Joseph L. Bruemmer

He | Him | His

Partner

Cincinnati
T +1.513.929.3410
F +1.513.929.0303

Overview

Joe Bruemmer has advised numerous public and private companies and other entities across a variety of industries in responding to large-scale ransomware incidents, network intrusions and other cybersecurity and data privacy incidents, providing clear strategic guidance in moments of crisis and translating technical findings into practical, actionable legal advice.

Joe serves as the Ohio Digital Assets and Data Management Leader, with a focus on data privacy, cybersecurity and data breach response. Leveraging his prior experience as a litigator and as assistant general counsel for a leading legal support services provider, he helps clients identify practical, business-oriented solutions to data security incidents. Joe has handled a variety of matters involving ransomware, business email compromises, payment card compromises, inadvertent disclosures and wire fraud issues for clients in the hospitality, restaurant, retail, professional services, financial and educational sectors. As soon as clients discover a data security incident, he works with them to assess the scope, assemble the necessary internal and external response teams, implement a containment and remediation strategy, conduct an investigation, develop messaging, evaluate regulatory obligations and respond to consumer and regulatory inquiries in a way that is designed to preserve customer relationships and minimize regulatory and litigation risk.

Select Experience

  • Led response of publicly traded telecommunications company to significant ransomware incident, providing guidance on initial response, crisis communications, forensic investigation, notification analysis, auditor inquiries and regulatory response.
  • Served as lead legal counsel and breach coach for ransomware incidents involving publicly traded technology company across all phases of incident response.
  • Represented numerous other publicly traded and privately held businesses in the U.S. and abroad in responding to ransomware incidents involving enterprise-wide encryption and exfiltration of data involving data subjects in international jurisdictions.
More »

Experience

  • Led response of publicly traded telecommunications company to significant ransomware incident, providing guidance on initial response, crisis communications, forensic investigation, notification analysis, auditor inquiries and regulatory response.
  • Served as lead legal counsel and breach coach for ransomware incidents involving publicly traded technology company across all phases of incident response.
  • Represented numerous other publicly traded and privately held businesses in the U.S. and abroad in responding to ransomware incidents involving enterprise-wide encryption and exfiltration of data involving data subjects in international jurisdictions.
  • Represented multi-brand restaurant operator and franchisor in nationwide payment card incident. Representation required coordination of dual-track forensic and PFI investigations, advising on PCI DSS rules and state data breach notification laws, liaising with the FBI, developing a comprehensive communications strategy for customers, franchisees, and employees, and resolving regulatory inquiries.
  • Represented super-regional hotel chain in managing vendor data security incident requiring nationwide notice, coordination with vendor and vendor’s PFI, and resolution of regulatory inquiries.
  • Represented multiple information technology managed service providers in ransomware incidents involving the MSPs and their clients.

Recognitions and Memberships

Recognitions

  • Ohio Super Lawyers "Rising Star" (2009)

Memberships

  • Ohio State Bar Association (2006 to present)
    • OSBA Leadership Academy (2010)

Community

  • Boys Hope Girls Hope of Cincinnati, Ohio
    • Associate Board Member (2014 to present)
    • Mentor (2014 to present)

Admissions

  • U.S. District Court, Southern District of Ohio
  • Ohio

Education

  • J.D., The Ohio State University Michael E. Moritz College of Law, 2005, with honors
  • B.S.B.A., Xavier University, 2002

Blog

In The Blogs

Previous Next
Data Counsel
Forensics Deep Dive: The Importance of Proper Configuration and Monitoring
By Joseph L. Bruemmer
April 14, 2022
Many of the trends we observed in 2020 continued in 2021. Network intrusions and ransomware continued in full force, representing more than half the incidents we handled last year. Threat actors continued their tried-and-true tactics of...
Read More ->
Data Counsel
Incident Response and Forensic Challenges in a Work-from-Home World
By Joseph L. Bruemmer
May 18, 2021
Our 2021 Data Security Incident Response Report discussed the challenges that organizations are facing with forensic investigations and ransomware recovery in the work-from-home world. Some of the greatest difficulties our clients...
Read More ->
Data Counsel
The Destruction of Privilege and Work Product Protection for Data Breach Investigations?
By Joseph L. Bruemmer, David A. Carney, Casie D. Collignon, Craig A. Hoffman, Thomas E. Hogan, Theodore J. Kobus III, Aleksandra Vold
June 17, 2020
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships...
Read More ->
Data Counsel
Cybersecurity Firms Issue Annual Threat Reports
By Joseph L. Bruemmer
March 12, 2019
CrowdStrike, FireEye and IBM Security recently released their annual threat reports. These reports contain a wealth of information on recent trends in cybersecurity attacks and recommendations on the preventive measures companies can take...
Read More ->