Patrick H. Haggerty

He | Him | His

Partner

Cincinnati
T +1.513.929.3412
F +1.513.929.0303

Overview

Pat Haggerty has advised hundreds of clients from a variety of different industries on responding to cybersecurity and data privacy incidents, including several of the largest data breaches to date. Businesses, government and other organizations turn to Pat for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws and defense of regulatory actions.

He has advised companies on major cybersecurity incidents across virtually every sector of the economy, including the banking, educational, healthcare, insurance, retail, media and entertainment, information technology, and manufacturing industries. He provides companies that have experienced security incidents with business-focused, practical solutions that minimize regulatory and litigation risk.

Pat knows and works with the most proactive regulators involved in the privacy space and interacts with them regularly. He has worked on and led the defense to numerous regulatory investigations, including those brought by state attorneys general, Department of Health and Human Services Office for Civil Rights (OCR), Departments of Insurance and Federal Trade Commission (FTC). In the healthcare space, Pat has defended organizations in more than 30 OCR investigations.

Pat has earned the designation of Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP).

Select Experience

Incident Response
  • Counseled hundreds of clients in investigating and responding to data security incidents, working closely with client resources, third-party forensic consulting experts, and law enforcement.
Regulatory Investigations
  • Defended healthcare organizations in more than 30 OCR investigations arising out of data security incidents.
Proactive Compliance
  • Working with global companies regarding cybersecurity preparation, including running full-scale tabletop exercises and developing and revising incident response plans.
More »

Experience

Incident Response
  • Counseled hundreds of clients in investigating and responding to data security incidents, working closely with client resources, third-party forensic consulting experts, and law enforcement.
  • Advised clients on incidents involving lost unencrypted devices, ransomware, business email compromises, publicly accessible cloud storage areas, and network intrusions.
  • Assisted with the incident response efforts for three of the top 10 largest healthcare breaches reported to date.
Regulatory Investigations
  • Defended healthcare organizations in more than 30 OCR investigations arising out of data security incidents.
  • Defended clients in multi-state attorneys general investigations arising out of data security incidents.
  • Defended clients in FTC investigations arising out of data security incident.
Proactive Compliance
  • Working with global companies regarding cybersecurity preparation, including running full-scale tabletop exercises and developing and revising incident response plans.
  • Providing privacy due diligence and contract drafting to M&A teams.

Recognitions and Memberships

Recognitions

  • BTI Client Service All-Star (2022)
  • The Legal 500 United States (2017)
    • Recommended in Cyber law (including data protection and privacy)

Memberships

  • American Bar Association
  • Ohio State Bar Association
  • Cincinnati Bar Association
  • Kentucky Bar Association 
  • Cincinnati Academy of Leadership for Lawyers: Member of Class XX (2016) 
  • International Association of Privacy Professionals (IAPP)
    • Certified Information Privacy Manager (CIPM)
    • Cincinnati IAPP KnowledgeNet: Co-Chair
  • Potter Stewart American Inn of Court
  • Leadership Northern Kentucky, Class of 2020

Pro Bono

  • Represented former prisoner in Federal Tort Claims Act lawsuit against the United States brought in U.S. District Court for the District of Columbia.
  • Represented widower in Social Security benefits matter before an administrative law judge.
  • Co-authored two amicus briefs filed with the Supreme Court of the United States.

Prior Positions

  • Law Clerk to the Honorable Thomas M. Reavley, U.S. Court of Appeals for the Fifth Circuit
  • Law Clerk to the Honorable Leonard Davis, U.S. District Court of the Eastern District of Texas 

Admissions

  • U.S. Supreme Court
  • U.S. Court of Appeals, Ninth Circuit
  • U.S. District Court, Southern District of Ohio
  • U.S. District Court, District of Columbia
  • Ohio
  • Kentucky

Education

  • J.D., University of Cincinnati College of Law, 2002, Frank S. Rowley Scholarship; Dean's Honors List; Editor-in-Chief, University of Cincinnati Law Review
  • B.S., Business and Economics, University of Kentucky, 1999, Dean's List

Blog

In The Blogs

Previous Next
Data Counsel
New York Department of Financial Services Publishes Proposed Second Amendment to Its Cybersecurity Regulation
By Elise R. Elam, Patrick H. Haggerty, Vaughn Stupart
November 17, 2022
On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. Our prior analysis...
Read More ->
Data Counsel
NYDFS Proposed Amendments to Its Cybersecurity Rules
By Elise R. Elam, Patrick H. Haggerty
August 9, 2022
On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a...
Read More ->
Data Counsel
Deeper Dive: Beware of Paper Records
By Patrick H. Haggerty
April 18, 2016
BakerHostetler’s 2016 Data Security Incident Response Report reveals a number of interesting incident response trends: the range of incident causes is broad, all industries are affected, detection capabilities need to improve, it is...
Read More ->
Data Counsel
FCC’s Growing Privacy and Data Security Enforcement
By Patrick H. Haggerty
December 8, 2015
The Federal Communications Commission (FCC) has had a busy 2015, and its presence in the data security regulatory enforcement space will likely continue to grow. Last year, the FCC named Travis LeBlanc as chief of the Enforcement Bureau...
Read More ->
Data Counsel
State Data Breach Notification Requirements Specifically Applicable to Insurers
By Patrick H. Haggerty
September 22, 2015
Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written...
Read More ->