Bruce A. Radke is a Shareholder and a member of the Tech Transactions & Data Privacy practice. He has been selected by his peers as a Leading Lawyer in Data Privacy and Computer & Technology Law.

Bruce regularly counsels clients on various privacy and data security issues. He has drafted and reviewed data privacy and security policies and procedures to ensure compliance with HIPAA, HITECH, COPPA, GLBA, Payment Card Industry (PCI) Data Security Standards, state breach notification laws, international data security laws, including the GDPR, and other contractual and privacy-related laws and regulations. Additionally, he regularly assists clients with privacy risk assessments and provides board counseling and employee training. Bruce has counseled clients in the development and implementation of data incident response plans.  

Bruce has assisted clients through various types of data incidents, from system-wide network intrusions and ransomware attacks to cyber extortion, fraudulent wire transfers, e-mail account compromises, stolen computer hardware and employee misconduct. Bruce has served a broad range of private- and public-sector clients in multiple industry verticals, including banking and financial services, health care, life sciences, not-for-profit and for-profit education, e-commerce, technology, retail, manufacturing, trade associations, state and local government, accounting, legal and other professional services.  

Bruce regularly assists companies in investigations opened by enforcement agencies post-breach, including investigations by the U.S. Department of Health and Human Services Office for Civil Rights, U.S. Federal Trade Commission and state attorneys general as well as other state and federal financial, insurance and education enforcement agencies.

Bruce is also member of InfraGard (a partnership between the Federal Bureau of Investigation and the private sector). He has written and spoken extensively on a variety of topics relating to privacy, data security and information management. His articles and comments have been featured in the Wall Street Journal, Chicago Tribune, Review of Banking & Financial Services and Privacy & Data Security Law Journal.

Read More

Education

  • University of Illinois College of Law (J.D., magna cum laude)
    • University of Illinois (B.A., cum laude)

      Bar Admission

      • Illinois, 1993

      Court Admissions

      • U.S. District Court, Northern District of Illinois, 1996
      • U.S. District Court, Eastern District of Wisconsin, 2001
      • U.S. Court of Appeals, Seventh Circuit, 1993
      • U.S. District Court, Central District of Illinois

      Professional Affiliations

      • Member, InfraGard
      • Vice President of the Chicago Bar Association’s Cyberlaw and Data Privacy Committee

      Recognition

      • Named to Cybersecurity Docket's Incident Response Elite, 2026
      • Selected for inclusion in Best Lawyers in America® for Privacy and Data Security Law, 2026
      • Leading Lawyer, Commercial Litigation, Computer & Technology Law and Data Privacy, 2017
      Publications
      All Publications
      Cybersecurity Compliance in 2025 – Know Your “Technology” Assets
      “Has World War III Already Begun?” That was the headline for an article by the chief foreign-affairs correspondent for the Wall Street Journal last month, which reported how Russia is “getting even more effective at using new tools, like cyberattacks and ransomware, to disrupt our societies.”  China is too. A year ago, the FBI Director warned that China was ramping up an extensive hacking operation designed to take down the United States’ power grid, oil pipelines and water systems. Then in April 2024, the director reaffirmed this while speaking at the Modern Conflicts and Emerging Threats summit in Nashville: “The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game
      Read More
      SEC Adopts Cybersecurity Incident and Risk Management Disclosure Rules
      On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted new rules requiring public companies to disclose within four business days material cybersecurity incidents they experience and to disclose annually their cybersecurity risk management, strategy, and governance. In response to opposition expressed during the comment period, these final rules omitted several of the more burdensome aspects of the rules that were originally proposed in March 2022.  Form 8-K Disclosure of Material Cybersecurity Incidents The SEC added a new Item 1.05 to Form 8-K that requires companies to disclose a cybersecurity incident within four business days of the date such cybersecurity incident is determined to be material. Instruction 1 to Item 1.05 requires registrants to make a materiality determination without unreasonable delay  after
      Read More