Compliance Counseling and Risk/Security Assessment


Businesses, government entities, and public and private institutions now know that security incidents involving the unauthorized access to their customer, employee, or sensitive business data are inevitable. They need to guard an ever-increasing number of endpoints and manage online access by cloud services and other vendors while dealing with budgetary constraints and the fact that systems are built and maintained by fallible individuals. We help companies become “compromise ready” by leveraging our unrivaled incident response experience to help them improve the people, processes, and technology they use to safeguard sensitive data. We design our tailored, proactive compliance services to prevent incidents, help companies avoid regulatory scrutiny, and prepare them to respond efficiently and effectively when a potential incident is detected.

Our lawyers, including two CISSPs, have the technical knowledge to help clients with security enhancements such as encryption, tokenization, and point-to-point encryption (P2PE). We help companies enhance their ability to detect and respond to incidents by revising their incident response plans, designing and conducting tabletop exercises featuring realistic mock-breach scenarios, and partnering with forensic and crisis communications firms to provide focused training to their incident response teams. We conduct four-hour workshops on incident response best practices, which we have used to train more than 100 companies. We also brief and train executive leadership teams and boards of directors.


Name Title Office Email
Partner Atlanta


  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.




In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: The Landscape of Healthcare Data Breaches
April 24, 2019
Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health...
Data Privacy Monitor
SEC Updates Data Privacy and Cybersecurity Guidance for Registered Firms
April 22, 2019
On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P –...
Data Privacy Monitor
Deeper Dive: Choose the Right Forensics Firm for the Job
By William R. Daugherty, Eric A. Packel
April 17, 2019
Forensics are a key component of many data incident investigations. The importance of forensics cannot be overstated. In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not...
Data Privacy Monitor
In BIPA's Wake, a Wave of New Biometric Privacy Proposals
By Robyn M. Feldstein, Melinda L. McLellan
April 15, 2019
Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired...
Data Privacy Monitor
Deeper Dive: The Scourge of O365 Incidents
April 11, 2019
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved...