Kimberly M. Wong

Associate

New York
T 212.271.2028  |  F 212.589.4201

Focusing her practice on privacy and data security for healthcare entities and their business associates, educational institutions, and hospitality and retail organizations, Kimberly Wong counsels clients regarding data security incidents implicating state and federal laws, regulations, and requirements. Kimberly uses her ability to efficiently assess and appreciate a client's business and internal workings to navigate an entity through the breach response process. Kimberly counsels clients through discovery, crisis management, investigation, notification, and compliance processes. Following breach incidents, Kimberly advises clients through agency investigations, complaints, and litigation. As preparation is key to risk management for any organization, Kimberly advises clients regarding compliance, risk assessments, written information security programs, policies and procedures, best practices, and incident response plans.

Kimberly is a contributor to the firm's Data Privacy Monitor blog.

Select Experience

  • Advised a number of healthcare provider clients through all stages of incident response, including several of the largest breach incidents reported to the Department of Health and Human Services, Office for Civil Rights. Provided counsel during internal investigations, coordinated internal and external forensic team analyses of incidents, drafted notification documents, and prepared clients for heightened patient and regulatory scrutiny. Following notification of incidents, Kimberly counseled clients through patient complaints, state and federal agency investigations, and multiple class action litigation related to the breaches.
  • Kimberly counseled a number of academic institutions during breach response related to computer malware incidents and stolen information technology assets. In addition to advising clients through the investigation and notification process, provided counsel to clients during federal and state investigations, including before the Department of Education and state attorneys general.
More »

Experience

  • Advised a number of healthcare provider clients through all stages of incident response, including several of the largest breach incidents reported to the Department of Health and Human Services, Office for Civil Rights. Provided counsel during internal investigations, coordinated internal and external forensic team analyses of incidents, drafted notification documents, and prepared clients for heightened patient and regulatory scrutiny. Following notification of incidents, Kimberly counseled clients through patient complaints, state and federal agency investigations, and multiple class action litigation related to the breaches.
  • Kimberly counseled a number of academic institutions during breach response related to computer malware incidents and stolen information technology assets. In addition to advising clients through the investigation and notification process, provided counsel to clients during federal and state investigations, including before the Department of Education and state attorneys general.
  • Counsel healthcare entities and business associates regarding operational questions related to privacy and safeguarding of patient information.
  • Provides advice to multiple healthcare entities related to alleged violations of the HIPAA Privacy and Security Rules and investigations by the Department of Health and Human Services, Office for Civil Rights. Kimberly counsels clients through requests for information, onsite visits and interviews, and communications with investigators toward resolution of investigations.
  • Part of several teams serving as defense counsel to healthcare clients facing class action litigation following data breach incidents. Class action complaints include claims of alleged failure to safeguard confidential personal and patient information, failure to notify class members in an appropriate manner, and violation of federal and state statutes.

Memberships

  • International Association of Privacy Professionals
    • Certified Information Privacy Professional (U.S.)
  • American Health Lawyers Association
  • Asian American Bar Association of New York

Community

  • New York Junior League
  • Smith College Class Fund Agent

Pro Bono

  • Part of firm’s partnership with inMotion, an organization which provides legal services to low income women in New York. 

Services

Industries

Prior Positions

  • Clinical Research Associate at Memorial Sloan Kettering Cancer Center
  • Judicial Clerk to the Honorable Michael J. Hogan, P.J. Ch. (Ret.), Superior Court of New Jersey
  • Judicial Extern to the Honorable Renee M. Bumb, U.S.D.J., United States District Court, District of New Jersey

Admissions

  • U.S. District Court, Eastern District of Pennsylvania, 2008
  • [Not admitted in New York]
  • Pennsylvania, 2008

Education

  • J.D., Rutgers University School of Law - Camden, 2007
  • B.A., Smith College, 2002

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records
April 16, 2014
Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations.  On April 3...
Read More ->
Data Privacy Monitor
With OpenSSL Compromised by Heartbleed, an Opportunity for Companies to Diversify Cyber Security Efforts
April 14, 2014
The recent discovery of the “Heartbleed” online bug has sent shockwaves through the internet, causing companies and individuals alike to question very basic assumptions about cyber security. The bug has allegedly existed for the past two...
Read More ->
Data Privacy Monitor
Kentucky Enacts Data Breach Notification Statute
April 14, 2014
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New...
Read More ->
Data Privacy Monitor
Privacy Law in a Nutshell
April 11, 2014
BakerHostetler Privacy & Data Security partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the...
Read More ->
Data Privacy Monitor
Ill Conceived California Privacy Bill Threatens Viability Of Commercial Educational Online Services
April 11, 2014
SB 1177, the Student Online Privacy Protection Act was recently introduced in the California legislature.  This is a bad bill for the private educational industry, and ultimately for parents and students.  It would drastically expand the...
Read More ->