Find Lawyers

Theodore J. Kobus III

Ted advises clients, trade groups and organizations regarding data security and privacy risk management, breaches, response strategies, litigation and regulatory actions affecting organizations. He has counseled clients involved in significant breaches implicating state and federal laws, international laws and other regulations and requirements, including HITECH, the Massachusetts Data Privacy Law, California privacy laws (including the California Department of Public Health Law), Connecticut Insurance Department regulations, Puerto Rico’s Citizen Information on Data Banks Security Act, Mexico’s Data Protection Law, Canada’s data privacy requirements and PCI/CISP requirements. He has dealt with Offices of Attorneys General, state insurance departments, Office of Civil Rights (OCR)/Health and Human Services (HHS), Secret Service, FBI and local police and forensics professionals as part of their handling of data breaches.

Risk management is a key component of an organization’s mitigation plan. From advising clients regarding privacy and security compliance in cloud and virtual environments to the impact of social media on the way an organization conducts business, Ted’s services include:

• Breach response workshops
• Review and development of policies and procedures reflective of state breach notification laws, international data security laws, HIPAA, HITECH, COPPA, GLBA and other privacy-related laws and regulations
• Preparation of written information security plans
• Preparation of incident response plans
• Drafting and updating of privacy policies, portal agreements, contracts and customer notices to reflect legal developments in privacy
• Preparation of social media policies
• Educational webinars and other presentations for employees

Ted has handled over 250 breaches and his representative experience includes:

• Healthcare, educational, banking, financial, technology service providers, hospitality and retail breaches involving state, local, federal and international laws
• Healthcare and financial services breaches involving substantial crisis management and public relations efforts
• Breaches resulting in identity theft
• Breaches involving cloud computing services
• Breaches involving sensitive employment issues
• Multistate breaches involving high-profile law enforcement investigations and overseas criminals using malware
• Breaches involving phishing scams and other social engineering tools
• Breaches and litigation involving PCI DSS compliance

His experience extends to litigation of data breach, privacy, technology, media and intellectual property matters nationally, including litigation and audits and actions by governmental regulators such as state attorneys general, HHS and OCR, the Federal Trade Commission (FTC), Federal Communications Commission (FCC), state departments of health and insurance and state and professional licensing boards. Ted has a number of arbitrations, non-jury and jury trials and his representative experience includes:

• Defense of clients involved in class action litigation related to technology, privacy and PCI DSS issues
• Defense of clients involved in healthcare invasion of privacy cases
• Defense of clients during investigations by state attorneys general
• Breaches implicating Family Educational Rights and Privacy Act (FERPA) and resulting investigations by the Department of Education (DOE)
• Dismissal from a class action litigation involving the Fair and Accurate Credit Transactions Act (FACTA)
• Defense of technology service providers in enterprise resource planning (ERP) litigation
• Recent verdict in favor of his client in a matter involving computer source code copyright infringement and trade secret claims
• Litigation of trademark cases

Ted is a regular contributor to Baker Hostetler’s Data Privacy Monitor blog, available at www.dataprivacymonitor.com. He regularly speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy.

Ted’s presentations and publications include:

