Stephen E. Reynolds

Biography

Stephen Reynolds works with some of the world’s largest companies in nearly all phases of cybersecurity incidents. This includes preparing for, responding to, and handling the aftermath of cyberattacks—such as regulatory investigations and litigation.

As a partner in Baker McKenzie’s North America Intellectual Property & Technology Practice, Stephen frequently advises clients on complex matters involving data privacy and security laws. Additionally, he serves on the Board of Directors of the International Association of Privacy Professionals (IAPP).

Stephen’s experience adds value to organizations by mitigating cyber threats through proactive preventative measures and navigating complex litigation on behalf of clients in data privacy and security.

As a former computer programmer and IT analyst, Stephen is uniquely able to and routinely uses his computer background in cases involving data privacy and security, electronic discovery, social media discovery, and computer forensics. Stephen has given several presentations on data privacy and security, electronic discovery and social media discovery, and is a Certified Information Privacy Professional (CIPP/US). In addition to being a Certified Information Systems Security Professional (CISSP), Stephen teaches CISSP classes as a Direct Instructor with the (ISC)².

Additionally, Stephen teaches a course on Data Security and Privacy Law at Indiana University Robert H. McKinney School of Law.

Practice Focus

Stephen has assisted companies of all sizes—ranging from Fortune 50 to small businesses—in responding to cybersecurity incidents, including ransomware attacks, fund transfer fraud, data breaches, and business email compromise matters. Stephen has represented companies in regulatory and government investigations regarding data privacy, security, and technology matters. In addition to representing companies in data privacy and security matters, Stephen has litigated through trial multiple other matters—such as products liability cases, construction litigation, trade secrets litigation, and general commercial litigation.

Professional Honors

IAPP Diversity in Privacy Award, Inaugural Recipient, 2023
Cybersecurity Docket’s Incident Response 40, 2022
E-Discovery, Information Governance & Cybersecurity Professional of the Year, Indianapolis Bar Association, 2022
The Best Lawyers in America, Commercial Litigation and Litigation - Health Care, 2021
The Indiana University Maurer School of Law, Distinguished Service Award, 2018
Most Influential Black Lawyers, Savoy Magazine, 2018
Indianapolis Business Journal’s Forty Under 40, 2017
Indiana Super Lawyer, Rising Star, 2015 - 2018
Finalist, Center for Leadership Development (CLD) Achievement in Professions Award, 2012
Recipient of the Indiana Lawyer's Leadership in Law Up & Coming Lawyer Award, 2012

Professional Associations and Memberships

Certified Information Systems Security Professional (CISSP)
Certified Information Privacy Professional US Private Sector (CIPP/US)
Southern District of Indiana - Local Rules Advisory Committee
International Association of Privacy Professionals - Board of Directors
US Secret Service Chicago Cyber Fraud Task Force - Steering Committee
InfraGard Indiana - Member
The Indiana University Cybersecurity Advisory Council - Member
Indiana Executive Council on Cybersecurity - Advisory Member
Central Indiana - Information Systems Security Association (CI-ISSA) - Member
American Bar Association - Member
Seventh Circuit Bar Association - Member
Marion County Bar Association - Member
Indiana State Bar Association - Member
Indianapolis Bar Association - Member
Law360 Privacy/Consumer Protection Editorial Advisory Board - Past Member
Leadership Council on Legal Diversity (LCLD) - Fellow (2017)

Admissions

Indiana~United States (2008)

Education

The Indiana University Maurer School of Law (JD) (2008)
University of Florida (BA Criminology) (2004)

Program Chair, DRI Cybersecurity & Privacy Seminar, 2018

Program Vice Chair, Defense Research Institute (DRI) Cyber Security and Data Privacy CLE, 2017

Seminar Co-chair, American Bar Association Corporate Counsel CLE Seminar, 2017

Publications

Quoted, "Indiana Southern District criminal chief recognized for legal achievements, proven character," The Indiana Lawyer, 27 October 2021

Quoted, "How to Prevent and Handle Disputes Over Ransomware Insurance Claims," Cybersecurity Law Report, 3 February 2021

Quoted, "Amid a Global Pandemic, Ransomware Increasingly Targets Hospitals," The Privacy Advisor, IAPP, 1 December 2020

Co-author, "Indiana High Court Says Government Can't Unlock Your Phone," Bloomberg Law, 20 July 2020

Co-author, "Not to Fear, the Feds Are Here: Preserving Attorney–Client Privilege in Data Breach Response," In-House Defense Quarterly, Winter 2020

