Lewis, Thomason, King, Krieg & Waldrop, P.C.

Justin Joy

Justin Joy is a shareholder in the Memphis office of the Lewis, Thomason, King, Krieg & Waldrop, P.C law firm.  He also serves as the firm’s privacy officer.  In addition to a range of experience in litigation and business law matters, Justin heads up Lewis Thomason’s cybersecurity practice group.  He provides counsel to clients in the area of information privacy and cybersecurity including incident investigation and breach response management, regulatory compliance, privacy and security policy review and drafting, and cyber risk management.  Specifically in the area of healthcare, Justin counsels covered entities and business associates on a variety of matters pertaining to HIPAA Privacy Rule, Security Rule, and Breach Notification Rule compliance.  Justin speaks frequently to various groups and organizations on the topic of information privacy and cybersecurity.

Justin is a Certified Information Privacy Professional/US (CIPP/US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals.  He is a 2001 graduate of Wake Forest University and holds a law and MBA degree from the University of Memphis.


  • American Bar Association
  • Arkansas Bar Association
  • Tennessee Bar Association
  • Memphis Bar Association


  • CIPT/Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP).
  • CIPP/US Certification; Certified Information Privacy Professional/United States (CIPP/US credential through the International Association of Privacy Professionals (IAPP).
  • Named on the list of “Mid-South Super Lawyers Rising Stars”
  • Graduate, International Association of Defense Counsel (IADC) Trial Academy, 2010
  • Articles editor, The University of Memphis Law Review
  • Recipient, Cecil C. Humphreys Fellowship
  • Phi Kappa Phi
  • Beta Gamma Sigma


Mr. Joy has worked on a pro bono bases counseling individuals in consumer transactions and related matters. He currently serves on the board of directors of a multi-city ministry providing mentoring for new and expectant parents and on the board of a re-entry workforce development ministry.


Memphis Office

One Commerce Square
29th Floor
40 South Main Street
Memphis, Tennessee 38103
Telephone (901) 525-8721
FAX (901) 525-6722


Wake Forest University, B.S., 2001
University of Memphis, M.B.A., 2004
University of Memphis, J.D., 2004

Bar Admission

Tennessee, 2004
Arkansas, 2005
United States Court of Appeals for the Sixth Circuit, 2005
United States District Court for the Western District of Tennessee, 2005
United States District Court for the Eastern and Western Districts of Arkansas, 2005

  • Business & Commercial

    We offer comprehensive representation to businesses of all types. As detailed below, our services range from helping resolve business disputes through litigation, mediation, arbitration or negotiation to offering sound legal advice upon which to base your business decisions as well as transactional representation, document preparation services and business formation and… [Read more]


    Overview Cybersecurity is an emerging and evolving legal field that requires a dedicated team of lawyers experienced in information security and data privacy and its ever-changing rules and regulations. We offer full services in legal advisory matters, such as risk awareness and training; litigation and regulatory defense involving data breaches; and… [Read more]

    Health Care Law

    Lewis Thomason has extensive experience in providing services to clients in the health care industry at a time when the mission is to deliver excellent patient care while dealing with increased regulatory authority and government oversight. We offer comprehensive legal counsel and compliance with complex and evolving privacy and security requirements… [Read more]

    Media Law

    Our representation in the field of media law has primarily been in First Amendment defamation claims in libel and slander cases involving publications and newspapers, magazines, television, books, and the Internet. In a cooperative effort with media to avoid litigation, we have also given advice and counsel regarding the content… [Read more]

    Product Liability

    Over the past 25 years, manufacturers and insurance companies have faced an explosion of product liability claims. In addition to significantly impacting business finances, product liability claims can lead to adverse publicity, government regulation, class actions and individual claims involving serious injury or property damage, as well as potential exposure… [Read more]

    Professional Liability

    As a professional, your reputation means everything. We are sensitive to the fact that professional liability lawsuits and claims affect reputations, as well as personal finances, and we stand ready to aggressively protect your practice at both the trial and appellate levels. Representative clients include: Accountants Attorneys* Architects Contractors Directors of Corporations Engineers Financial Advisors Hospitals and Medical Facilities Insurance… [Read more]

    Small Business Representation

    Our small business representation focuses on all aspects of the day-to-day operation of a small business. From advising clients on the appropriate corporate structure for conducting their business, to managing the start-up or dissolution of a business, we are equipped to handle any corporate need. The lawyers in our small… [Read more]

