Energy Industry Cybersecurity and Event Response

Overview

Energy companies, like all businesses, are susceptible to cybersecurity attacks, data breaches, catastrophic events, and environmental emergency situations. There is an increased focus on ensuring security and protecting the nation’s critical infrastructure, particularly energy-related infrastructure such as generators, pipelines, and electronic networks, from destructive cyber and physical attacks.

As a premier national energy practice, BakerHostetler has earned a reputation within the energy industry for providing exceptional work and obtaining favorable results. Because we have an on-the-ground presence where many of our clients’ operations are located, we are able to immediately assess a situation and respond as necessary. Many of our attorneys have energy-specific degrees or have worked in-house with major energy companies, which gives us inside knowledge and hands-on experience to handle energy emergencies with assured and practical advice.

We represent a wide range of clients in the energy industry, including:

  • Oil and gas companies
  • Pipeline companies
  • Project owners, developers, and contractors
  • Oil field service companies
  • Mining and metals companies
  • Landowners
  • Governmental agencies
  • Private equity funds
  • Venture capital firms
  • Financial institutions and lenders
  • Investors
  • REITs

BakerHostetler has more than 80 lawyers across the nation who focus principally on clients in various sectors of the energy industry. Our energy lawyers represent producers, operators, service companies, and landowners throughout the country in connection with litigation, arbitration, and dispute resolution arising out of various emergencies, including data breaches, security incidents, releases, oil spills, blowouts, pipeline disasters, mechanical failures, and electrocutions. We not only assist with immediate emergency response needs, but also with any litigation arising out of the emergency. We have handled claims involving international and maritime laws, toxic torts, product liability, personal injury, class actions, workers’ compensation, and wrongful death.

More »

We also have one of the country’s largest and most comprehensive teams focused on data privacy and information security, partnering with clients to help them mitigate reputational and financial risks of cyber- and physical security. We have helped clients recover from more than 750 data breaches, including 175 responses in the past year – a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.

Data Security Assessment and Response Planning

We work with our energy clients to conduct data security assessments, interviewing business managers, security staff, and information technology managers; reviewing data security policies and procedures; and conducting penetration tests and vulnerability scans. This allows us to help clients identify opportunities to improve the security of their computer networks. We help clients develop response plans in order to enable them to handle security incidents quickly, efficiently, and in a manner that complies with applicable laws while mitigating risk and preserving customer relationships.

24-Hour Data Breach and Catastrophic Event Response

Given the urgency of data breaches, catastrophic events, and other emergency situations, we have assembled an Emergency Response Team that is available to assist clients throughout the country 24 hours a day. Our team is dispatched to the incident site immediately in order to assess the situation, advise on appropriate next steps, and assist with public relations, cleanup, and investigations. We have responded to data breaches, cybersecurity attacks, pipeline disasters, oil spills, blowouts, and chemical plant explosions, among other energy and environmental emergencies.

Reputation Protection

We understand that one of the greatest threats posed by a data security incident, catastrophic event, or environmental disaster is the potential impact on the company’s reputation. While we have hundreds of examples to draw upon to gauge how customers or employees will respond to an incident, we do not push a “one size fits all” approach because we know that each company has unique relationships with its customers and employees. When warranted, we include experienced crisis communications professionals on the incident response team and work with them to frame an internal and external communication strategy that satisfies legal notification obligations, preserves legal defenses, and best positions the company to minimize reputational harm.

Select Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
More »

Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Participated with clients in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pipeline company in claims against a salvage company in connection with damages caused to the client’s offshore pipeline during salvage operations.
  • Prepared policies and procedures for the rollout of a Bring Your Own Device program for a multijurisdictional energy infrastructure company.
  • Counseled a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response. In addition, serve as incident response counsel and have assisted client in preparing its breach response plan.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security - Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2020 BTI Client Service 30 for the sixth consecutive year.

News

Publications

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Key takeaways for app development and data protection by design from recent enforcement action
By Andreas T. Kaltsounis
February 25, 2020
The Norwegian Data Protection Authority (DPA) recently announced a €200,000 fine against Oslo’s municipal education agency for several security flaws associated with an app the agency developed for communications between school employees...
Read More ->
Data Privacy Monitor
Entering the '20s – A New Era for Data Breach Class Actions?
By David A. Carney, Casie D. Collignon, Paul G. Karlsgodt, Christopher A. Wiech
February 21, 2020
As we move into a new decade, it has become clear that data breach litigation is here to stay. Last year brought us several incremental developments in the data breach litigation landscape but no paradigm shift in the way data breach class...
Read More ->
Data Privacy Monitor
Powerful Protection: The Healthcare Privacy and Compliance Team
By Lynn Sessions
February 13, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Asset and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->
Data Privacy Monitor
The Privacy Governance and Technology Transactions Team
By Janine Anthony Bowen, Melinda L. McLellan
February 7, 2020
The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Assets and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on...
Read More ->
Data Privacy Monitor
Version of Proposed CCPA Regulations Available
By Alan L. Friel
February 7, 2020
On February 7, 2020 the California Attorney General published a second version of the proposed regulations to implement the California Consumer Protection Act available here. A redline against the first draft is available here. A new...
Read More ->