David E. Kitchen

Experience

Privacy and Data Protection

• Primary lead in hundreds of data breach incident assessments, including managing the forensic investigation, conducting notification analyses, advising on communications with media and impacted entities, coordinating outreach and responses to law enforcement, and overseeing the notification process to individuals and regulators. Such notifications have ranged from a single individual to over one million.
• Advises clients in a wide range of industries, both domestically and abroad, including accounting, business and professional services, educational institutions (local and university), energy, engineering and manufacturing, healthcare, media, retail and hospitality, software, state and local government, and others.
• Advises clients with respect to data security laws and regulations, including state statutes, GDPR, PCI-DSS, FERPA, HIPAA, FINRA, GLBA, PIPEDA, Insurance Commission Regulations, ABA Guidelines, and others.
• Represents clients in GDPR, DOE, FINRA, OCR, and state attorneys general investigations and enforcement actions for alleged data security and privacy violations.
• Regularly conducts in-house security training and tabletop exercises for companies in a wide variety of industries to build awareness and help companies prepare to effectively and efficiently manage data security threats and incidents.
• Advises clients with respect to contract negotiation with service providers such as forensic, document review, notification, and crisis communication firms.
• Represented a multi-national manufacturer in connection with a compromise of numerous email accounts that involved individuals worldwide, including coordinating the forensic investigation, overseeing data protection agreements, advising on notification obligations in the US, EU, and internationally, developing and implementing a broad communications plan, and resolving regulatory inquiries from GDPR regulators.
• Represented a consortium of local school districts in connection with ransomware attacks on several of the schools, including coordinating the forensic investigation and ransom negotiations, developing and implementing a broad communications plan for faculty, students, and the community, advising on notification obligations, and coordinating assistance with law enforcement agencies.
• Represented a large online portfolio-hosting provider in connection with a credential theft incident, including coordinating the forensic investigation, analyzing notification obligations, and overseeing notifications to impacted individuals and regulators.
• Represented local and state governments in connection with ransomware attacks, including coordinating the forensic investigation and ransom negotiations, developing and implementing a broad communications plan for emergency services and the community, advising on notification obligations, and coordinating assistance with law enforcement agencies.
• Represented a national insurance company in connection with multiple email incidents, including coordinating the forensic investigation, advising on notification obligations, and resolving inquiries from state departments of insurance.
• Represented a regional law firm in connection with an email incident, including coordinating the forensic investigation, advising on notification obligations under state law and contractual obligations, developing and implementing a broad communications plan to clients and impacted individuals, and resolving regulatory inquiries.
• Represented a state-owned university in connection with a stolen device incident, including coordinating the forensic investigation, advising on notification obligations, coordinating with numerous law enforcement agencies, developing and implementing a broad communications plan, providing notifications to students and other individuals, and resolving regulatory inquiries.
• Represented a managed IT service provider in connection with ransomware attacks on many of the MSP’s customers, including coordinating the forensic investigation and ransom negotiations, developing and implementing a broad communications plan for the impacted customers, coordinating assistance with law enforcement agencies, and resolving regulatory inquiries.
• Advised a major theme park operator in developing incident response plans, negotiating agreements with incident response vendors, conducting tabletop exercises, and responding to data security incidents.

Litigation / Regulatory

• Represented corporate clients in privacy and consumer protection litigation and government investigations.
• Represented healthcare providers and business associates in connection with an investigation by the Office of Civil Rights for HIPAA violations.
• Represented Irving H. Picard, the court-appointed SIPA Trustee, in liquidation proceedings of BLMIS, including a central role in the Trustee's action to recover more than $500 million in fraudulent transfers from a group of feeder fund defendants.
• Represented a child care product group of a Fortune 50 company as complainant before the ITC against a manufacturer of infringing products in a patent infringement action. Shortly before trial, obtained favorable settlement of all claims.
• Defended a Fortune 50 manufacturer against claims of trade secret theft and RICO violations. All key claims were dismissed on summary judgment.
• Obtained judgment following a jury trial in favor of a client, the plaintiff, in a patent infringement action relating to a materials shipment method patent. The two-week trial resulted in judgment for the client of infringement, patent validity and willful misconduct by the defendant companies. Successfully defended the judgment twice on appeal.

Memberships

• International Association of Privacy Professionals (IAPP)
• American Bar Association
• Ohio State Bar Association
• Cleveland Metropolitan Bar Association
• Cleveland Intellectual Property Law Association

Community

• Boy Scouts of America
• Cleveland Legal Aid Society

Pro Bono

• Pursued a habeas appeal, including oral argument before the Sixth Circuit Court of Appeals, on behalf of an individual seeking to vacate his sentence.