Posts

MRR Lexington Proud to Sponsor the Kentucky League of Cities “2018 City Employee of the Year” Award

Mazanec, Raskin & Ryder (MRR) is proud to once again sponsor the Kentucky League of Cities (KLC) “City Employee of the Year Award” which brings recognition to an exceptional city employee who performs at a distinguished level to improve his or her local government and community. KLC represents more than 20,000 municipal employees.

MRR Lexington’s Administrative Partner, Barry Miller, presented Hopkinsville Police Chief Clayton Sumner with the honor on September 18, 2018 during the KLC Conference & Expo.

By sponsoring this award, MRR will provide a $1,000 donation to Hopkinsville/Christian County Boys and Girls Clubs in honor of Chief Sumner.

To view the official KLC press release, click here.

MRR Article: Can Europe’s New Privacy Rule Cost My Business Money?

By: Barry M. Miller & Curtis M. Graham

If your business offers goods or services to consumers in the European Union (or tracks information on EU consumers), you must become familiar with the acronym “GDPR.” The “General Data Protection Regulation” goes into effect May 25, 2018. And even if you are confident that your business complies with state or U.S. data-protection principles, that confidence may not be warranted as you face the GDPR.

Your business may already take care to protect information such as a customer’s Social Security number, credit card number, health data, and other personally identifiable information. But the GDPR broadens the definition of personal data that holders must protect. Article 4 of the GDPR defines “personal data” to include “any information relating to an identified or identifiable natural person (‘data subject’)” relating to the “physiological, genetic, mental, economic, cultural or social identity of that natural person.” Information about a person’s race or ethnicity, religious affiliation (or non-affiliation), political leanings, or sexual orientation would fall within this definition.

How does the GDPR impose obligations on American businesses in the first place? Its drafters intend the regulation to apply to anyone who processes the personal data of an EU resident—even if the processing is not done in the EU. Whether that intended reach can be enforced against an American business will be the subject of litigation, both here and in the EU. But as of now, the EU intends to subject data processors to fines of the greater of 20 million euros, or up to four percent of the processor’s annual global revenue. Even if your company is one of the forward-thinking ones, with cyber liability insurance in place, whether such policies cover fines imposed for a breach of the GDPR is something else to be litigated in coming years.

Rita Heimes, who holds the Certified Information Privacy Professional (CIPP) designation under both European and U.S. law (as well as the CIPM credential, for those who manage privacy programs), describes a “core value” of the GDPR: “Natural persons should have control over their own personal data.” She contrasts this with the U.S.-centric view that data, once collected, belongs to the collector. “This means when customers share their data with us it is not ours, but rather theirs, at least as the European Union sees it and as reflected in the GDPR.”

Mike Mandato, of Calyx IT in Cleveland, points out that businesses must carry this mindset through the entire life cycle of data, including data that may not pertain to active transactions—data businesses that businesses might think of as “on file,” but what information technology professionals call “at rest” data. The GDPR gives EU consumers the right to request that their data be removed from a data controller’s systems. This may require businesses to rethink their backup strategy, email and record retention policies, and any other in-house systems that hold “at rest” data. Mandato views this as a mixed blessing: “It is a good opportunity to fine tune security measures and data integrity within a business. But it may present added expense deploying processes and policies to examine data on a periodic basis to maintain compliance.”

What all this means is that companies of all sizes must make a conscious decision whether they want to do business (or continue to do business) with EU residents. They must weigh the potential costs of GDPR-compliance against the amount of business they hope to get from EU consumers. If the potential return is small or non-existent, it may be prudent to forgo that business. If, after weighing the benefits, you decide to retain or pursue business from EU residents, consult your technology vendor, your attorney, and your insurance agent to help you mitigate the potential costs that could follow non-compliance.


For more information, or questions on the topic, please contact Barry Miller at bmiller@mrrlaw.com or Curt Graham at cgraham@mrrlaw.com. Both Barry and Curt focus their practices on Data Management & Cyber Security Law in MRR’s Lexington office.

Barry Miller

Curt Graham

MRR sponsors Kentucky League of Cities 2017 “City Employee of the Year” Award

The Kentucky League of Cities (KLC) has announced its annual awards for Elected City Official of the Year, the City Employee of the Year and Enterprise Cities Awards for innovative city programs and projects. The winners were recognized on October 4 at the KLC Conference & Expo in Covington, Kentucky.

The City Employee of the Year Award, sponsored by Mazanec, Raskin & Ryder (MRR), brings recognition to an exceptional city employee who performs at a distinguished level to improve his or her local government and community. This year there was a tie resulting in two winners, Simpsonville City Administrator David Eaton and Georgetown City Attorney/Chief of Staff Andrew Hartley. 

MRR provides a $500 donation to the charitable choice of each winner.  To view the short awards video, click here.

Law Enforcement and the ADA

By: Casey C. Stansbury, Esq.

Law enforcement officers encounter individuals with disabilities nearly every day. These disabilities may include people who are deaf or hard of hearing, people with epilepsy or cerebral palsy, persons with autism or Asperger’s, and persons with psychiatric difficulties. However, case law across the country has been inconsistent in determining the circumstances under which police can be held liable when dealing with a person with a mental disability. Questions frequently arise when police interact with individuals who may be protected by the Americans with Disabilities Act (“ADA”). The most recent United States Supreme Court case to deal with these issues is Sheehan v. the City and County of San Francisco.

In Sheehan, the Court was asked to determine whether two San Francisco police officers could be sued over their use of force when arresting a knife-wielding woman with a history of mental illness in a confrontation in which the woman was shot multiple times. In the 6-2 decision released in May of this year, the Court granted the officers qualified immunity on the Plaintiff’s Fourth Amendment claim. However, the Court did not address whether the officers should have provided the Plaintiff with “accommodations” or taken special precautions under the ADA because of her disability.

Cases like Sheehan are extremely fact-intensive and ADA concerns merit special attention by law enforcement departments in training and development of official policies and procedures as well as consideration by officers in the field when encountering members of the public with suspected disabilities. This blog will be updated with developments in this rapidly changing area of law.


For questions or more information on “Law Enforcement and the ADA,” contact:


Casey C. Stansbury  – MRR Lexington
Phone: 800.936.9198
Fax: 440.248.8861
Email: cstansbury@mrrlaw.com