Privacy and Data Protection

"It has a very strong team and we look for it to be our go-to firm on these issues given its deep capability, its dedicated service to clients and its commercial awareness."
– Chambers USA 2013

Every day, healthcare providers, government entities, financial institutions, data processors, and retailers of all scales collect personal information from their clients—information that, if stored, used, or shared improperly, can have complex and devastating consequences. BakerHostetler’s clients trust us to guide and counsel them in keeping that information secure, responding quickly when a data breach occurs, and defending in litigation that may arise as a result. We proactively counsel clients to adopt policies, practices, and procedures that reduce exposure to data breaches.

As one of the nation’s largest and most comprehensive practices in the area of data privacy and information security, we partner with clients to mitigate reputational and financial risks. We have helped clients recover from more than 500 data breaches, including 175 responses in the past year—a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.
 

Resources

 
Data breaches affect all industries and we represent a broad range of clients, from market leaders to niche marketers. We have been involved in some of the most significant privacy litigation in recent years, including as lead defense counsel for Schnuck Markets, Inc., Eisenhower Medical Center, Advocate Health, LivingSocial, Inc., Sentara Healthcare, and Vistaprint. We are a nation-leading practice in handling data privacy matters for health care, education, and financial services clients.

More »

Our litigation efforts have produced some of the leading decisions in the nation and have helped define the standards courts use in the rapidly evolving area of data privacy litigation. We have handled some of the most substantial data breaches in recent years, as well as class action litigation resulting from those breaches, including TJMaxx, Heartland Payment Systems, and BJ’s Wholesale Club, which established a new precedent of disposing of negligence claims on the basis of the economic loss doctrine. Our team includes a former Commissioner of the Federal Trade Commission, former prosecutors from the Department of Justice and state and local governments, and former enforcement officials from the Securities and Exchange Commission and FINRA.

Because of our deep commercial and industry awareness and ongoing experience in this rapidly evolving field, we regularly counsel clients on the impact and effect of privacy law and revisions to ensure they remain at the forefront of Privacy and Data Protection issues. Our Data Privacy Monitor blog provides up-to-date information, commentary, and case law analysis on data privacy, information security, and other industry-related topics.

Our team is adept at addressing a variety of areas, including:

Compliance, counseling, and breach prevention

We counsel clients on all steps necessary to comply with rapidly changing regulations, across varying state and federal jurisdictions, as well as voluntary government guidelines and best practices. We take a practical look at updating or creating policies and procedures, risk management plans, and comprehensive incident response plans that address internal and external actions. We also work with clients to ensure their third-party and vendor agreements provide them with privacy protection. Our proactive efforts enable clients to avoid breaches and their impact.

Incident response and notification

Our approach is client-driven and if a data incident occurs, we are ready to deliver an efficient, tactically sound, and immediate response that is crucial in the initial stages and the aftermath. Because of our extensive experience in handling breaches, we can best tailor a plan to a particular incident, the issues raised, specific industry complexities, and the nature of the business. Our breach analysis provides practical guidance on regulatory compliance and handling negative media coverage, consumer complaints, government investigations, and potential litigation.

Government investigations and regulatory response

Many of our successes are often non-public, such as convincing a government agency to close an inquiry or advising a company in a sensitive manner that avoids regulatory penalties and is the least disruptive to business operations. Through decades of experience, we have built strong relationships with the Federation Trade Commission, Office for Civil Rights, the National Association of Attorneys General, and others, and are at the forefront of crafting regulatory and legislative strategies that result in the best outcome for our clients.

Litigation and class action

We help clients through complex privacy litigation while simultaneously interfacing with multiple parties, such as federal and state regulators and private plaintiffs. Our experience allows us to provide a detailed roadmap for litigation of privacy and data security. The BakerHostetler Privacy Class Action Response Guide ensures that client needs are paramount as we handle some of the largest class actions to date in the nation. Our Privacy and Data Protection team’s substantive knowledge of privacy laws, combined with the acute procedural skills and proven defense tactics of the firm’s Class Action Defense team, minimizes potential impact of litigation.

Healthcare privacy and health information technology

We assist clients in developing documents, procedures, and programs to comply with healthcare information privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Because of the depth of our experience in this area, we have been called on to defend some of the most significant class actions in the healthcare industry resulting from data security incidents. One such case involving a putative class action under the California Confidentiality of Medical Information Act (CMIA) for Eisenhower Medical Center seeks more than $500 million in statutory damages. We have also been retained by Advocate Health in the defense of class actions arising from a breach involving 4 million patients, making it the second-largest breach ever recorded under the HIPAA.

E-Commerce, payments, and point of sale

Data security in the payment card industry is a growing legal area among consumers, merchants, and payment processors, with standards being developed and amended on a regular basis. We regularly follow developments in the Payment Card Industry Data Security Standards (PCI DSS) and other operating regulations aimed at prevention, detection, and appropriate reaction to card security incidents.

Critical infrastructure

Ongoing technological innovation requires us to stay at the forefront of developments that impact businesses and their customers. President Obama’s Executive Order on cybersecurity, for example, will impact industry security standards and how businesses apply them. View a webinar recording on the topic: New Cybersecurity Executive Order. Our background in data security and privacy issues involving personal information shape the ways that companies handling other highly confidential information may be impacted by data breaches or disruption of service. We not only help a client deal with current state of law, but know where law is heading.

