Privacy and Data Protection

"A collection of very smart and conscientious lawyers who think things through in a very meticulous way."

– Chambers USA 2015

Our nationally recognized BakerHostetler Privacy and Data Protection team, with more than 40 lawyers, combines multidisciplinary legal skills with deep industry, technical and regulatory experience to deliver comprehensive, practical, and trusted guidance to companies in six key areas:

A longtime leader in this practice area, we represent companies from all tiers of the Fortune 500 as well as hospitals, universities, small and midsize businesses, emerging technology companies and state and municipal entities. Our experienced team members practice in key locations across the United States and have global capabilities, maintaining strategic partnerships with lawyers, security firms and risk management companies around the world.

Nationwide Reach, Comprehensive Service >>

Recognition

Chambers USA ranks us in its 2015 edition, recognizing our “longstanding expertise in major data breaches” and “significant regulatory practice.” According to the guide, clients say we are “a collection of very smart and conscientious lawyers who think things through in a very meticulous way” and note that “[t]hey put the right people on the team. They were also very responsive and really listened to us.” Clients tell Chambers that our team’s national leader, Ted Kobus, is “one of the best around and has a great and expanding team.” Chambers also nominated us with a select group of firms for a 2015 Chambers USA Award as “Privacy and Data Security Team of the Year” for our outstanding work, strategic growth, and client service excellence during 2014.

Law360 recognized our team as one of the nation’s best practices when it selected us as one of its Practice Groups of the Year for Privacy in three consecutive years, 2013, 2014 and 2015. In addition, partner Craig Hoffman was selected by Law360 as one of three 2015 Privacy Rising Stars. Our team’s co-leader, Ted Kobus, was named a Law360 MVP for Privacy and Consumer Protection in 2013 and our Class Action Defense team leader, Paul Karlsgodt, was named a Law360 MVP for Privacy and Consumer Protection in 2014 and 2015.

Industry Focus

We work with clients across a broad range of industries and have particular experience with the following:

Select Experience

  • Premera Blue Cross, handling its incident response and regulatory and class action defense with regard to the largest incident involving medical information ever reported.
  • Schnuck Markets, Inc. as overall incident response counsel on all matters arising from its disclosure that up to 2.4 million payment cards were at risk from a cyberattack, including addressing regulatory investigations, obtaining a declaration from the Missouri Attorney General that Schnuck did not violate any data security laws, defending multiple consumer putative class actions, defending a putative class action brought on behalf of banks that issued affected payment cards, addressing card network liability assessment demands and bringing a successful suit against Schnuck’s acquiring bank and payment processor to enforce a limitation-of-liability provision in the merchant services agreement.
  • Eisenhower Medical Center, acting as lead counsel in a California Confidentiality of Medical Information Act (CMIA) case arising out of thefts of computers, one of which contained index information for more than 500,000 patients, obtaining a favorable ruling from the California Court of Appeal that the patient index information is not “medical information” as defined under the CMIA, leading to a voluntary dismissal by the plaintiffs, with no payment by Eisenhower, after the California Supreme Court denied review and remanded the case to the trial court.
  • A Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations and incident response.
More »

Professionals

Name Title Office Email
Fernando A. Bohorquez Jr. Partner New York
David M. Brown Associate Philadelphia
Jessica Captain Novick Partner Orlando
David A. Carney Partner Cleveland
Teresa C. Chow Partner Los Angeles
Casie D. Collignon Partner Denver
William R. Daugherty Counsel Houston
Carrie Dettmer Slye Associate Cincinnati
Vimala Devassy Counsel Atlanta
Emily R. Fedeles Associate New York
Jenna N. Felz Associate New York
Gerald J. Ferguson Partner New York
Amy E. Fouts Partner Atlanta
Alan L. Friel Partner Los Angeles
Randal L. Gainer Partner Seattle
Lisa M. Ghannoum Partner Cleveland
Daniel J. Guttman Partner Columbus
Patrick H. Haggerty Partner Cincinnati
Mark Hatcher Partner Columbus
Craig A. Hoffman Partner Cincinnati
Lindsay P. Holmes Associate Washington, D.C.
Paul G. Karlsgodt Partner Denver
Gilbert S. Keteltas Partner Washington, D.C.
Theodore J. Kobus III Partner New York
M. Scott Koller Counsel Los Angeles
Michael R. Matthias Partner Los Angeles
Melinda L. McLellan Counsel New York
Kathryn C. Mellinger Associate Philadelphia
Jennifer A. Mills Partner Cleveland
Jonathan B. New Partner New York
Eric A. Packel Counsel Philadelphia
Suchismita Pahi Associate Houston
Alan M. Pate Associate New York
F. Paul Pittman Associate Cincinnati
Frank A. Pugliese Partner New York
Robert T. Razzano Partner Cincinnati
Chad A. Rutkowski Partner Philadelphia
Lynn Sessions Partner Houston
James A. Sherer Counsel New York
Douglas L. Shively Associate Cleveland
Richard W. Siehl Partner Columbus
James A. Slater Partner Cleveland
Maryanne Stanganelli Associate New York
Paulette M. Thomas Counsel Cincinnati
Daniel R. Warren Partner Cleveland
Robert M. Wolin Partner Houston
Gonzalo S. Zeballos Partner New York

