BakerHostetler
Alumni Login
| Subscribe | Print
Open search/close search button Open menu/close menu button
Services
Professionals
About Us
Offices
News/Resources
Diversity
Pro Bono
Careers
Alumni

Digital Risk Advisory and Cybersecurity

Overview

“BakerHostetler's statistics provide a platform and negotiator-independent look at how enterprises with high-end legal advice handle breaches. All single-company-based statistics are biased toward a customer base.”

SC Magazine, April 7, 2022

Our attorneys draw upon technical knowledge, unrivaled incident response experience, and outcomes from remediations of incidents, regulatory investigations and lawsuits (what we call “cyber response intelligence”) to help organizations generate and implement solutions for realizing the value of data and technology, reducing the risk of significant events, becoming “compromise ready,” and responding effectively to incidents.

Organizations face two primary cybersecurity risks – theft of data and operational disruptions. These dynamic risks can become reality because of an issue at the organization, a vendor or both. The need to implement and maintain “reasonable security” is understood, yet most organizations struggle to do so and find themselves unprepared to tell a persuasive cybersecurity story to defend their practices in the wake of an incident. Failing to leverage data and technology to meet organizational goals; the revenue and reputational impact of downtime; and the disruption, regulatory investigations and lawsuits that follow the disclosure of a security incident are material risks. Effective management of these risks requires an enterprise-wide approach. We supply the guidance to help organizations prioritize, develop and implement risk-based solutions to address these dynamic risks.

Incident Response

Our incident response experience is unmatched; we have helped companies respond to more than 10,000 potential incidents. This experience enables us to triage the underlying issue, provide recommendations for a preliminary response and project what the organization is going to face in the coming days, weeks and months so informed decisions can be made. Because we work with forensic firms, ransom payment firms, crisis communications firms, mailing and call center vendors, brokers, and insurance carriers, we are able to streamline the engagement and deploy resources to manage the critical path of the response to an incident. An effective incident response involves more than knowing what the law requires ‒ getting key stakeholder relationship issues right is equally important. We quarterback the efforts to develop and continuously fine-tune strategic plans to identify, contain, assess, communicate about and remediate the issue. For organizations with which we have not yet worked, we operate a 24/7 incident response hotline that sends our team into action immediately in the event an incident is suspected.

More »
Incident Response Preparedness

We help companies establish and revise incident response plans, conduct tabletop exercises featuring realistic data breach simulations, and partner with forensic and crisis communications firms to provide focused training to incident response teams.

The annual BakerHostetler Data Security Incident Response Report is regarded as one of the industry’s most credible analyses of data security incidents faced by companies. The report helps companies understand potential threats, protect their data and fine-tune their incident response plans.

Digital Risk Advisory

We lead entities through investigations by state attorneys general, multistate attorneys general groups, the Federal Trade Commission, EU supervisory authorities and other international data protection regulatory authorities. When lawsuits are filed after a security incident is disclosed, we are the liaison for our clients to our litigation team to ensure that the facts that were identified and the strategy developed during the incident response phase are leveraged to support the execution of an effective defense strategy.

Cybersecurity Advisory

We help organizations develop risk-based and prioritized strategies to use data, leverage technology and become “compromise ready” by combining our technical capabilities, lessons learned from observing the causes of thousands of incidents and practical experience from time spent on-site with organizations. We help organizations improve the people, processes and technology they use by doing the following:

