Careers

Diversity

With 17 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

SCOTUS Holds that Job Transferees Need Only Show ‘Some Harm’ Under Title VII

BakerHostetler Shortlisted for Privacy & Data Security Law Firm of the Year by Chambers USA

Government Contractors and the Government’s FCA Enforcement Environment

BakerHostetler’s Sports Industry Honors Hank Aaron’s Home Run Record

We work with the key personnel who have responsibility for privacy and security and for technology infrastructure, including chief information and privacy officers, marketing team leaders, compliance officers, finance leaders and in-house legal teams. Our incident response experience and regulatory knowledge mean we are uniquely qualified to examine both internal and privacy governance policies. Our deep understanding of technology positions us to advise clients regarding the best practices for technology transactions, including negotiating agreements regarding cloud services and technology infrastructure as well as data ownership and other key issues that arise when companies do business together.

core/paragraph

core/heading

We advise clients on how to develop and maintain consumer privacy programs. In addition, we help clients assess privacy impacts and employ privacy by design to balance commercial and consumer interests and to craft transparent, accurate and customer-friendly notices regarding data practices.

Our deep experience and relationships with state attorneys general and other regulatory officials allow us to deal efficiently with investigatory inquiries, often resulting in positive dispositions, including the conclusion of investigations without any charges being brought.

California Consumer Privacy Act (CCPA) and other state privacy laws.

core/list-item

General Data Protection Regulation (GDPR).

Attorney General privacy investigations related to data collection and use.

The Children’s Online Privacy Protection Act (COPPA).

Telephone Consumer Protection Act (TCPA) and Controlling the Assault of Non-Solicited Pornography and Marketing Act compliance.

core/list

Our team has a well-grounded understanding of transactions involving the use, licensing, acquisition and commercialization of data and technology. We review, negotiate and draft agreements and agreement provisions regarding:

The PCI Data Security Standard and protected health information.

We handle agreements involving all forms of cloud service (SaaS, IaaS, PaaS), video game development, mobile apps, music distribution, geolocation, payment processing, fraud prevention, data analytics and digital advertising.

In addition, as companies everywhere undergo digital transformation, our team offers guidance on where opportunities and vulnerabilities lie and assists in designing plans to manage, protect and leverage your digital assets, including Big Data, predictive analysis, machine learning, robotics, the Internet of Things (IoT), and voice, text and vision recognition.

We provide comprehensive advice regarding the EU’s General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA), including:

Compliance program development and implementation.

Privacy and data security assessments to prepare for the impact of the private right of action arising from security incidents.

Tracking legislative and regulatory developments.

Identifying, engaging and managing IT consultants and solutions.

