• vcard
312.463.6211
  • Education
    • J.D., University of Illinois College of Law, magna cum laude
    • B.A., University of Illinois, cum laude
  • Court Admissions
    • U.S. District Court, Northern District of Illinois, 1996
    • U.S. District Court, Eastern District of Wisconsin, 2001
    • U.S. Court of Appeals, Seventh Circuit, 1993
    • U.S. District Court, Central District of Illinois
Bruce A. Radke is a Shareholder and a member of the Tech Transactions & Data Privacy practice.  Bruce is Co-Chair of the firm's Privacy and Cybersecurity practice group.  He has been selected by his peers as a Leading Lawyer in Data Privacy and Computer & Technology Law.

Bruce regularly counsels clients on various privacy and data security issues. He has drafted and reviewed data privacy and security policies and procedures to ensure compliance with HIPAA, HITECH, COPPA, GLBA, Payment Card Industry (PCI) Data Security Standards, state breach notification laws, international data security laws, including the GDPR, and other contractual and privacy-related laws and regulations. Additionally, he regularly assists clients with privacy risk assessments and provides board counseling and employee training.   Bruce has counseled clients in the development and implementation of data incident response plans.  

Bruce has assisted clients through various types of breach, from system-wide network intrusions and ransomware attacks to cyber extortion, fraudulent wire transfers, e-mail account compromises, stolen computer hardware and employee misconduct.  Bruce has served a broad range of private- and public-sector clients in multiple industry verticals, including banking and financial services, health care, life sciences, not-for-profit and for-profit education, e-commerce, technology, retail, manufacturing, trade associations, state and local government, accounting, legal and other professional services.  

Bruce regularly assists companies in investigations opened by enforcement agencies post-breach, including investigations by the U.S. Department of Health and Human Services Office for Civil Rights, U.S. Federal Trade Commission and state attorneys general as well as other state and federal financial, insurance and education enforcement agencies.

Bruce is also member of InfraGard (a partnership between the Federal Bureau of Investigation and the private sector).  He has written and spoken extensively on a variety of topics relating to privacy, data security and information management.  His articles and comments have been featured in the Wall Street Journal, Chicago Tribune, Review of Banking & Financial Services and Privacy & Data Security Law Journal.
  • Served as breach counsel for academic health system in connection with an incident arising out of a threat actor’s deletion and attempted extortion for the return of the ePHI of approximately 80,000 patients residing across the U.S. and multiple foreign jurisdictions
  • Served as breach counsel for financial institution that was the target of ransomware and extortion attack involving the acquisition and posting on various social media sites the sensitive member information and personal information of more than 46,000 of the institution’s members and other affected individuals
  • Served as breach response counsel for international financial institution whose Office 365 e-mail accounts of users in the United States and the United Kingdom were compromise potentially triggering notification under the New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies and United Kingdom’s Data Protection Act of 2018
  • Served as breach response counsel for more than one hundred incidents of credit unions across the United States, including ransomware, extortion, fraudulent wire transfers, Office 365 e-mail account compromises, network intrusions and employee misconduct
  • Served as counsel for manufacturer whose production line system was compromised resulting in intentional alteration of specialty product’s alteration and demand by threat actor for payment to cease further product alterations and information on past product alterations
  • Served as breach response counsel for health care system that experienced a malware attack potentially impacting approximately four million customers and 40,000 employees
  • Served as breach counsel to university following brute-force password attack resulting in the compromise of personally identifiable information (PII) of over 60,000 students, alumni and employees residing in more than 40 states and several foreign countries
  • Served as breach response counsel for website/e-commerce hosting services provider that sustained a malware attack impacting hundreds of third-party companies that used clients hosting services as well as thousands of those companies' customers
  • Served as breach response counsel for health care system in connection with potential exposure of radiological records of approximately 400,000 patients
  • Served as breach response counsel for community bank that sustained malware attack on online banking portal impacting customers across numerous states
  • Served as breach response counsel for law firm following theft of the firm's servers containing Pll and protected health information (PHI) of approximately 20,000 clients, adversaries and witnesses located in multiple states
  • Assisting major financial institutions to update and improve information security and data privacy practices, including data breach response procedures, and conducting data privacy audits to identify potential privacy and data security issues
  • Conducting review of multinational food and beverage company information policies to ensure compliance with data privacy and security best practices
  • Conducting privacy and risk management audits for numerous multistate retailers and life science companies
  • Developing employee training programs on information security and data privacy compliance for several investment advisers, broker-dealers and other financials service institutions 
webinar Webinars
100 Days Until EU GDPR Cyber Security Regulations Go Live - Are You Ready for the Implications?
Presenter
February 22, 2018
text icon Publications & Presentations
Directors and Officers Ignoring Cybersecurity ‘Do So at Their Own Peril’
Co-Author, Media & Privacy Risk Report
February 18, 2018
webinar Webinars
Be Prepared for NYS DFS 23 NYCRR 500
Panelist
December 14, 2017
text icon Publications & Presentations
Cyber Simulation: Experience the Breach During Our Tabletop Exercise
Speaker, NetDiligence Cyber Risk & Privacy Liability Forum
October 10, 2017
text icon Publications & Presentations
NYFS: The Shifting Regulatory Landscape of Cybersecurity
Co-Author, Lexology
January 20, 2017
webinar Webinars
Association Law for Non-Lawyers
Speaker, American Society of Association Executives’
April 12, 2016
text icon Publications & Presentations
JITPL’s 2016 Symposium at John Marshall Law School, Part II
Speaker
April 12, 2016
text icon Publications & Presentations
Client Alert Regarding Emerging Phishing E-mail Scheme
Co-Author, Lexology
March 2016
text icon Publications & Presentations
Seventh Circuit Resurrects Data Breach Class Action an Stymies Standing Challenge
Co-Author, The National Law Review
July 2015
text icon Publications & Presentations
2015 Cyber Risk Forum
Speaker, NetDiligence Cyber Risk & Liability Forum
May 12, 2015