Spencer Fane LLP

We provide an unconventional approach to legal services geared toward protecting and advancing business and personal interests. Our clients are certain that their interests are our priority, because they work with leaders – leaders who work decisively, execute with purpose and understand the importance of flawless timing. Be certain.

Spencer Fane has offices located in Phoenix, Arizona; Colorado Springs and Denver, Colorado; Tampa, Florida; Overland Park, Kansas; Minneapolis, Minnesota; Cape Girardeau, Jefferson City, Kansas City, Springfield, and St. Louis, Missouri; Omaha, Nebraska; Las Vegas, Nevada; Oklahoma City, Oklahoma; and Dallas and Plano, Texas.

Spencer Fane LLP Blogs

Latest from Spencer Fane LLP

February 6, 2019 Publications Late last year, the Supreme Court of Pennsylvania ruled that employers have a legal duty to safeguard employee’s sensitive personal information stored on an internet-accessible computer system and that the state’s economic loss doctrine allowed the plaintiffs in Dittman to recover for purely monetary damages.  In 2014, Barbara Dittman and six other employees of University of Pittsburgh Medical Center (UPMC) filed a class action complaint against UPMC, alleging that a data…
January 29, 2019 Publications The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season. What is a W-2 BEC Attack? A BEC attack is when the attackers send emails disguised as coming…
January 22, 2019 Publications For many U.S. organizations, figuring out whether – and to what extent – Europe’s General Data Protection Regulation (“GDPR”) applies to your operations has caused a lot of headaches. Do you have an “establishment in the [European] Union”? Are you “offering…goods and services…to…data subjects in the Union”? Are you “monitoring” the behavior of data subjects in the Union? How will these terms be interpreted and enforced? The European Board of Data…
January 14, 2019 Publications South Carolina has recently enacted a new insurance data security law entitled the South Carolina Insurance Data Security Act. The new legislation generally applies to licensees (any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered, under the insurance laws of South Carolina) with ten or more employees or independent contractors. The Act requires, amongst other things, that licensees develop and maintain a comprehensive written…
January 7, 2019 Publications As we enter 2019, social media is flooded with resolutions for self-improvement, let us propose a few: I will avoid conflict and reduce stress by identifying my risks and implementing management strategies to protect my organization. I will become invaluable to my organization by monitoring cybersecurity activity and sharing information with key decision makers. I will take my career to the next level by participating in professional organizations and developing my…
November 6, 2018 Publications Three major changes to Colorado data privacy laws became effective September 1, 2018.  These affect virtually all business collecting personally identifying information (PII)[1] from Colorado residents: 1. First, the law that provides for disposal of PII now requires businesses to adopt a written policy governing the disposal of both paper and electronic records containing PII of Colorado residents.[2] Action Required: Businesses with Colorado resident PII should revisit or adopt…
October 24, 2018 Publications A Missouri federal court granted a motion to dismiss this week in a case against a provider and medical record processing company.  In the case, a patient alleged that a “search and retrieval” fee imposed in response to a patients request for access to medical records violated the Missouri Merchandizing Practices Act.  In dismissing the claim, the court only addressed Missouri law as the allegations did not involve alleged violations of…
October 17, 2018 Publications In the wake of the record setting $16 Million dollar settlement and resolution agreement with Anthem, Inc, the Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) released a new version of their Security Risk Assessment tool.  The new tool and recent settlement agreement renew the emphasis of OCR on the performance of HIPAA Security Risk Assessments by covered entities and their business associates.  …
May 2, 2017 Publications The burgeoning multi-billion dollar cyber insurance market is expected to continue its 25%+ annual growth over the next few years. Despite this dramatic growth, the market is plagued with uncertainty over the meaning of key policy terms and scope of coverage. The lack of both uniformity in cyber policy language and judicial guidance interpreting policy language prevent companies from confidently assessing their loss exposure in the event of a major data…
March 8, 2016 Publications On March 2, 2016, the Consumer Financial Protection Bureau (“CFPB”) took its first-ever data security enforcement action, in the form of a Consent Order entered between CFPB and Dwolla.  Des Moines, Iowa-based Dwolla was founded in 2009 and is an online payment platform that allows consumers to transfer money.  To use the service, customers must provide Dwolla with sensitive personal information including their name, address, date of birth, telephone number,…