Incident Response


Our incident response experience is unmatched. We have helped companies respond to more than 4,000 potential incidents, and we provide efficient, tailored, and clear guidance to companies facing an emerging crisis. We know that an effective incident response involves more than just knowing what the law requires ‒ getting the customer relationship issues right is equally important. During the initial stage of a potential incident, we help companies balance their desire to be transparent and reassure their customers and key stakeholders against compliance and risk mitigation concerns by developing and continuously fine-tuning strategic plans to identify, contain, assess, communicate about and remediate the issue.

Time is of critical importance in responding, so we operate a 24/7 incident response hotline that sends our team into action immediately:

Download The 2019 BakerHostetler Data Security Incident Response Report, which provides insights and statistics drawn from the more than 750 incidents we helped clients respond to in 2018.

Businesses, government entities, and public and private institutions now know that security incidents involving unauthorized access to their customer, employee or sensitive business data are inevitable. They need to guard an ever-increasing number of endpoints and manage online access by cloud services and other vendors, while dealing with budgetary constraints and the fact that systems are built and maintained by fallible individuals. We help companies become “compromise ready” by leveraging our unrivaled incident response experience to help them improve the people, processes, and technology they use to safeguard sensitive data. We design our tailored, proactive compliance services to prevent incidents, help companies avoid regulatory scrutiny, and prepare them to respond efficiently and effectively when a potential incident is detected.

Our lawyers, including two CISSPs, have the technical knowledge to help clients with security enhancements such as encryption, tokenization, and point-to-point encryption (P2PE). We help companies enhance their ability to detect and respond to incidents by revising their incident response plans, designing and conducting tabletop exercises featuring realistic mock-breach scenarios, and partnering with forensic and crisis communications firms to provide focused training to their incident response teams. We conduct four-hour workshops on incident response best practices, and have trained more than 100 companies. We also brief and train executive leadership teams and boards of directors.


  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.




In The Blogs

Previous Next
Data Privacy Monitor
Refine CCPA Compliance Plan with the Regulations in Mind
November 18, 2019
We previously announced the publication of the first set of proposed regulations that will implement the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. Partner Alan Friel has authored an article published...
Data Privacy Monitor
Children's Privacy Law Updates: Tricks or Treats?
By Carolina A. Alonso
October 31, 2019
It’s finally here! Halloween, the day every kid dreams of for months. It’s a scary time in the world of children’s privacy law – what with the California Consumer Privacy Act (CCPA) lurking around the corner and the specter of FTC...
Data Privacy Monitor
IAB Releases Draft CCPA Compliance Framework for Digital Advertising Industry
By Kyle R. Fath
October 25, 2019
The Interactive Advertising Bureau (IAB) publicly released its draft CCPA Compliance Framework for Publishers and Technology Companies (“Framework”) on Oct. 22, 2019. As we reported here, the Framework is being developed by the IAB and the...
Data Privacy Monitor
A Balancing Act: A Brief Overview of California Privacy Laws
By Kamran Salour
October 23, 2019
The California Consumer Privacy Act (“CCPA”) takes effect on January 1, 2020. The CCPA aims to provide consumers with an unprecedented array of rights concerning the control of their personal information and, correspondingly, imposes an...
Data Privacy Monitor
Just When You Thought It Was Safe to Go Back into the Water – CCPA 2, the Sequel
By Alan L. Friel, Daniel A. Pepper
October 21, 2019
If you’ve been feeling encouraged about your company’s preparation for the California Consumer Privacy Act’s (CCPA) launch on January 1, 2020, you may not want to breathe a sigh of relief just yet. Alastair Mactaggart, the founder and...