Energy Industry Cybersecurity and Event Response

Overview

Energy companies, like all businesses, are susceptible to cybersecurity attacks, data breaches, catastrophic events, and environmental emergency situations. There is an increased focus on ensuring security and protecting the nation’s critical infrastructure, particularly energy-related infrastructure such as generators, pipelines, and electronic networks, from destructive cyber and physical attacks.

As a premier national energy practice, BakerHostetler has earned a reputation within the energy industry for providing exceptional work and obtaining favorable results. Because we have an on-the-ground presence where many of our clients’ operations are located, we are able to immediately assess a situation and respond as necessary. Many of our attorneys have energy-specific degrees or have worked in-house with major energy companies, which gives us inside knowledge and hands-on experience to handle energy emergencies with assured and practical advice.

We represent a wide range of clients in the energy industry, including:

  • Oil and gas companies
  • Pipeline companies
  • Project owners, developers, and contractors
  • Oil field service companies
  • Mining and metals companies
  • Landowners
  • Governmental agencies
  • Private equity funds
  • Venture capital firms
  • Financial institutions and lenders
  • Investors
  • REITs

BakerHostetler has more than 80 lawyers across the nation who focus principally on clients in various sectors of the energy industry. Our energy lawyers represent producers, operators, service companies, and landowners throughout the country in connection with litigation, arbitration, and dispute resolution arising out of various emergencies, including data breaches, security incidents, releases, oil spills, blowouts, pipeline disasters, mechanical failures, and electrocutions. We not only assist with immediate emergency response needs, but also with any litigation arising out of the emergency. We have handled claims involving international and maritime laws, toxic torts, product liability, personal injury, class actions, workers’ compensation, and wrongful death.

More »

We also have one of the country’s largest and most comprehensive teams focused on data privacy and information security, partnering with clients to help them mitigate reputational and financial risks of cyber- and physical security. We have helped clients recover from more than 750 data breaches, including 175 responses in the past year – a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.

Data Security Assessment and Response Planning

We work with our energy clients to conduct data security assessments, interviewing business managers, security staff, and information technology managers; reviewing data security policies and procedures; and conducting penetration tests and vulnerability scans. This allows us to help clients identify opportunities to improve the security of their computer networks. We help clients develop response plans in order to enable them to handle security incidents quickly, efficiently, and in a manner that complies with applicable laws while mitigating risk and preserving customer relationships.

24-Hour Data Breach and Catastrophic Event Response

Given the urgency of data breaches, catastrophic events, and other emergency situations, we have assembled an Emergency Response Team that is available to assist clients throughout the country 24 hours a day. Our team is dispatched to the incident site immediately in order to assess the situation, advise on appropriate next steps, and assist with public relations, cleanup, and investigations. We have responded to data breaches, cybersecurity attacks, pipeline disasters, oil spills, blowouts, and chemical plant explosions, among other energy and environmental emergencies.

Reputation Protection

We understand that one of the greatest threats posed by a data security incident, catastrophic event, or environmental disaster is the potential impact on the company’s reputation. While we have hundreds of examples to draw upon to gauge how customers or employees will respond to an incident, we do not push a “one size fits all” approach because we know that each company has unique relationships with its customers and employees. When warranted, we include experienced crisis communications professionals on the incident response team and work with them to frame an internal and external communication strategy that satisfies legal notification obligations, preserves legal defenses, and best positions the company to minimize reputational harm.

Select Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
More »

Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Participated with clients in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pipeline company in claims against a salvage company in connection with damages caused to the client’s offshore pipeline during salvage operations.
  • Prepared policies and procedures for the rollout of a Bring Your Own Device program for a multijurisdictional energy infrastructure company.
  • Counseled a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response. In addition, serve as incident response counsel and have assisted client in preparing its breach response plan.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security- Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, we were named to the 2018 BTI Client Service 30 for the fourth consecutive year.

News

Publications

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Navigating the State Data Breach Laws? An Enhanced Resource is Available
By Julie A. Hein
September 21, 2018
In large security incidents, the differences among state breach notification laws usually do not come into play. In smaller matters, where individuals in only a few states are potentially affected, the differences sometimes result in...
Read More ->
Data Privacy Monitor
The Weekly Privacy Rewind
By Aaron R. Lancaster
September 20, 2018
Class Actions Judge Approves $80M Settlement in Yahoo Data Breach Suit • U.S. District Judge Lucy Koh awarded plaintiffs $80 million in a consolidated class action brought against Yahoo by shareholders resulting from data breaches Yahoo...
Read More ->
Data Privacy Monitor
New Mexico Attorney General Is Turning Up the Heat on Enforcement of Data Privacy Laws
By Sara M. Goldstein, Aaron R. Lancaster
September 18, 2018
With the announcement last week of its new lawsuit against several tech companies for violating Children’s Online Privacy Protection Act (“COPPA”), the FTC Act, and New Mexico’s Unfair Practices Act (“UPA”), the State of New Mexico Office...
Read More ->
Data Privacy Monitor
Is a New Federal Data Privacy Law on the Horizon? The Tech Industry Sure Hopes So
By Sara M. Goldstein, Laura E. Jehl
September 17, 2018
Despite several failed attempts in recent years, there is a new effort underway to enact a federal data privacy law, and it’s being led by a somewhat unlikely source – the tech industry. Although they were resistant to a federal privacy...
Read More ->
Data Privacy Monitor
The Weekly Privacy Rewind
By Aaron R. Lancaster
September 10, 2018
Class Actions Hotel Investment and Management Firm Aimbridge Hospitality LLC Removes Putative Class Action to Federal Court • Hospitality company Aimbridge Hospitality LLC (Aimbridge) removed a putative class action lawsuit by a former...
Read More ->