Privacy and Data Protection

Overview

“Noted for its strength in litigation and defending regulatory investigations, and sought after for its wide-ranging compliance advice. Maintains a strong reputation for its standout breach response practice.”

– Chambers USA 2019

Privacy and data security are enterprise-wide issues that impact nearly every area of a company’s operations. ­Clients of our ranked and award-winning BakerHostetler Privacy and Data Protection team count on us to continue to learn, grow and adapt to meet their needs in this constantly evolving area. Our core team of attorneys are not generalists, but rather focus on serving specific industries or issues so that we can deliver practical and service-oriented counseling.

We serve clients from all tiers of the Fortune 500, as well as health systems, universities, small and midsize businesses, emerging technology companies, and state and municipal entities. Our team members are located in key cities across the United States and have global reach by maintaining strategic partnerships with lawyers, security firms and risk management companies around the world.

Where does our competitive difference come from? It is our experience and our approach. Our attorneys are on-site at client locations hundreds of days a year proactively training incident response teams, conducting security and risk assessments, working through incidents, advising executive leadership teams and boards, preparing witnesses for depositions and regulatory investigations, and providing advice on new initiatives and transactions. We lead clients through the response to hundreds of potential security incidents a year. We respond to dozens of regulatory inquiries and defend dozens of lawsuits. Insights generated from our experience in incident response are set forth in our annual BakerHostetler Data Security Incident Response Report.

In a practice area where experience truly matters and clients expect efficient, tailored and clear advice, our depth of experience is difficult to match. We deliver comprehensive and trusted guidance across seven key areas of service:

Industry Focus

We work with clients across a broad range of industries and have particular experience with the following:

Select Experience

  • Defending a major casual dining restaurant chain with more than 400 locations and franchises around the world in a class action brought under the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs allege employee fingerprints were improperly collected and stored.
  • Representing a leading worldwide consumer credit reporting agency regarding payment card exposure issues following a data breach.
  • Advising an international hotel chain after a payment card security incident that affected more than 300 properties worldwide.
  • Defending an auto company in a consumer class action involving potential violations of the Telephone Consumer Protection Acts.
  • Advising a leading United States airline and the world’s largest low-cost carrier regarding the potential effect of the General Data Protection Regulation (GDPR) on European ticket purchasers.
More »

Professionals

Name Title Office Email
Associate New York
Associate Cincinnati
Counsel Cleveland
Associate Costa Mesa
Partner New York
Partner Atlanta
Associate Houston
Associate Cleveland
Associate Denver
Counsel Cincinnati
Partner Orlando
Associate Houston
Partner Cleveland
Partner Los Angeles
Partner Houston
Partner Denver
Partner Atlanta
Partner Houston
Associate Cincinnati
Counsel Atlanta
Counsel Washington, D.C.
Associate New York
Associate New York
Associate New York
Partner New York
Associate Washington, D.C.
Counsel New York
Partner Atlanta
Partner Los Angeles
Partner Cleveland
Partner New York
Associate Philadelphia
Partner New York
Associate Houston
Associate Atlanta
Partner Chicago
Partner Cincinnati
Associate Cincinnati
Partner Cincinnati
Partner Atlanta
Partner Washington, D.C.
Partner Seattle
Partner Denver
Partner Washington, D.C.
Partner Cleveland
Partner New York
Partner Los Angeles
Associate New York
Associate Seattle
Associate Chicago
Associate Los Angeles
Associate Washington, D.C.
Partner New York
Partner Cleveland
Partner Washington, D.C.
Counsel Chicago
Partner Philadelphia
Counsel Washington, D.C.
Partner Philadelphia
Counsel Philadelphia
Partner New York
Partner Cleveland
Associate New York
Associate Atlanta
Associate Costa Mesa
Partner Houston
Partner Washington, D.C.
Partner New York
Partner Cleveland
Partner Washington, D.C.
Partner Cleveland
Associate New York
Associate Seattle
Counsel Cincinnati
Associate Denver
Counsel Philadelphia
Counsel Chicago
Associate Los Angeles
Partner Cleveland
Associate Houston
Partner Atlanta
Partner Houston
Partner Washington, D.C.

Experience

  • Defending a major casual dining restaurant chain with more than 400 locations and franchises around the world in a class action brought under the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs allege employee fingerprints were improperly collected and stored.
  • Representing a leading worldwide consumer credit reporting agency regarding payment card exposure issues following a data breach.
  • Advising an international hotel chain after a payment card security incident that affected more than 300 properties worldwide.
  • Defending an auto company in a consumer class action involving potential violations of the Telephone Consumer Protection Acts.
  • Advising a leading United States airline and the world’s largest low-cost carrier regarding the potential effect of the General Data Protection Regulation (GDPR) on European ticket purchasers.
  • Advising a casual dining restaurant chain based in the United States and with operations worldwide, on GDPR issues in connection with potential expansion to United Kingdom.
  • Representing an American movie theater chain in an investigation by the Office of the Attorney General of the State of New York involving a mobile application that was potentially vulnerable to eavesdropping, which could have resulted in user information being intercepted, viewed or modified.
  • Secured complete dismissal in putative class action alleging Cleveland Clinic Foundation and MD Anderson Cancer Center violated state and federal laws by transmitting information about consumers’ browsing history to Facebook. Handled incident response and regulatory and class action defense for Premera Blue Cross, after the largest cybersecurity incident involving medical information ever reported.
  • Represented Schnuck Markets in all matters arising from a cybersecurity breach involving as many as 2.4 million credit cards. We obtained a declaration from the Missouri Attorney General that Schnuck did not violate any data security laws, are defending Schnuck in multiple class actions and have sued Schnuck’s acquiring bank and payment processor to enforce the merchant services agreement.
  • On behalf of Eisenhower Medical Center, obtained a favorable ruling from the California Courts of Appeal that patient index data is not “medical information” as defined under the California Confidentiality of Medical Information Act (CMIA), after a theft of computers containing index data for more than 500,000 patients. Plaintiffs subsequently withdrew their lawsuit, with no payment by the medical center.

Recognition

  • Chambers Global: Privacy & Data Protection (USA) (2014 to 2019)
  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2019)
    • Chambers USA Privacy and Data Security - Healthcare Spotlight Table (2018 to 2019)
    • Chambers USA Award: “Privacy & Data Security Team of the Year” finalist (2015, 2017)
  • Chambers Fintech: Legal – USA (2019)
    • Band 4
  • The Legal 500 United States (2016 to 2019)
    • Media, Technology and Telecoms: Data Privacy and Data Protection, Tier 1
    • Media, Technology and Telecoms: Cyber Law, Tier 2
  • Law360: Privacy "Practice Group of the Year" (2013 to 2015, 2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.

News

News

Press Releases

Publications

Alerts

Articles

Blog Posts

Events

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
IAB Unveils Solution for Interest-Based Advertising and CCPA "Do Not Sell" Right
By Kyle R. Fath, Gerald J. Ferguson, Alan L. Friel, Linda A. Goldstein
September 19, 2019
On September 17, 2019, numerous stakeholders in the digital advertising industry – including publishers, advertisers/brands, AdTech companies and law firms (including numerous representatives from BakerHostetler) – convened at the...
Read More ->
Data Privacy Monitor
CCPA Exceptions: What Qualifies as Activity ‘Wholly Outside' of California?
By Arielle L. Brown, Melinda L. McLellan
September 18, 2019
Much has been said about the scope of the California Consumer Privacy Act (CCPA) and the far-reaching implications the law will have on businesses throughout the United States. Although it is true that the territorial reach of the law is...
Read More ->
Data Privacy Monitor
CCPA Amendments – Where They Stand Today
By Taylor A. Bloom, Alan L. Friel
September 17, 2019
A little more than 100 days prior to the effective date of the California Consumer Privacy Act (CCPA), six amendments (A.B. 25, A.B. 874, AB 1146, A.B. 1202, A.B. 1355 and A.B. 1564) to the act were approved by California lawmakers at the...
Read More ->
Data Privacy Monitor
Just How Far Does California's New IoT Security Law Reach?
By Daniel A. Pepper
September 13, 2019
On January 1, 2020, California’s new Internet of Things (IoT) Security Law goes into effect. The law is the first IoT-specific security law in the United States and, simply put, requires all IoT devices sold in California to be equipped...
Read More ->
Data Privacy Monitor
Less Than a Month to Go Until Nevada Privacy Law Effective Date
By Alan L. Friel, Shea M. Leitch
September 12, 2019
As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received...
Read More ->