• “Network Security and Privacy Law: A Rapidly Developing Liability Landscape,” Webinar (March 28, 2012)
• “The A to Zs of Healthcare Data Breaches,” Providence Health & Services’ Comply Rx (February 2012)
• “Healthcare Cyber Risks and Privacy Breaches—Emergent Problem or Chronic Condition?” Professional Liability Underwriting Society International Conference, San Diego (November 4, 2011)
• “Are You Ready for A Data Breach?” Association of Lloyd’s Brokers, Chicago (November 1, 2011)
• “Data Breaches—A to Z,” American Society of Healthcare Risk Managers, Phoenix (October 17, 2011)
• “Risk Manager’s Guide to Navigating the Evolving Legal, Regulatory and Cyber Liability Landscapes,” American Society of Healthcare Risk Managers, Phoenix, (October 17, 2011)
• “Data Breaches—Coming to a Network Near You,” Houston and Minneapolis (October 2011)
• “Cyber Liability: The Real Deal,” Graham University of the Graham Company, Webinar (September 28, 2011).
• “The Current State of PCI, HIPAA and HITECH Compliance and How It’s Impacting Cyber Liability Coverage and Claims,” American Conference Institute’s Cyber & Data Risk Conference, New York (September 26, 2011)
• “Regulatory Update,” Webinar (September 2011)
• “Navigating the Evolving Legal, Regulatory and Cyber Liability Landscapes for Mid-Sized Healthcare Organizations,” Crittenden Chicago Conference (September 2011)
• “Privacy Issues Facing Law Firms,” Webinar (July 2011)
• “Social Media—Legal Risks,” Media Financial Management Association CFO Summit, Williamsburg (July 2011)
• “NetDiligence Cyber Risk & Privacy Liability Forum,” Damages and Other Litigation Issues after A Data Breach Event (June 2011)
• “Contractual Risk Transfer for Healthcare Organizations,” American Society for Healthcare Risk Management Webinar (May 2011)
• “Contractual Risk Transfer; Privacy Breaches & Theft: What's Lurking in the Dusty Corners of Your Contract Files Can Hurt You,” Webinar (January 2011)
• “The Gloves Are Off: Red Flag Enforcement Is Here,” Podcast (December 2010)
• “Data Breach—A C-Level Issue,” Lutheran Services in America, Baltimore (November 2010)
• “How Will South Shore’s Breach Impact Us?” Data Breach News (September 10, 2010)
• “Complying with State Public Notification Requirements and Deadlines: Making Sense of Conflicting Priorities in the Event of a Breach,” 4th Annual Advanced Forum on Cyber & Data Risk Insurance, New York (September 2010)
• “How The Rite Aid Settlement Impacts Your Disposal Practices,” Data Breach News (July 27, 2010)
• “Nosey Employees Can Be Costly,” Data Breach News (June 18, 2010)
• “HIPAA/HITECH Disclosures and Regulatory Enforcement—The ‘Do’s and Don’ts’ When Responding to Data Security and Privacy Breaches,” New Jersey Health Information Management Association's annual meeting, Atlantic City (June 2010)
• “Data Breach Liability: An Unstable Legal Environment,” NetDiligence Cyber Risk and Privacy Liability Forum, Philadelphia (June 2010)
• “Are Digital Copiers Leaving Us Vulnerable?” Data Breach News (May 5, 2010)
• “Best Practices for Health Care Organizations to Keep the Cyber Liability Genie in the Bottle,” Webinar (April 2010)
• “What Can We Expect in 2010,” Data Breach News (December 29, 2009)
• “What REALLY Happens After A Breach or Electronic Data Loss Event,” PLUS International Conference, Chicago (November 2009)
• “New Federal Regulatory Developments & Enforcement Action Regarding Privacy and Security of Information,” and “Third Party Vendors and Suppliers: Limiting Liability Contractually,” ACI 3rd National Advanced Forum on Cyber/Data Risk Insurance, Philadelphia (September 2009)
• “FTC Red Flag Rules on ID Theft, Now Imminent, Have Broader Application Than Many Realize,” NRRDA Webinar (July 2009)
• “Flagging Down Identity Theft,” PLUS Journal (Vol. XXII, No. 2) (February 2009)
• “Data Breach and Security Exposures,” Philly I on Law Day, Philadelphia (December 2008)
• “Is Your Company A Creditor? Identity Theft Prevention: Know Your Red Flags,” DRI In-House Defense Quarterly (Winter 2008)
• “Walking The Data Security Tightrope: What Lies Below?” PLUS International Conference, San Francisco (2008)
• “Evolution of Famous Name Litigation,” InRe Magazine (2007)
• “Copyright Protection for Architectural Works,” Defense Digest (2006)