Co-author, "Can a Security Breach Impact a Company Years Later? Lessons Learned from the Equifax Breach," Pratt's Privacy & Cybersecurity Law Report, Vol. 5, No. 9, November-December 2019

Author, "Data Protection 101: What Every DRI Member Should Know About Data Protection and Data Privacy," For The Defense, October 2019

Co-author, "Data Breach Standing: U.S. Supreme Court Declines to Revisit Data Breach Injury Debate," Pratt's Privacy & Cybersecurity Law Report, Vol. 5, No. 6, July-August 2019

Author, "Can the Government Force You to Unlock Your Smartphone?" Bloomberg Law, 29 May 2019

Author, "Should My Family Office Be Concerned About Cybersecurity?" Inside Indiana Business, 22 April 2019

Author, "Four Years Later, FTC Continues to Challenge Misleading Marketing and Privacy Practices," Pratt's Privacy & Cybersecurity Law Report: Vol. 4, No. 9, November/December 2018

Author, “Digital Mapping – The Future is Pokemon Go!” Daily Herald Busines Ledger, 20 June 2018

Author, "2018 Innovation Issue: Reynolds & Kohlstrand on What Blockchain Means for the Practice of Law," Indianapolis Business Journal, 1 June 2018

Author, "Wake Up Call for Businesses After FTC Hits TaxSlayer with 20-Year 'Privacy Probation'," Inside Indiana Business, 15 January 2018

Author, "ACC Cybersecurity Guidelines: The What, Why, and How," Pratt's Privacy & Cybersecurity Law Report, October 2017

"Obtaining Information in the Digital Age," For the Defense, October 2017

Author, "Password Sharing and Actions Against Disgruntled Employees Who Exploit Access," DRI Data and Security Dispatch, Volume 3 Issue 1, 4 August 2017

Author, “Pay Up . . . Or Else? Ransomware is a Growing Threat to Higher Education – Part I,” Pratt’s Privacy & Cybersecurity Law Report, July/August 2017

Author, "Your Privacy Policy Needs Updating: The California Online Privacy Protection Act and Its Implications for Your Business," Pratt's Privacy & Cybersecurity Law Report, June 2017

Author, "2017 Forty Under 40: Stephen Reynolds," Indianapolis Business Journal, 11 February 2017

Author, "Recent Indiana Court of Appeals’ Ruling May Benefit Data Breach, Class Action Defendants," DRI For the Defense, October 2016 issue

Author, “Is your County Prepared for Cyber Crime and Cyber Activism?” Association of Indiana Counties’ Indiana News 29, May/June 2016 issue

Author, "The Internet Of Things Could Put Trade Secrets At Risk," Law360, 7 June 2016

Speaking Engagements

"SEC Latest Disclosure and Enforcement Priorities from Cybersecurity to Insider Trading, Accounting Restatement," Hot Topics in SEC and DOJ Enforcement & Litigation Conference, March 2023

"Podcast Episode: Class Action and Regulatory Trends: Significant Developments and Predictions," Connect on Tech, May 2022

"Cybersecurity: Recover," Indiana Utility Regulatory Commission (IURC) Cybersecurity Forum for Small Gas Utilities, December 2021

"Enforcement Trends and Regulator Compliance Expectations" as part of the 2021 Global Year-End Review of Import/Export/Trade Compliance Developments webinar series, Baker McKenzie November 2021

"Cybersecurity – Current Trends and What’s Next," Tech Week 2021, November 2021

"The Digital Frontier: Legal Red Flags in the Healthcare and Life Sciences Supply Chain," Baker McKenzie, November 2021

"The Evolving Landscape of Government Enforcement in Data Security," TechGC Virtual Dinner, November 2021

Presenter, Opening General Session at Privacy. Security. Risk. 2021, International Association of Privacy Professionals (IAPP), October 2021

"Cyber Security," Baker McKenzie, Stockholm Trade Day, October 2021

"Tracking IT All: IP and Data Privacy and Security Issues for Digital Health Technologies," American Bar Association (ABA) Section of Intellectual Property Law Fall Institute, September 2021

"Health Tech - Key Trends," Tech Talk Silicon Valley, September 2021

"Ransomware Attacks: Views from the Government and the Private Sector," Sandpiper Conference, July 2021

"Day in the Life," INE RedefINE 2021, June 2021

"A Celebration of The Juneteenth Holiday: The Spirit of Our Journey," Indianapolis Bar Association Bench Bar, June 2021

"State of Cybersecurity and its Legal Landscape: Regulation Updates from the Office of the Attorney General," Indiana Chamber of Commerce 2021 Cybersecurity Conference, June 2021

"Cybersecurity: How to Prevent Cyberattacks and Respond when They Occur," American Council of Engineering Companies (ACEC) Annual Convention, February 2021

"New Challenges in Healthcare Oversight, Enforcement and Regulation Under the CARES Act," The University of Pittsburgh School of Law, February 2021

"Cybersecurity Litigation: Managing Risk in a Risky World," Indiana State Bar Association Annual Meeting, October 2018

Global Security Exchange, "Data Breach Response: Tips for Involving Your Attorney and Law Enforcement," September 2018

ICMCP 2018 National Conference, "Hack Your Career: Ethical Shortcuts for Progressing in Cybersecurity," September 2018

DRI Cybersecurity and Data Privacy Seminar, "The Intersection of Data Security and Ethics," September 2018

Chicago Electronic Crimes Task Force, sponsored by CNA Insurance and the United States Secret Service, "Cybersecurity Legal Update," August 2018

Indiana State Bar Association, "Managing Cybersecurity and Data Privacy," August 2018

Rocky Mountain Information Security Conference, "GDPR . . . . Separating Fact from Fiction," May 2018

Indiana Chamber of Commerce Cybersecurity Conference, "First Came the Hackers, Then Came the Lawyers: Responding to Litigation and Enforcement Actions Following a Data Breach," May 2018

ABA Corporate Counsel CLE Seminar, "The Internet of Things: Changing Business, Changing Law, and Changing Lives," February 2018

Cybersecurity Awareness Symposium, "Cyber Insurance and Internal Investigations," December 2017

2017 ISSA International Conference, “GDPR is Effective May 2018: If you operate in Europe and don’t know that acronym, you probably should attend this session,” October 2017

IoT Tech Expo North America, "Information Security in Contracting," November 2017

Indianapolis Bar Association, "Data Security: Reining in Ransomware," September 2017

HR Indiana Annual Conference - The Psychology of a Data Breach, August 2017

CPAs in Business and Industry Conference, "What All Businesses Should Know about the Internet of Things," June 2017

Indiana Continuing Legal Education Forum - Data Security Class Actions in the Seventh Circuit, June 2017

Seventh Circuit Bar Association Annual Meeting - The Impact of Digital/Data Breach, May 2017

The Center for Education and Research in Information Assurance and Security at Purdue University - The Rise of Cyber-Crime: A Legal Perspective, March 2017

Indiana Cybersecurity State of the State 2016 - Cyber Risk/Law, November 2016

Health Care Compliance Association's Indianapolis Regional Conference: IT HIPAA Security/Privacy, September 2016

Robert H. McKinney School of Law Center for Intellectual Property Law and Innovation Event: "Recent Developments in Trade Secret Law and Litigation," September 2016

ISSA May 2016 CISO Executive Forum: "Information Security in Contracts," May 2016

2016 Indiana Health Information Management Association Annual Meeting: "Managing PHI in the Electronic Age: Top Legal Concerns...& Solutions," May 2016

"The 21st Century Imperative: Cybersecurity," Butler University, 2016

American Bar Association Corporate Counsel CLE Seminar: "Secure Your Data and Your Dollars: How to Effectively and Ethically Deal with Cyber- Attacks," February 2016

Indiana Hospital Association Annual Meeting: Secure Your Data and Your Money: Preventing, Insuring and Surviving Cyber Attacks and Fund Transfer Fraud, November 2015

Information Systems Security Association's (ISSA) 2015 International Conference: Preventing, Insuring and Surviving Fund Transfer Fraud, October, 2015

2015 CACR Cybersecurity Summit: Preventing, Insuring and Surviving Fund Transfer Fraud, September 2015

"How to Respond to a Data Breach" - SHRM Annual Conference, August 2015

"E-Discovery in Products Liability Litigation: Preparing for New FRCP Amendments on Proportionality and ESI," Strafford CLE webinar, August 2015

"Protect Data: Learn How to Prepare for, Prevent, and Address a Data Breach," April 2015

"Data Breach: What You Need to Know," March 2015

“Data Breach: Guarding Against and Responding to a Data Breach,” CO-ACC Data Privacy and Professionalism CLE Presentation, March 2015

"Prepare for the Inevitable: The Impact of a Data Breach on Your Business," March 2015

Cyber-Security Seminar, Indiana Chamber of Commerce, February 2015

2014 Products Liability Year in Review, 2015 Environmental, Mass Torts & Products Liability Litigation Committees' Joint CLE Seminar, January 2015

"Practical Implications of a Data Breach," International Association of Privacy Professionals (IAPP) KnowledgeNet, November 2014

"Everything You Don't Know About E-Discovery (But Wish You Did)," National Business Institute CLE, April 2013