Patrick H. Haggerty

Partner

Cincinnati
T +1.513.929.3412
F +1.513.929.0303

Overview

Pat Haggerty is a member of the firm’s Chambers USA-ranked Privacy and Data Protection Team. Businesses, government and other organizations turn to Pat for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of regulatory actions.

Leading clients have entrusted him with hundreds of breach responses. He has advised companies on major cybersecurity incidents across virtually every sector of the economy, including the banking, educational, healthcare, insurance, retail, media and entertainment, information technology, and manufacturing industries. He provides companies that have experienced security incidents with business-focused, practical solutions that minimize regulatory and litigation risk.

Pat knows and works with the most proactive regulators involved in the privacy space and interacts with them regularly. He has worked on and led the defense to numerous regulatory investigations, including those brought by State Attorneys General, Department of Health and Human Services Office for Civil Rights (OCR), Departments of Insurance, and Federal Trade Commission (FTC). In the healthcare space, Pat has defended organizations in more than 20 OCR investigations.

Pat has earned the designation of Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP).

Select Experience

Incident Response
  • Counseled hundreds of clients in investigating and responding to data security incidents, working closely with client resources, third-party forensic consulting experts, and law enforcement.
Regulatory Investigations
  • Defended healthcare organizations in more than 20 OCR investigations arising out of data security incidents.
Proactive Compliance
  • Working with global companies regarding cybersecurity preparation, including running full-scale tabletop exercises and developing and revising incident response plans.
More »

Experience

Incident Response
  • Counseled hundreds of clients in investigating and responding to data security incidents, working closely with client resources, third-party forensic consulting experts, and law enforcement.
  • Advised clients on incidents involving lost unencrypted devices, ransomware, business email compromises, publicly accessible cloud storage areas, and network intrusions.
  • Assisted with the incident response efforts for three of the top 10 largest healthcare breaches reported to date.
Regulatory Investigations
  • Defended healthcare organizations in more than 20 OCR investigations arising out of data security incidents.
  • Defended clients in multi-state attorneys general investigations arising out of data security incidents.
  • Defended clients in FTC investigations arising out of data security incident.
Proactive Compliance
  • Working with global companies regarding cybersecurity preparation, including running full-scale tabletop exercises and developing and revising incident response plans.
  • Providing privacy due diligence and contract drafting to M&A teams.

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2017)
    • Recommended in Cyber law (including data protection and privacy)

Memberships

  • American Bar Association
  • Ohio State Bar Association
  • Cincinnati Bar Association
  • Kentucky Bar Association 
  • Cincinnati Academy of Leadership for Lawyers: Member of Class XX (2016) 
  • International Association of Privacy Professionals (IAPP)
    • Certified Information Privacy Manager (CIPM)
    • Cincinnati IAPP KnowledgeNet: Co-Chair
  • Potter Stewart American Inn of Court
  • Leadership Northern Kentucky, Class of 2020

Pro Bono

  • Represented former prisoner in Federal Tort Claims Act lawsuit against the United States brought in U.S. District Court for the District of Columbia.
  • Represented widower in Social Security benefits matter before an administrative law judge.
  • Co-authored two amicus briefs filed with the Supreme Court of the United States.

Prior Positions

  • Law Clerk to the Honorable Thomas M. Reavley, U.S. Court of Appeals for the Fifth Circuit
  • Law Clerk to the Honorable Leonard Davis, U.S. District Court of the Eastern District of Texas 

Admissions

  • U.S. Supreme Court
  • U.S. Court of Appeals, Ninth Circuit
  • U.S. District Court, Southern District of Ohio
  • U.S. District Court, District of Columbia
  • Ohio
  • Kentucky

Education

  • J.D., University of Cincinnati College of Law, 2002, Frank S. Rowley Scholarship; Dean's Honors List; Editor-in-Chief, University of Cincinnati Law Review
  • B.S., Business and Economics, University of Kentucky, 1999, Dean's List

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Maryland Insurance Administration Issues Breach Notification Bulletin
By Patrick H. Haggerty
September 4, 2019
On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed...
Read More ->
Data Privacy Monitor
Deeper Dive: Minimizing Risk
By Brian P. Bartish, Patrick H. Haggerty, M. Scott Koller
April 3, 2018
For organizations of any size, making sense of the constantly evolving cyber risk landscape can seem daunting. With new threats materializing on a constant basis, it can be difficult for organizations to efficiently allocate resources and...
Read More ->
Data Privacy Monitor
Deeper Dive: Beware of Paper Records
By Patrick H. Haggerty
April 18, 2016
BakerHostetler’s 2016 Data Security Incident Response Report reveals a number of interesting incident response trends: the range of incident causes is broad, all industries are affected, detection capabilities need to improve, it is...
Read More ->
Data Privacy Monitor
FCC’s Growing Privacy and Data Security Enforcement
By Patrick H. Haggerty
December 8, 2015
The Federal Communications Commission (FCC) has had a busy 2015, and its presence in the data security regulatory enforcement space will likely continue to grow. Last year, the FCC named Travis LeBlanc as chief of the Enforcement Bureau...
Read More ->
Data Privacy Monitor
State Data Breach Notification Requirements Specifically Applicable to Insurers
By Patrick H. Haggerty
September 22, 2015
Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written...
Read More ->