Experience

  • Premera Blue Cross, handling its incident response and regulatory and class action defense with regard to the largest incident involving medical information ever reported.
  • Schnuck Markets, Inc. as overall incident response counsel on all matters arising from its disclosure that up to 2.4 million payment cards were at risk from a cyberattack, including addressing regulatory investigations, obtaining a declaration from the Missouri Attorney General that Schnuck did not violate any data security laws, defending multiple consumer putative class actions, defending a putative class action brought on behalf of banks that issued affected payment cards, addressing card network liability assessment demands and bringing a successful suit against Schnuck’s acquiring bank and payment processor to enforce a limitation-of-liability provision in the merchant services agreement.
  • Eisenhower Medical Center, acting as lead counsel in a California Confidentiality of Medical Information Act (CMIA) case arising out of thefts of computers, one of which contained index information for more than 500,000 patients, obtaining a favorable ruling from the California Court of Appeal that the patient index information is not “medical information” as defined under the CMIA, leading to a voluntary dismissal by the plaintiffs, with no payment by Eisenhower, after the California Supreme Court denied review and remanded the case to the trial court.
  • A Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations and incident response.
  • A multibillion-dollar financial and commodity derivatives exchange, as global privacy and incident response counsel, including developing a coordinated incident response plan, preparing “playbooks” for different incident response team disciplines, vetting and advising on the selection of incident response service providers and working with the incident response team to investigate and resolve suspected data breaches.
  • Both cloud service providers and enterprise purchasers, including Software as Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS), conducting due diligence and negotiating more than 100 cloud computing transactions.

Recognition

  • Chambers Global: Privacy & Data Protection (USA) (2014 to 2016)
  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2016)
    • Recommended for Client Service (2013)
    • Recommended for Commercial Awareness (2013)
  • The Legal 500 United States (2016)
    • Media, Technology and Telecoms: Cyber law
    • Media, Technology and Telecoms: Data protection and privacy
  • Law 360: Privacy "Practice Group of the Year" (2013 to 2015)
  • BTI Client Service 30: BakerHostetler advanced 19 positions to #9 (2016)
  • The Best Lawyers in America© (2016)
    • 2 lawyers named in Privacy and Data Security Law

News

Press Releases

Alerts

Articles

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Tales from the Trenches: Lessons Learned from the Ashley Madison Data Breach
September 20, 2016
In July 2015, the online cheating website Ashley Madison was hacked and data pertaining to its 37 million users were published online. The story made headlines given the sensitive nature of the information exposed, the number of people...
Read More ->
Data Privacy Monitor
Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity
August 24, 2016
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card...
Read More ->
Data Privacy Monitor
A Closer Look at the OCR’s Guidance on Ransomware
August 22, 2016
In the wake of several high-profile ransomware infections targeting hospitals and health care organizations, the Department of Health and Human Services Office for Civil Rights (OCR) has issued guidance on the growing threat of ransomware...
Read More ->
Data Privacy Monitor
OCR to Increase Efforts to Investigate Breaches Affecting Fewer Than 500 Individuals
August 19, 2016
The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and Accountability...
Read More ->
Data Privacy Monitor
Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act
By William R. Daugherty
August 18, 2016
On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in...
Read More ->