Incident Response


Our incident response experience is unmatched. We have helped companies respond to more than 3,500 potential incidents, and we provide efficient, tailored, and clear guidance to companies facing an emerging crisis. We know that an effective incident response involves more than just knowing what the law requires ‒ getting the customer relationship issues right is equally important. During the initial stage of a potential incident, we help companies balance their desire to be transparent and reassure their customers and key stakeholders against compliance and risk mitigation concerns by developing and continuously fine-tuning strategic plans to identify, contain, assess, communicate about and remediate the issue.

Time is of critical importance in responding, so we operate a 24/7 incident response hotline that sends our team into action immediately:

Download The 2019 BakerHostetler Data Security Incident Response Report, which provides insights and statistics drawn from the more than 750 incidents we helped clients respond to in 2018.

Businesses, government entities, and public and private institutions now know that security incidents involving unauthorized access to their customer, employee or sensitive business data are inevitable. They need to guard an ever-increasing number of endpoints and manage online access by cloud services and other vendors, while dealing with budgetary constraints and the fact that systems are built and maintained by fallible individuals. We help companies become “compromise ready” by leveraging our unrivaled incident response experience to help them improve the people, processes, and technology they use to safeguard sensitive data. We design our tailored, proactive compliance services to prevent incidents, help companies avoid regulatory scrutiny, and prepare them to respond efficiently and effectively when a potential incident is detected.

Our lawyers, including two CISSPs, have the technical knowledge to help clients with security enhancements such as encryption, tokenization, and point-to-point encryption (P2PE). We help companies enhance their ability to detect and respond to incidents by revising their incident response plans, designing and conducting tabletop exercises featuring realistic mock-breach scenarios, and partnering with forensic and crisis communications firms to provide focused training to their incident response teams. We conduct four-hour workshops on incident response best practices, and have trained more than 100 companies. We also brief and train executive leadership teams and boards of directors.


  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.




In The Blogs

Previous Next
Data Privacy Monitor
CCPA Amendment Progress Report: July Update
By Taylor A. Bloom, Melinda L. McLellan
July 25, 2019
As we reported in April, May and June, a number of potentially significant amendments to the California Consumer Privacy Act (CCPA) continue to make their way through the state legislative process. Below we provide a summary of recent...
Data Privacy Monitor
EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive
By Kyle R. Fath, Melinda L. McLellan
July 17, 2019
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian...
Data Privacy Monitor
FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation
June 21, 2019
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss...
Data Privacy Monitor
Texas Moves Forward With Updates to Breach Notification Law and Institutes Privacy Council to Study Data Privacy Legislation
By Caroline B. Brackeen, William R. Daugherty
June 10, 2019
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers...
Data Privacy Monitor
Attempt to Expand CCPA Private Right of Action Fails, While Bills Exempting Employee Data and Otherwise Refining CCPA Advance
By Taylor A. Bloom, Alan L. Friel, Niloufar Massachi
June 5, 2019
Over the past several weeks, the California State Assembly has voted in favor of advancing to the California Senate bills that would narrow the reach of the California Consumer Privacy Act (CCPA). Senate bills did not fare as well and have...