Security breaches affect all industries and are growing as attackers seek customer data or trade secrets, target companies for political reasons, or sabotage critical infrastructure. In 2012, the Privacy Rights Clearinghouse estimated that 27,545,995 records were affected as a result of 680 publicly-known security breaches caused by unintended disclosures, hacking or malware, payment card fraud, persons with legitimate access, or lost or stolen paper documents or devices.

Select Experience

  • Defending Advocate Health and Hospitals in connection with 12 class actions and one complaint currently pending in Cook County, Illinois Circuit Court, as well as class action current pending in Federal Court in Illinois.
  • Defended Schnuck Markets in connection with payment card breach litigation, including six class actions and one individual action currently pending in various state and federal courts in Missouri and Illinois.
  • Defended Eisenhower Medical Center in pending putative class action complaint arising from theft of computer containing information about more than 500,000 patients and alleging violations of the Confidentiality of Medical Information Act and Customer Records Act (Melanche v. Eisenhower Medical Center).
More »

Professionals

Name Title Office Email
Fernando A. Bohorquez Jr. Partner New York
David A. Carney Partner Cleveland
Teresa C. Chow Partner Los Angeles
Lisa N. Collins Associate Atlanta
Caroline Dettmer Slye Staff Attorney Cincinnati
Gerald J. Ferguson Partner New York
Tanya Forsheit Partner Los Angeles
Cory J. Fox Associate Houston
Alan L. Friel Partner Los Angeles
Randal L. Gainer Partner Seattle
Lisa M. Ghannoum Partner Cleveland
Daniel J. Guttman Partner Columbus
Patrick H. Haggerty Associate Cincinnati
Pamela Jones Harbour Partner Washington, D.C.
Mark Hatcher Partner Columbus
Craig A. Hoffman Partner Cincinnati
Paul G. Karlsgodt Partner Denver
Gilbert S. Keteltas Partner Washington, D.C.
Theodore J. Kobus III Partner New York
M. Scott Koller Counsel Los Angeles
Michael R. Matthias Partner Los Angeles
Jennifer A. Mills Partner Cleveland
Jonathan B. New Partner New York
Michael G. Oxley Of Counsel Washington, D.C.
Eric A. Packel Counsel Philadelphia
Frank A. Pugliese Partner New York
Robert T. Razzano Partner Cincinnati
Chad A. Rutkowski Partner Philadelphia
Lynn Sessions Partner Houston
James A. Sherer Counsel New York
Richard W. Siehl Partner Columbus
James A. Slater Partner Cleveland
Maryanne Stanganelli Associate New York
Daniel R. Warren Partner Cleveland
Robert M. Wolin Partner Houston
Kimberly M. Wong Associate New York
Gonzalo S. Zeballos Partner New York

Experience

  • Defending Advocate Health and Hospitals in connection with 12 class actions and one complaint currently pending in Cook County, Illinois Circuit Court, as well as class action current pending in Federal Court in Illinois.
  • Defended Schnuck Markets in connection with payment card breach litigation, including six class actions and one individual action currently pending in various state and federal courts in Missouri and Illinois.
  • Defended Eisenhower Medical Center in pending putative class action complaint arising from theft of computer containing information about more than 500,000 patients and alleging violations of the Confidentiality of Medical Information Act and Customer Records Act (Melanche v. Eisenhower Medical Center).

Recognition

  • Chambers USA: National Band 3 ranking (2014)
    • Recommended for Client Service
    • Recommended for Commercial Awareness
  • Chambers Global: USA Band 3 ranking (2014)
  • Law360 "Practice Group of the Year" (2013)

 

News

Press Releases

Alerts

Articles

Events

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
What’s Old is New Again—Insecure Remote Access
July 23, 2014
When a merchant is suspected of being the victim of an account data compromise event, they are often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI provides a report on the investigation to...
Read More ->
Data Privacy Monitor
Utilities, Oil and Gas Companies Feeling Drained by “Energetic Bear”
July 22, 2014
The following was authored by Mary Guzman, Senior Vice President, InfoSec Practice Leader with McGriff, Seibels & Williams, Inc. There is much going on in the cyber world related to energy and utility companies.  As has long been...
Read More ->
Data Privacy Monitor
Industry Thought Leader Tanya Forsheit Joins BakerHostetler’s Nationally Renowned Privacy Team
July 21, 2014
InfoLawGroup Founding Partner and IAPP Certified Information Privacy Professional is sixth major practice addition in 2014 LOS ANGELES, July 21, 2014—BakerHostetler is proud to announce that Partner Tanya Forsheit has joined the firm’s...
Read More ->
Data Privacy Monitor
New York Attorney General Report Shows the Number of Data Breaches is on the Rise and Recommends Steps to Take for Protecting Against Them
July 18, 2014
On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York.  The report titled, “Information Exposed: Historical Examination of Data Security in New York...
Read More ->
Data Privacy Monitor
Florida Gives Breach Notification Statute More Teeth
June 30, 2014
On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (“FIPA”), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at...
Read More ->