Privacy and Data Protection – Critical Infrastructure

Overview

A cybersecurity incident that affects the critical infrastructure system, including energy generation and distribution facilities, transportation, the Web and other information providers, and financial markets and institutions, could undermine the functioning of the global economy and the well-being of the international community. The need for businesses, organizations, and governmental agencies that comprise the critical infrastructure to be compromise ready is extremely urgent, as they present attractive targets to bad actors sponsored by hostile governments or by independent criminal or terrorist groups. In addition, the government is increasingly concerned and has been taking steps to craft a national policy.

Our lawyers regularly advise players in these key industries, as to both preparation for and prevention of incidents and as to compliance with laws and regulations intended to make our critical infrastructure more secure. They also have experience handling the legal fallout from major incidents and emergencies affecting critical infrastructure clients.

Select Experience

  • Represented a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response.
  • Represented a multijurisdictional energy infrastructure company, preparing policies and procedures for the rollout of a Bring Your Own Device program.
  • Represented clients participating in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pressure control system manufacturer after a well blowout that killed two members of the energy crew, injured two others, and destroyed the workover rig.
More »

Experience

  • Represented a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response.
  • Represented a multijurisdictional energy infrastructure company, preparing policies and procedures for the rollout of a Bring Your Own Device program.
  • Represented clients participating in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represtened a pressure control system manufacturer after a well blowout that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Represented a pipeline company in claims against a salvage company for damages incurred to the client’s offshore pipeline during a salvage operation.
  • Represented an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Represented critical infrastructure clients in the oversight of pipeline spill response actions following releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security- Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.

Publications

Blog

In The Blogs

Previous Next
Data Privacy Monitor
CCPA Amendment Progress Report: July Update
By Taylor A. Bloom, Melinda L. McLellan
July 25, 2019
As we reported in April, May and June, a number of potentially significant amendments to the California Consumer Privacy Act (CCPA) continue to make their way through the state legislative process. Below we provide a summary of recent...
Read More ->
Data Privacy Monitor
EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive
By Kyle R. Fath, Melinda L. McLellan
July 17, 2019
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian...
Read More ->
Data Privacy Monitor
FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation
June 21, 2019
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss...
Read More ->
Data Privacy Monitor
Texas Moves Forward With Updates to Breach Notification Law and Institutes Privacy Council to Study Data Privacy Legislation
By Caroline B. Brackeen, William R. Daugherty
June 10, 2019
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers...
Read More ->
Data Privacy Monitor
Attempt to Expand CCPA Private Right of Action Fails, While Bills Exempting Employee Data and Otherwise Refining CCPA Advance
By Taylor A. Bloom, Alan L. Friel, Niloufar Massachi
June 5, 2019
Over the past several weeks, the California State Assembly has voted in favor of advancing to the California Senate bills that would narrow the reach of the California Consumer Privacy Act (CCPA). Senate bills did not fare as well and have...
Read More ->