contentpilot/expand-more

<ul>
<li>Selected as a 2020-2021 “Pacesetter” in Cybersecurity Services by ALM Intelligence Pacesetter Research</li>
<li>BTI Powerhouse for Cybersecurity Litigation (2022)</li>
<li>BTI Cybersecurity Powerhouse (2020)</li>
<li>BTI CyberSavvy Law Firm (2020)</li>
<li>Chambers Global
<ul>
<li>Privacy &amp; Data Security: The Elite (USA) (2022 to 2024)</li>
<li>Privacy &amp; Data Security (USA) (2014 to 2021)</li>
<li>Privacy &amp; Data Security: Healthcare (USA) (2018 to 2024)</li>
<li>Privacy &amp; Data Security: Litigation (USA) (2024)</li>
</ul>
</li>
<li>Chambers Fintech
<ul>
<li>Legal – USA (2018 to 2024)</li>
<li>Legal – Blockchain &amp; Cryptocurrencies (2023, 2024)</li>
<li>2024 Band #1 ranking in Legal – Data Protection &amp; Cyber Security (2023, 2024)</li>
</ul>
</li>
<li>Chambers USA
<ul>
<li>Advertising: NAD Proceedings – Nationwide (2022, 2023)</li>
<li>Advertising: Transactional &amp; Regulatory – Nationwide (2018 to 2023)</li>
<li>Privacy &amp; Data Security: The Elite – Nationwide (2021-2023)</li>
<li>Privacy &amp; Data Security: Litigation – Nationwide (2023)</li>
<li>Privacy &amp; Data Security – Nationwide (2013 to 2020)</li>
<li>Privacy &amp; Data Security: Healthcare – Nationwide (2018 to 2023)</li>
</ul>
</li>
<li>Chambers USA Award: “Privacy &amp; Data Security Team of the Year” finalist (2015, 2017)</li>
<li>The Legal 500 United States
<ul>
<li>Media, Technology and Telecoms: Advertising and Marketing: Transactional and Regulatory (2018 to 2023)</li>
<li>Media, Technology and Telecoms: Cyber law (including data privacy and data protection) (2021-2023)</li>
<li>Media, Technology and Telecoms: Cyber Law (2016 to 2020)</li>
<li>Media, Technology and Telecoms: Data Privacy and Data Protection (2016 to 2020)</li>
</ul>
</li>
<li>Law360: Privacy &#8220;Practice Group of the Year&#8221; (2013 to 2015, 2018)</li>
<li>Selected for Vault’s Guide to Legal Practice Areas
<ul>
<li>Privacy and Data Security (2017 to 2021)</li>
</ul>
</li>
<li><em>U.S. News – Best Lawyers </em>“Best Law Firms” – National Rankings
<ul>
<li>Advertising Law (2018 to 2023)</li>
<li>Information Technology Law (2013 to 2023)</li>
<li>Technology Law (2012 to 2023)</li>
</ul>
</li>
</ul>


R.  Bisi Adeyemo

Gerald J. Ferguson

Fernando A. Bohorquez Jr.

Brian A. Bulson

Robyn M. Feldstein

Theodore J. Kobus III

Jonathan A. Forman

James A. Sherer

Melinda L. McLellan

Theresa M. Weisenberger

Christopher M. Arena

Lisa N. Collins

Craig L. Cupid

Kyle R. Gregory

Nichole L. Sterling

May Tal Gongolevsky

Carolina A. Alonso

Andreas T. Kaltsounis

John P. Hutchins

Janine Anthony Bowen

Taylor A. Bloom

Timothy M. Swan

Orga Cadet

David Sherman

Craig C. Carpenter

Justin T. Yedor

Whitney Q. Schneider-White

Erika Vela

Jennifer L. Mitchell

Sherman G. Helenese

Jacob T. Wall

Frederick C. Bingham

Antonette E. Igbenoba

Jiwon (Jamie) Kim

Chad A. Rutkowski

Jessica S. Lowery

Diana C. Milton

New York

Partner

Atlanta

James Sherer Comments on Insurer AI Rules in Law360 Article

Janine Anthony Bowen, Jamie Kim Author Article on the Impact of Generative AI on Technology Contracts

Three BakerHostetler Attorneys and Two Firm-Authored Articles Recognized in 2024 JD Supra Readers’ Choice Awards 

James Sherer Quoted in Bloomberg Article on AI Rules from the U.S. Government

Sterling addresses compliance obligations in light of new EU-US Data Privacy Framework

Kaufman says amended FTC lawsuit against Kochava provides ‘far more compelling narrative’

Organizations need ‘functional definition of AI’ to craft effective internal policy

BakerHostetler Launches 2023 Data Security Incident Response Report

2022 DSIR Report Deeper Dive

2022 DSIR Report Deeper Dive: CPRA Compliance

BakerHostetler Launches 2022 Data Security Incident Response Report – Resilience and Perseverance

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Discuss Trends in Global Data Protection Law

Data Counsel

New Director of HHS Office for Civil Rights Announced: What could Lisa J. Pino’s appointment mean for future HIPAA enforcement?

Effective Oct. 1, 2021: Connecticut Expands Data Breach Notification Statute

Janine Anthony Bowen, Kyle Gregory Speak on IT Contracting

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

FTC Issues Statement Warning Health Apps to Notify Consumers About Data Breaches

David A. Carney Recognized as Cybersecurity & Privacy MVP by Law360

SEC Cybersecurity Actions Against Registered Firms for Business Email Compromises Emphasize Importance of MFA

Craig Carpenter a Guest on “Careers in Data Privacy” Podcast

Craig Carpenter Discusses His Career Path on “Careers in Data Privacy” Podcast

Ohio Proposes Comprehensive Privacy Legislation

SEC Scrutinizes Use of Fintech by Broker-Dealers and Investment Advisers

Taylor Bloom to Discuss Evolution of California Privacy Rights

Colorado’s Privacy Act: A Curve Ball on Consent and Targeted Ads

Melinda McLellan, Carolina Alonso, Shea Leitch, Alexandra Royal, Nichole Sterling Join Data Protection Law Panel

The New China Data Security Law and the Impact on Multinational Companies

Nevada Gov. Sisolak Signs Senate Bill (SB) 260 Expanding the State’s Internet Privacy Law

Melinda McLellan Speaks on SCCs and Data Transfers Post-Schrems II

Pairing Real-World™ Problems with Realistic Solutions – a Push for Practical Information Governance

Updated EU Standard Contractual Clauses Are Finally Here

Craig Hoffman Featured in Video Interview Discussing “Data Security Incident Response Report”

BakerHostetler’s DADM Practice Group Expands in Dallas with the Addition of Craig Carpenter

Seventh Annual Data Security Incident Response Report Released – Disruption and Transformation

BakerHostetler 2021 Data Security Incident Response Report – Disruption and Transformation

Jeewon Serrato Speaks on Three Key CCPA Provisions

Jeewon Serrato Joins Webinar on Lessons Learned from CCPA

Jeewon Serrato Discusses California Privacy Rights Act

Highly Anticipated SCOTUS Ruling Upends TCPA Landscape

Private Right of Action May Again Poison Washington Privacy Act

International Data Protection Update – First Quarter 2021

Sara Goldstein, David Sherman Discuss European Privacy Concerns

Virginia Becomes the Second State with a Comprehensive Privacy Law

Eulonda Skyles, Stanton Burke Speak at Tech Law Summit

Melinda McLellan Leads Discussion on GDPR for New York State Bar

New EDPB Draft Guidance Provides Practical Scenarios for Data Breach Notification Analysis Under the GDPR

Kyle Fath, Taylor Bloom Address AdTech Considerations Under CCPA and CPRA

Virginia Poised to Enact the Consumer Data Protection Act, the Nation’s Second Comprehensive Consumer Privacy Law

AdTech Under the CCPA and CPRA

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

California AG Becerra Tweets Endorsement for a Universal Opt-Out Tool

Stanton Burke Speaks on Notice Requirements for CCPA, CPRA

Stanton Burke Speaks on Notice Requirements of California Privacy Laws

Alan Friel a Speaker for Webinar on Vendor Agreements and California Privacy Rights Act

Jeewon Serrato Co-Authors Article on CCPA and Competition Issues

Jeewon Serrato Speaks on Privacy and Employment Law in California

Jeewon Serrato Provides CCPA Crosswalk to NIST

Jeewon Serrato Joins Panel to Discuss CCPA and CPRA

Kyle Fath Speaks on Implications of “CCPA 2.0”

New York Legislature Introduces CCPA Clone with Private Right of Action

Alan Friel Comments on Impact of New California Privacy Law

Kyle Fath Speaks on California Consumer Privacy Laws

European Authorities Release Back-to-Back Drafts Addressing Cross-Border Data Transfers

Alan Friel, Kyle Fath Article Explains Provisions of California Privacy Rights Act

Alan Friel Talks to “Wall Street Journal,” Legal Media about Ramifications of New California Privacy Regulations

Kyle Fath Comments on New California Privacy Rights Act

Alan Friel a Speaker for Webinar on CCPA Final Regulations

California Voters Approve Reworking of Landmark Consumer Privacy Law – What CCPA 2.0 Will Mean for Businesses and Consumers

California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0

Jeewon Kim Serrato Co-Authors Article about Pricing, Value of Consumer Data and CCPA’s Non-Discrimination Requirement

