Andreas Kaltsounis focuses on helping clients anticipate, manage, and respond to complex privacy and security issues in connected, data-driven organizations. He brings a unique perspective to his work with clients, developed from his experience as an attorney, a certified information-security professional, a leader at an international information-security consultancy, and a federal agent investigating criminal, regulatory, and national-security cyber matters. Able to operate from the trenches to the board room, Andreas advises key stakeholders across an organization, from its individual legal, security, and compliance teams, to its executives, officers, and directors.
As a strategic advisor, Andreas helps clients anticipate, understand and comply with current and emerging global data protection obligations, including advising clients and colleagues on the nuances of international breach notification obligations. Focused on more than merely checking regulatory boxes, he works with his clients to find and address their real legal, business, and reputational risks.
Reactively, Andreas has led more than 100 data breach and privacy-related investigations, including in some of the largest publicly reported breaches. His investigative experience and deep technical background make him a go-to advisor for incidents involving widespread network intrusions, technically complex issues, and potential insider threats. In the wake of these incidents he has successfully defended clients in regulatory inquiries by the FTC, global supervisory authorities, and multi-state attorneys general, and he partners with BakerHostetler’s award-winning litigation team to defend against consumer class actions and shareholder actions.
Andreas speaks frequently to industry groups and boards of directors on privacy, data protection, and incident response, and combines his extensive on-the-ground experience with leading industry credentials in privacy law (CIPP/US),* information security (CISSP), critical controls auditing and implementation (GCCC), penetration testing (GPEN), and computer forensics (EnCE and SCERS). He is also a member of the Sedona Conference’s Working Group 11 on Data Security and Privacy.
Andreas co-leads the firm’s national Digital Risk Advisory and Cybersecurity Team and serves as the Seattle Digital Assets and Data Management Leader.
*The Washington Supreme Court does not recognize certifications and certifications are not a requirement to practice law in the state of Washington.