  • Identifying, developing, prioritizing and implementing risk-based security enhancements, which may include leveraging analysis from external security firms (e.g., red team exercises, security assessments, penetration tests).
  • Conducting “reasonable security” assessments with the complex litigation and regulatory landscape in mind to help defend against regulatory inquiries or private actions alleging unreasonable security.
  • Addressing third-party exploitation and misuse of technology, such as online account credential stuffing and account takeovers.
  • Conducting due diligence in corporate transactions, including evaluating the target’s privacy and security risk posture, negotiating appropriate representations and warranties, and conducting pre-acquisition compromise assessments. After closing, we work with the acquiring entity to develop an appropriate plan to integrate the target.
  • Developing vendor management and technology contract programs, as well as negotiating significant agreements, such as those involving cloud-based services and new payment card security technology.
  • Developing cybersecurity enterprise risk management programs by working with entities, executive management teams, audit committees and boards of directors. These programs include implementing components of reasonable security, building a cybersecurity road map and conducting cybersecurity maturity assessments.
Industries
  • Hospitality
  • Restaurants
  • Retail
  • Education
  • Insurance
  • Technology
  • Financial services
  • Community banks
  • Credit unions
  • Professional services
  • Energy and utilities
     

Select Experience

  • Incident response and post-disclosure counsel for Marriott Hotels regarding the Starwood Hotels guest record security incident that was disclosed in 2018.
  • Incident response counsel to restaurant and hotel franchisors involving matters in which the franchisor worked with hundreds of its franchisees to identify, investigate and provide notification of payment card security incidents. We advised in resulting litigation, payment card network liability assessments, regulatory inquiries and post-incident payment technology security enhancement efforts with franchisees.
  • Engaged by a credit reporting agency in September 2017 to provide legal advice regarding aspects of its response to a significant security incident.
More »

Professionals

Name Title Office Email
Joseph L. Bruemmer
Cincinnati
+1.513.929.3410
Partner
Joseph L. Bruemmer
Partner Cincinnati
Craig C. Carpenter
Dallas
+1.214.210.1224
Partner
Craig C. Carpenter
Partner Dallas
Ryan M. Christian
Atlanta
+1.404.256.8234
Counsel
Ryan M. Christian
Counsel Atlanta
Allison R. Clark
Dallas
+1.214.210.1132
Associate
Allison R. Clark
Associate Dallas
Adam I. Cohen
New York
+1.212.589.4629
Counsel
Adam I. Cohen
Counsel New York
Pierce T. Cox
Houston
+1.713.646.1325
Associate
Pierce T. Cox
Associate Houston
Elise R. Elam
Cincinnati
+1.513.929.3490
Associate
Elise R. Elam
Associate Cincinnati
Bianca Evans
Philadelphia
+1.215.564.1891
Associate
Bianca Evans
Associate Philadelphia
Gerald J. Ferguson
New York
+1.212.589.4238
Partner
Gerald J. Ferguson
Partner New York
Michael E. Fitzgerald
Philadelphia
+1.215.564.2740
Associate
Michael E. Fitzgerald
Associate Philadelphia
Jonathan A. Forman
New York
+1.212.847.2855
Partner
Jonathan A. Forman
Partner New York
Sara M. Goldstein
Philadelphia
+1 215.564.1572
Partner
Sara M. Goldstein
Partner Philadelphia
May Tal Gongolevsky
New York
+1.212.589.4213
Partner
May Tal Gongolevsky
Partner New York
Kimberly C. Gordy
Houston / Seattle
+1.713.646.1360 / +1.206.566.7091
Partner
Kimberly C. Gordy
Partner Houston
Alissamariah Gutierrez
Atlanta
+1.404.946.9819
Associate
Alissamariah Gutierrez
Associate Atlanta
Patrick H. Haggerty
Cincinnati
+1.513.929.3412
Partner
Patrick H. Haggerty
Partner Cincinnati
Sherman G. Helenese
Seattle
+1.206.566.7099
Counsel
Sherman G. Helenese
Counsel Seattle
Craig A. Hoffman
Cincinnati
+1.513.929.3491
Partner
Craig A. Hoffman
Partner Cincinnati
Andreas T. Kaltsounis
Seattle
+1.206.566.7080
Partner
Andreas T. Kaltsounis
Partner Seattle
Kiley C. Keefe
Dallas
+1.214.210.1140
Associate
Kiley C. Keefe
Associate Dallas
Theodore J. Kobus III
New York
+1.212.271.1504
Partner
Theodore J. Kobus III
Partner New York
M. Scott Koller
Los Angeles
+1.310.979.8427
Partner
M. Scott Koller
Partner Los Angeles
Amy L. Lenz
Chicago
+1.312.416.6220
Associate
Amy L. Lenz
Associate Chicago
Courtney L. Litchfield
Chicago
+1.312.416.6236
Associate
Courtney L. Litchfield
Associate Chicago
Jessica S. Lowery
Houston
+1.713.646.1386
Associate
Jessica S. Lowery
Associate Houston
Edward McAndrew
Philadelphia / Wilmington
+1.215.564.8386 / +1.302.319.3297
Partner
Edward McAndrew
Partner Philadelphia
Marcus McCutcheon
Costa Mesa
+1.714.966.8811
Counsel
Marcus McCutcheon
Counsel Costa Mesa
Thomas I. Moran II
Cleveland
+1.216.861.7142
Associate
Thomas I. Moran II
Associate Cleveland
Eric A. Packel
Philadelphia
+1.215.564.3031
Partner
Eric A. Packel
Partner Philadelphia
David H. Potter
Chicago
+1.312.416.6278
Associate
David H. Potter
Associate Chicago
Jordan Sinclair Senior
Houston
+1.713.646.1305
Associate
Jordan Sinclair Senior
Associate Houston
Jeewon K. Serrato
San Francisco
+1.415.659.2620
Partner
Jeewon K. Serrato
Partner San Francisco
Lynn Sessions
Houston
+1.713.646.1352
Partner
Lynn Sessions
Partner Houston
James A. Sherer
New York
+1.212.589.4279
Partner
James A. Sherer
Partner New York
David Sherman
Philadelphia
+1.215.564.8380
Partner
David Sherman
Partner Philadelphia
Mark E. Smith
Houston
+1.713.646.1385
Partner
Mark E. Smith
Partner Houston
Nichole L. Sterling
New York
+1.212.589.4282
Partner
Nichole L. Sterling
Partner New York
Vaughn Stupart
Cincinnati
Associate
Vaughn Stupart
Associate Cincinnati
Aleksandra Vold
Chicago
+1.312.416.6249
Partner
Aleksandra Vold
Partner Chicago
Jacob T. Wall
Seattle
+1.206.566.7147
Associate
Jacob T. Wall
Associate Seattle
Benjamin D. Wanger
Philadelphia
+1.215.564.1601
Counsel
Benjamin D. Wanger
Counsel Philadelphia
Elana Weinblatt
Philadelphia
+1.215.564.2097
Associate
Elana Weinblatt
Associate Philadelphia
Brittany A. Yantis
Washington, D.C.
+1.202.861.1525
Associate
Brittany A. Yantis
Associate Washington, D.C.
Daniel Yosef
Los Angeles
+1.310.979.8410
Associate
Daniel Yosef
Associate Los Angeles

Experience

  • Incident response and post-disclosure counsel for Marriott Hotels regarding the Starwood Hotels guest record security incident that was disclosed in 2018.
  • Incident response counsel to restaurant and hotel franchisors involving matters in which the franchisor worked with hundreds of its franchisees to identify, investigate and provide notification of payment card security incidents. We advised in resulting litigation, payment card network liability assessments, regulatory inquiries and post-incident payment technology security enhancement efforts with franchisees.
  • Engaged by a credit reporting agency in September 2017 to provide legal advice regarding aspects of its response to a significant security incident.
  • Preparing incident response plans and conducting incident response training and tabletop exercises for response teams, executives and board members.
  • Advising restaurants, hotels and retailers on authentication measures, payment acceptance and loyalty programs for their web and mobile apps.
  • Conducting pre- and post-acquisition due diligence and compromise assessments of hotels, restaurants and technology service providers.
  • Engaging security firms to conduct red team exercises, penetration tests, compromise assessments, security risk assessments and cybersecurity maturing assessments.

Recognition

  • Selected as a 2020-2021 “Pacesetter” in Cybersecurity Services by ALM Intelligence Pacesetter Research
  • BTI Powerhouse for Cybersecurity Litigation (2022)
  • BTI Cybersecurity Powerhouse (2020)
  • BTI CyberSavvy Law Firm (2020)
  • Chambers Global
    • Privacy & Data Security: The Elite (USA) (2022)
    • Privacy & Data Security (USA) (2014 to 2021)
    • Privacy & Data Security: Healthcare Spotlight Table – Nationwide (2018 to 2022)
  • Chambers Fintech
    • Legal – USA (2018 to 2021)
  • Chambers USA
    • Advertising: Transactional & Regulatory – Nationwide (2018 to 2021)
    • Privacy & Data Security: The Elite – Nationwide (2021)
    • Privacy & Data Security – Nationwide (2013 to 2020)
    • Privacy & Data Security: Healthcare Spotlight Table – Nationwide (2018 to 2021)
  • Chambers USA Award: “Privacy & Data Security Team of the Year” finalist (2015, 2017)
  • The Legal 500 United States
    • Media, Technology and Telecoms: Advertising and Marketing: Transactional and Regulatory (2018 to 2021)
    • Media, Technology and Telecoms: Cyber law (including data privacy and data protection) (2021)
    • Media, Technology and Telecoms: Cyber Law (2016 to 2020)
    • Media, Technology and Telecoms: Data Privacy and Data Protection (2016 to 2020)
  • Law360: Privacy "Practice Group of the Year" (2013 to 2015, 2018)
  • Selected for Vault’s Guide to Legal Practice Areas
    • Privacy and Data Security (2017 to 2021)

News

News

Press Releases

Publications

Alerts

Articles

Podcasts

Blog Posts

Events

Related Services

Key Contacts

Blog

In The Blogs

Previous Next
Data Counsel
2023 DSIR Report Deeper Dive: U.S. Employee Privacy Developments
By Frederick C. Bingham, Jennifer L. Mitchell, Justin T. Yedor
May 30, 2023
Among the many developments in data privacy regulation that took place over the past year, new requirements relating to employee personal information in California and New York have deservedly received a lot of attention. Meanwhile...
Read More ->
Data Counsel
New York State Adds Health Care Geofencing Prohibition, Taking a More Measured Approach Than Washington's Similar Ban
By Andreas T. Kaltsounis, Nichole L. Sterling
May 25, 2023
As part of the health budget bill signed by Governor Hochul in early May, New York has amended its General Business Law, introducing a prohibition on geofencing of health care facilities that goes into effect on July 2, 2023 – just three...
Read More ->
Data Counsel
Deeper Dive into the Data
By Elise R. Elam
May 23, 2023
Every year, BakerHostetler collects and analyzes various metrics about the incident response matters we handle. In 2022, we handled over 1,160 incidents. The most striking trends we saw across those incidents were an overall increase in...
Read More ->
Data Counsel
FTC Issues Warning on Use of Biometric Information
By Bonnie Keane DelGobbo, Joel Griswold
May 19, 2023
On May 18, 2023, the Federal Trade Commission (FTC) issued a Policy Statement on Biometric Information and Section 5 of the FTC Act (Policy Statement). Section 5 of the FTC Act, 15 U.S.C. § 45, prohibits “unfair or deceptive practices in...
Read More ->
Data Counsel
Welcome to our 9th annual Data Security Incident Response Report!
By Theodore J. Kobus III
April 27, 2023
We are now three years post pandemic, and while a lot has changed, some things remain the same. Last year, I talked about resilience—the uncertainties of the pandemic were still present, the war in Ukraine had just begun, and businesses...
Read More ->

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity

LinkedIn Twitter Facebook Instagram Youtube RSS
Subscribe »
© 2023 Baker & Hostetler LLP