Casie Collignon, Alan Friel, Andreas Kaltsounis Speak at Privacy+Security Academy Virtual Forum

Alan Friel Discusses CPRA at Privacy+Security Academy Conference

Alan Friel Speaks on Data Privacy Enforcement in California

Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of New Retention Requirements in the CPRA

Jeewon Serrato Address California Privacy Legislation at National Conference

Return to Work: What Employers Should Know About AB 1281, CCPA Notice Requirements and Recent Labor Law Guidance

IAB Launches CCPA Benchmark Survey

BakerHosts

CA Privacy Law Reboot – CCPA 2.0

CCPA Final Regulations, with a Few Unexpected Changes

Jeewon Serrato Discusses California Privacy Regulations at Virtual Conference

Alan Friel Examines Implications of Proposed Expansion of the CCPA

James Sherer to Discuss Data Governance for Legal Operators

Alan Friel Comments on Proposed Expansion of California Privacy Law

Alan Friel, Jeewon Serrato Lead Webinar on CCPA Response

Alan Friel Comments on New California Privacy Rights Act Ballot Measure

CPRA Moves Forward Despite COVID-19 Woes, Will Be on November Ballot

Welcome to Data Counsel

CCPA Final Regulations Published in Advance of July 1 Enforcement Date

Alan Friel a Speaker for Discussion of CCPA Compliance Strategies

Alan Friel Comments on Submission of Final Rules for CCPA

Three Paths to Final CCPA Regulations by July 1

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

CCPA Compliance Meets Trade Secret Protection: A Peaceful Coexistence?

Alan Friel Speaks on Webinar Regarding CCPA Enforcement Extension

Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World

BakerHostetler’s 2020 Data Security Incident Response Report Shows Phishing Still No. 1 Cause of Data Incidents, Ransomware Attacks on the Rise

Digital Assets and Data Management

Information Governance

Energy Industry Cybersecurity and Event Response

Advertising, Marketing and Digital Media

Compliance

Blockchain Technologies and Digital Assets

Comprehensive State Privacy Acts

Artificial Intelligence (AI)

Healthcare Privacy and Compliance

Digital Risk Advisory and Cybersecurity

Emerging Technology

Privacy and Digital Risk Class Action and Litigation

Digital Transformation and Data Economy

Russia-Ukraine War Resource Center

Industries

Retail

<h5>Privacy Governance</h5>
<ul>
<li>Counseled hundreds of companies on developing, implementing and maintaining privacy programs and complying with applicable data protections laws, including the CCPA.</li>
<li>Representing the interests of multiple clients in the digital advertising sector while working with the Internet Advertising Bureau to help develop a policy framework, multiparty agreement and technical signal program that will allow publishers and advertisers to integrate their CCPA “do not sell” requests with internet-based advertising technologies.</li>
<li>Advising numerous clients regarding compliance with international data transfer restrictions and data localization requirements. Additionally, we developed and implemented GDPR compliance programs for U.S. and international organizations, including applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, the selection of Data Protection Officers and employee training.</li>
<li>Served as lead privacy counsel to a cutting-edge healthcare funding provider; provided a 50-state analysis of the privacy landscape for the company.</li>
</ul>
<h5>Technology Transactions</h5>
<ul>
<li>Representing an insurance company in its multimillion-dollar multiparty cloud and software services agreements.</li>
<li>Supporting a large healthcare system as lead technology and intellectual property counsel; advising the organization in more than $50 million worth of technology acquisitions.</li>
<li>Acting as lead counsel to a minerals and material solutions provider, evaluating and mitigating the risks of third-party installation of IoT tracking technologies for assets management.</li>
<li>As privacy counsel to a global public relations and earned media software company, led the organization through multiple acquisitions of portfolio companies and conducted privacy diligence for a number of transactions.</li>
<li>Advised a healthcare customer-relationship management company on commercial transactions and the development of a privacy and data strategy, navigating HIPAA compliance and regulations.</li>
</ul>


Privacy Governance and Technology Transactions

Privacy Governance and Technology Transactions

Experience

Privacy Governance

Technology Transactions

Recognitions

Insights and News

Featured Insights