Find Lawyers

Craig Hoffman focuses his practice on complex business disputes, as well as data privacy, information security and social media. Mr. Hoffman has successfully represented a variety of interests in complex commercial litigation matters in state and federal courts, including contract disputes, construction delay claims, insurance coverage and premises and product liability claims. He has also represented companies in class action litigation arising from data breaches and alleged violations of federal privacy laws and regulations.

Mr. Hoffman regularly counsels clients on notice obligations, remediation strategies and risk avoidance in connection with data breach incidents involving personal information and cardholder data. He is experienced in managing all aspects of incident response—from working with internal resources and external forensic experts to contain and remediate the intrusion, to minimizing reputational harm, to mitigating potential liability. He also helps companies identify, evaluate and manage risks associated with privacy and information security practices. In breaches involving payment card data, Mr. Hoffman guides clients through the PCI DSS revalidation process, while working to minimize assessments and fines by the card brands.

Mr. Hoffman conducts privacy assessments to determine the scope of a company’s legal obligations regarding personally identifiable information under its control and the company’s compliance with those obligations. He also helps companies develop appropriate written information security programs. Mr. Hoffman advises companies involved in transactions on privacy, security and social media issues, including due diligence and drafting appropriate representations and warranties.

In addition, Mr. Hoffman works with companies to develop successful advertising and marketing campaigns, from creating website privacy and terms of use policies, to compliance with FTC and self-regulatory guidelines, to contests and sweepstakes.

Mr. Hoffman serves as the editor of BakerHostetler’s Data Privacy Monitor blog, providing commentary on developments in data privacy, security, social media and behavioral advertising.

Representative Experience

• Led data breach response teams following network intrusions at manufacturers, retailers and third-party service providers where personal and financial information of millions of individuals were at risk.
• Member of trial team that pursued delay damages against a subcontractor on behalf of a commercial developer and general contractor
• Participated in due diligence and contract drafting with buyer’s counsel for the acquisition of a social media company
• Pursued claims on behalf of a buyer against a seller for breach of representations and warranties following a data breach
• Member of trial team that obtained a $163 million settlement of False Claims Act and fraud claims against a pharmacy benefit manager
• Obtained injunctive relief on behalf of a staffing company precluding a start-up staffing company from operating
• Successfully obtained the dismissal of a product liability complaint over an exploding tire at the close of the plaintiff’s case

Publications

• “Facial Recognition: The End of Privacy or a Precursor for New Laws?” Cincinnati Bar Association Report (December 2011)
• “Preventing Leaks: Why Data Security, Privacy Matter,” Cincinnati Bar Association Report (March 2011)
• “Catching Up on Cloud Computing,” www.dataprivacymonitor.com (March 14, 2011)
• “Noteworthy Data Privacy and Security Events in 2010,” www.dataprivacymonitor.com (December 31, 2010)
• “Scrutiny Intensifies Over Mortgage Foreclosures,” Dayton Business Journal (September 21, 2007) and Columbus Business First (November 21, 2007)
• “State Looks to Stem the Tide of Foreclosures,” Dayton Business Journal (April 20, 2007)

Honors / Awards

• Ohio Super Lawyers “Rising Star” (2009 to 2012)
• Dayton Business Journal’s “Forty Under 40” (2008)

CLE/Webinars/Seminars

• “Effective Data Breach Incident Response,” Ohio CISO Executive Summit (June 2012)
• “Network Security and Privacy Law: A Rapidly Developing Liability Landscape,” Webinar (March 2012)
• “Data Security and Cyber Liability Update,” LexisNexis Webinar (November 2011)
• “Are You Ready for a Data Breach?” BakerHostetler CLE (October 2011)

Mr. Hoffman is a member of the Ohio State, Cincinnati and Kentucky Bar Associations, and was a member of Class XIV (2010) of the Cincinnati Academy of Leadership for Lawyers. Prior to joining BakerHostetler, Mr. Hoffman clerked for U.S. Department of Labor Administrative Law Judge Thomas F. Phalen.