's Matt White Earns Certified Information Privacy Technologist Certification (August 30, 2022)
Privacy and Technology Attorney L. Hannah Ji-Otto Joins Baker Donelson (August 17, 2022)
Baker Donelson Continues to Expand Its Technology & Privacy Practice with Addition of Vivien F. Peaden in Atlanta Office (August 4, 2021)
Data Privacy Attorney Monica J. Manzella Joins Baker Donelson (June 30, 2021)
Baker Donelson's Alex Koskey Earns Payment Card Industry Professional Certification (May 17, 2021)
Baker Donelson's Matt White Earns Payment Card Industry Professional Certification (March 22, 2021)
Layna Cook Rush Named Chair of Baker Donelson's Data Incident Response Team (March 5, 2021)
Baker Donelson Hosts Fifth Annual Cybersecurity Conference: Cybercon 2019 (September 19, 2019)

Justin Daniels Talks with Commercial Carrier Journal About How Cybersecurity Risks Factor into Insurance Considerations for Autonomous Vehicles (May 16, 2023)
In Commercial Factor Q&A, Alex Koskey and Matt White Discuss Risks and Rewards of Utilizing AI in Financial Services (April 20, 2023)
Layna Rush Shares Best Practices for Cyberattack Response Planning in Healthcare Risk Management (April 1, 2023)
Justin Daniels Discusses Importance of Cybersecurity in Business Exit Planning on GrowthTV Tech Series: Powering the Future of the Middle Market (February 10, 2023)
Justin Daniels Quoted in The Drum on Need for Meaningful Legislative Change Around Data Privacy and Security (February 7, 2023)
Justin Daniels Shares the Best Professional Advice He Ever Received on Middle Market Growth's GrowthTV (August 1, 2022)
Justin Daniels Featured on Middle Market Growth's GrowthTV Discussing Importance of Cybersecurity in Exit Planning Process (July 11, 2022)
Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
Aldo Leiva Featured in Dairy Foods Magazine Offering Advice for Manufacturing Industry on Mitigating Cybersecurity Risk (April 5, 2022)
In Q&A with Global Atlanta, Justin Daniels Outlines Why the Ukraine War is a Watershed Moment in U.S. Cyber Readiness (March 3, 2022)
Justin Daniels Discusses SEC Push for More Transparency Related to Cybersecurity in Inc. (February 14, 2022)
Justin Daniels Quoted in E-Crypto News on Potential Regulatory Issues for NFTs in 2022 (January 28, 2022)
Layna Rush Comments in Tech Target on Impact of Potential Litigation and Regulatory Action from Data Breaches (January 20, 2022)
Justin Daniels Offers His Perspective on NFT Industry Predictions for 2022 in App Developer Magazine (January 4, 2022)
Layna Rush Quoted in Commercial Risk on Data Breach Response for the Vaccine Supply Chain (October 12, 2021)
Aldo Leiva Discusses Impact of Session Replay Lawsuit Dismissal in Daily Business Review (September 14, 2021)
Monica Manzella Quoted in Healthcare Risk Management on Recent Ruling Reaffirming HIPAA Does Not Create Private Right of Action (August 23, 2021)
Justin Daniels Discusses the Privacy and Security Risks of Connected Health Devices in Healthcare Info Security (August 23, 2021)
Aldo Leiva Comments on Cuban-American Legal Community's Efforts to Help Cuban Activists in Daily Business Review (August 16, 2021)
Aldo Leiva Quoted in Daily Business Review on Growth in Commercial Litigation Regarding Session Replay Software (August 12, 2021)
Law360 Highlights Addition of Vivien Peaden to Firm's Privacy and Technology Practice (August 5, 2021)
Justin Daniels Talks with Cybersecurity Insights About What Organizations Should Consider as They Face Ransomware (June 29, 2021)
Aldo Leiva Featured on Dairy Foods Podcast Discussing Ransomware Threats (June 14, 2021)
Thomas Barnard Profiled Among Maryland Daily Record's Leadership in Law Honorees (June 8, 2021)
Layna Rush Discusses Whistleblower Exception That Allows Reporting HIPAA Violations with PHI in Healthcare Risk Management (May 14, 2021)
Justin Daniels Featured in Cybersecurity Insights Fireside Chat on What's Broken with M&A Cybersecurity (April 26, 2021)
Layna Cook Rush Quoted in PlanSponsor on Importance of Cybersecurity Incident Response Planning (March 22, 2021)

Key Contact

Layna Cook Rush, CIPP/US, CIPP/C

T: 225.381.7043

Email Professional

View All Professionals in this Practice

Subscribe to
Publications

Related Practices

Social Profiles

Featured Media

FTC Proposes Rulemaking to the Health Breach Notification Rule to Include Information Disclosures by Health Apps and Other Technologies

Publication / May 25, 2023

Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT

Webinar / May 17, 2023

Justin Daniels Talks with Commercial Carrier Journal About How Cybersecurity Risks Factor into Insurance Considerations for Autonomous Vehicles

News / May 16, 2023

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 22 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.