Practice Group | Bassford Remele

Data Privacy and Cybersecurity

Bassford Remele’s Data Privacy and Cybersecurity Team advises financial institutions, law firms, health systems, and companies on regulations involving data privacy and consumer protection laws. In addition, our team works with clients at every stage of the data security process—from establishing and keeping abreast of relevant incident response protocols to responding to and mitigating exposure to data breaches.

Our work has included a variety of privacy breaches, including financial data breaches, HIPAA breaches, the Safeguards Rule, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), state privacy laws, and breaches of confidential client information. Bassford Remele brings a wealth of experience to the table from both sides of a lawsuit, and includes representing financial institutions in class-action cases resulting from data breaches that compromised customer financial information, as well as representing consumers in consumer privacy litigation relating to the unauthorized collection and sale of customers’ private and personal data without their consent.

Law firms and lawyers frequently turn to Bassford Remele for advice and representation arising from data breaches and cybersecurity issues. Bassford Remele also regularly represents health systems from across the state in cybersecurity issues and in privacy matters arising from allegedly improper release of protected health information involving patients. At any given time, the firm will likely be involved in defending several of those cases.

Our experience also involves employees improperly accessing and sharing information about clients, and broader implications related to social media posts disseminated on the internet at-large. We are members of the International Association of Privacy Professionals, the largest and most comprehensive global information privacy community and resource.

Representative Cases

Representation of online retailer in connection with purported class action claims under California’s Invasion of Privacy Act based on online data privacy policy and use of a web beacon.

Representation of a company on an urgent basis in response to a cyber-attack and data breach by a foreign entity, working with federal law enforcement and cybersecurity consultants.

Provided counsel and guidance on data privacy issues across the globe for a data privacy company.

Regular representation of law firms and businesses in connection with data breach cases.

Representation of a global law firm in a claim arising from a cybersecurity attack.

Representation of a leading Minnesota law firm in data privacy and cybersecurity matters.

Representation of a small law firm regarding unauthorized removal of client data from the firm.

Representation of a small law firm regarding a data breach involving personal data.

Representation of an attorney regarding theft of client funds due to a cyber-attack.

Regular representation of health systems in the Twin Cities and greater Minnesota in matters arising from the release of medical records and related materials.

Representation of a major health care organization to recover funds diverted in a cybersecurity attack.

Represented a major health care organization as part of a large-scale multidistrict federal class action litigation related to a cyberattack and infiltration of an internet security vendor.

Representation of a substance abuse health provider, conducting an emergency consultation, retention of forensic expert, and investigative services during breach of event to assist in securing system, assessing scope of breach, and analyzing regulatory and legal obligations in responding to breach.

Representation of a major health care organization in a claim against a business vendor related to a fraudulent cybersecurity event by a third-party fraudster.

How Artificial Intelligence Can Help (And Hurt) Your Practice, Attorney at Law, February 2024 (Bryce Riddle and Kiralyn Locke)

The Basics: Why Data Security Matters, Upsize Magazine, November/December 2023 (Jessica Klander and Bryce Riddle)

Tips for Minimizing the Risk of a Law Firm Data Breach, Attorney at Law, August 2023 (Aram Desteian and Kiralyn Locke)

ABA Formal Opinion No. 483, Data Breaches, and You, Bench & Bar of Minnesota, March 2019 (Kevin Hickey)

Security Training Awareness, October 3, 2023 (Aram Desteian with Element Technologies)

Security Training Awareness, June 6, 2023 (Kevin Hickey with Element Technologies)

Legal Ethics: New Developments in Multijurisdictional Practice and Law Firm Cyberattacks, 2023 Midwest Legal Conference on Data Privacy and Cybersecurity, February 7, 2023 (Aram Desteian and Kiralyn Locke)

The Privacy Police are Watching, American Recovery Association, November 9, 2022 (Kiralyn Locke)

Security Training Awareness, November 1, 2022 (Aram Desteian with Element Technologies)

Security Training Awareness, May 10, 2022 (Kevin Hickey with Element Technologies)

Lessons Learned: Utilizing the Pandemic Experience to Avoid Legal Pitfalls and Cyber Security Risks as we Move to a Hybrid Workforce, Bassford Remele Ethics Seminar, June 23, 2021 (Kevin Hickey, Jessica Klander and Aram Desteian)

Data Privacy Issues & Your Business, American Recovery Association, June 9, 2021 (Jessica Klander)

Release of Information, Minnesota Mental Health & the Law 2020 Seminar, PESI, Inc., February 21, 2020; February 8, 2019; February 20, 2017; February 26, 2016; March 14, 2014 (Jessica Klander)

Cybersecurity: What’s Your Incident Response Plan?, Minnesota Continuing Legal Education, July 31, 2019 (Kevin Hickey)

Ethics, Technology, and You: Lawyer Ethical Obligations Relating to Technology and Cyber Security, Bassford Remele Ethics Seminar, June 18, 2019 (Kevin Hickey, Jessica Klander and Aram Desteian)

Confidentiality & the Release of Health Information, 2017 Health Law Institute, Minneapolis, Minn., June 15, 2017 (Jessica Klander)

Confidentiality & the Release of Health Records, Minnesota Health Information Management Association, Rochester, Minn., April 28, 2016 (Jessica Klander)

Confidentiality & Mental Health Records Law, St. Paul, Minn., November 21, 2014 (Jessica Klander)

Overview of HIPAA, Medical Records Law Seminar, Lorman Education Services, Minnesota, March 26, 2013 (Minneapolis); January 29, 2013 (St. Cloud) (Jessica Klander)

Meet the Team

Kevin Hickey represents and advises businesses and individuals in complex and high-stakes commercial disputes, including shareholder litigation, intellectual property...

Kevin P. Hickey

Shareholder

Jessica Klander is a shareholder at Bassford Remele and the co-chair of the Consumer Finance Practice Group. Her practice focuses on defending lawyers, financial...

Jessica L. Klander

Shareholder | Chief Operating Officer

Mr. Desteian represents businesses in complex commercial litigation, and also counsels and defends other lawyers against a spectrum of professional liability claims. Mr....

Aram V. Desteian

Shareholder

Bryce Riddle is a litigator who practices in the areas of complex commercial litigation, construction, data privacy and cybersecurity, and employment litigation. Bryce...

Bryce D. Riddle

Shareholder

view full Data Privacy and Cybersecurity team

News & Events

Why Data Security Matters

The Basics: Why Data Security Matters | Upsize Minnesota | November/December 2023 In today’s...

The Work Week with Bassford Remele | Employee Records Requests | 9/18/23

The Work Week with Bassford Remele September 18, 2023 Welcome to another edition of The Work Week...

Bassford Brief: Tips for Minimizing the Risk of a Law Firm Data Breach

The Bassford Brief: Legal Issues for Lawyers | Attorney at Law Magazine | Vol. 12, No. 8 | August...

view all Data Privacy and Cybersecurity News & Events

Accolades

2025 Best Lawyers - Bet-the-Company Litigation

2025 Metropolitan Tier 1 Firm in the area of Bet-the-Company Litigation