    • “Be proactive to prevent data breaches” in Knoxville News Sentinel, January 2017
    • “Using email in a WikiLeaks world” in Memphis Business Journal, December 2016
    • Tennessee’s Amended Data Breach Notification Law Serves As A Reminder To Assess Your Firm’s Cyber Readiness, October, 2016
    • New Data Breach Law Shortens Notification Time Frame, Memphis Business Blog, Memphis Business Journal, April, 2016
    • Upcoming EMV Liability Shift Date Puts Onus On Businesses, Memphis Business Journal, September, 2015
    • Co-author, “Guest Post: 5 Deadly Sins Cyber Criminals Know About Law Firm Security,” Aderant Think Tank Blog, August 20, 2015
    • “Post-Pension Committee Discovery Practice – A Strict Liability Standard?” ABA Section of Litigation, Committee on Pretrial Practice & Discovery, Vol. 18 (Summer 2010)
    • “Beware of Where You Venture: Possible Imposition of Liability Upon Venture Capitalists for the Tortious Actions of Corporate Participants in Venture-Funded Corporations”  The University of Memphis Law Review, Vol. 35 (Spring 2005)
    • “Civil Procedure — Pero’s Steak & Spaghetti House v. Lee: Tennessee Declines to Extend the Discovery Rule to Claims of Converted Negotiable Instruments” The University of Memphis Law Review, Vol. 34 (Winter 2004)

    • “Insight from a Defense Attorney: What’s New in Telemedicine Claims? A Look at Current and Future Trends” at Physician Insurers Association of America (PIAA) Claims and Risk Management/Patient Safety Workshop in Montreal, Quebec, Canada, September 2017
    • Co-presenter “Cyber Security: How MPL/HPL Insurers Can Prepare for a Ransomware Attack” at PIAA Claims and Risk Management/Patient Safety Workshop in Montreal, Quebec, Canada, September 2017
    • “Managing Cyber Risk”, West Tennessee Home Builders Association, June, 2017
    • “Cyber Security”, Tennessee Business Law Conference, M. Lee Smith, May, 2017
    • “Cyber Security and Privacy Panel”, Corporate Counsel Forum 2017, Tennessee Bar Association, March, 2017
    • “Cost Effective E-Discovery Considerations” at By the Hour The University of Mississippi School of Law CLE-Memphis Seminar, December 2016
    • “Protecting Law Firms Against Cybercrimes, Cyber Attacks, Phising and Ransomware”, Tennessee Bar Association, July 2016
    • “Cybersecurity in Law Firms,” Memphis Bar Association, April, 2016
    • “Cybersecurity for Law Firms”, Association of Legal Administrators – Middle Tennessee Chapter, March 2016
    • “Compliance: The Legal and Financial Impact,” Society of Information Management-Memphis Chapter, January 2016
    • “Changes in Federal Discovery Practice After the December 1, 2015 Rule Amendments & Updates on Recent Federal Discovery Decisions,” Memphis Bar Association, December 2015
    • “Changes in Federal Discovery Practice After the December 1, 2015 Rule Amendments and Other Developments You Should Know,” CLE by the Hour-Memphis, University of Mississippi Center for CLE, December 2015
    • “Cyber Security for Law Firms,” Association of Legal Administrators-Memphis Chapter, November 2015
    • Co-Presenter, “Cyber Liability — How To Protect Your Company Before and After, ” Knoxville Chamber, November 2015
    • Panelist, “Navigating the Legal Minefield of Tech-Related Incidents, ” Bank Tech Summit 2015, Sawyers & Jacobs, LLC, October 2015
    • “E-Discovery: Best Practices for Preservation of E-Discovery,” Making the Most of Discovery: What You Don’t Know Can Come Back to Haunt You, Tennessee Bar Association, April 2015
    • “General Considerations for Cyber Security: Anatomy of a Breach Response,” CLE by the Hour – Memphis, University of Mississippi Center for CLE, December 2014
    • Panelist, “Cybersecurity: Lessons Learned and Future Trends,” Bank Tech Summit 2014, Sawyers & Jacobs, LLC, October 2014
    • Co-Presenter, “Hanging in the Balance: Judicial Selection in Tennessee,” Memphis Bar Association, October 2013
    • “Electronic Discovery and Social Media,” CLE by the Hour Memphis, University of Mississippi Center for CLE, December 2012
    • “Basic Principles of Electronic Discovery,” CLE by the Hour – Memphis, University of Mississippi Center for CLE, December 2010
    • “E-Discovery in Tennessee: What you need to know before July 1,” Tennessee Defense Lawyers Association, June 2009
    • Mr. Joy also frequently speaks to organizations and groups on cybersecurity awareness and the HIPAA Privacy Rule and Security Rule.