Incident Response


Our incident response experience is unmatched. We have helped companies respond to more than 3,500 potential incidents, and we provide efficient, tailored, and clear guidance to companies facing an emerging crisis. We know that an effective incident response involves more than just knowing what the law requires ‒ getting the customer relationship issues right is equally important. During the initial stage of a potential incident, we help companies balance their desire to be transparent and reassure their customers and key stakeholders against compliance and risk mitigation concerns by developing and continuously fine-tuning strategic plans to identify, contain, assess, communicate about and remediate the issue.

Time is of critical importance in responding, so we operate a 24/7 incident response hotline that sends our team into action immediately:

Download The 2019 BakerHostetler Data Security Incident Response Report, which provides insights and statistics drawn from the more than 750 incidents we helped clients respond to in 2018.

Businesses, government entities, and public and private institutions now know that security incidents involving unauthorized access to their customer, employee or sensitive business data are inevitable. They need to guard an ever-increasing number of endpoints and manage online access by cloud services and other vendors, while dealing with budgetary constraints and the fact that systems are built and maintained by fallible individuals. We help companies become “compromise ready” by leveraging our unrivaled incident response experience to help them improve the people, processes, and technology they use to safeguard sensitive data. We design our tailored, proactive compliance services to prevent incidents, help companies avoid regulatory scrutiny, and prepare them to respond efficiently and effectively when a potential incident is detected.

Our lawyers, including two CISSPs, have the technical knowledge to help clients with security enhancements such as encryption, tokenization, and point-to-point encryption (P2PE). We help companies enhance their ability to detect and respond to incidents by revising their incident response plans, designing and conducting tabletop exercises featuring realistic mock-breach scenarios, and partnering with forensic and crisis communications firms to provide focused training to their incident response teams. We conduct four-hour workshops on incident response best practices, and have trained more than 100 companies. We also brief and train executive leadership teams and boards of directors.


  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.




In The Blogs

Previous Next
Data Privacy Monitor
Just How Far Does California’s New IoT Security Law Reach?
September 13, 2019
On January 1, 2020, California’s new Internet of Things (IoT) Security Law goes into effect. The law is the first IoT-specific security law in the United States and, simply put, requires all IoT devices sold in California to be equipped...
Data Privacy Monitor
Less Than a Month to Go Until Nevada Privacy Law Effective Date
By Alan L. Friel, Shea M. Leitch
September 12, 2019
As discussed in our previous blog post on the topic, Nevada’s amendments to its privacy law are set to go into effect Oct. 1, 2019. Less comprehensive in scope than the much-heralded CCPA, the Nevada privacy law amendment has received...
Data Privacy Monitor
Risk Management Strategies to Reduce Risk Associated with Telehealth
By Paulette M. Thomas
September 11, 2019
The use of technology to provide healthcare has existed for decades; however, recent advances in technology and changes in reimbursement have increased the prevalence of telehealth for diagnosing and treating patients. Telehealth is an...
Data Privacy Monitor
Summer Is Over – It's CCPA and NV Crunch Time
By Alan L. Friel
September 9, 2019
It is less than 120 days until California’s ground-shifting new privacy regimen – the California Consumer Privacy Act (CCPA) – goes into effect. There is only a week left for the Legislature to pass the handful of amendment bills that...
Data Privacy Monitor
Maryland Insurance Administration Issues Breach Notification Bulletin
By Patrick H. Haggerty
September 4, 2019
On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed...