Regulatory Compliance and Defense


Companies across numerous industries face a maze of regulatory schemes regarding customer and patient privacy. We advise clients on how to develop and maintain privacy programs. In addition, we help clients assess privacy impacts and employ privacy by design to balance commercial and consumer interests and to craft transparent, accurate, and customer-friendly notices regarding data practices. Our experience encompasses:

  • PCI
  • The Children’s Online Privacy Protection Act
  • CDA Immunity and DMCA safe harbor
  • TCPA and CAN-SPAM compliance
  • MAP policies and gray market issues
  • FTC matters
  • FCRA
  • Self-Regulatory bodies (NAD, CARU, etc.)
  • California’s Song-Beverly Act

We counsel clients on how to reduce or eliminate risk by reviewing existing policies and procedures as well as vendor agreements that may pose privacy and security risks. We also work with the key personnel who have responsibility for privacy and security, including chief information and privacy officers, marketing team leaders, compliance officers, and in-house legal teams. We maintain strong relationships with state attorneys general and with other regulatory officials. This enables us to deal efficiently with investigatory inquiries, often resulting in positive dispositions, including the conclusion of investigations without any charges being brought against our clients.


  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.



Featured Video

Ted Kobus: Data Security Incidents: Regulatory Investigations
Play Video
BakerHostetler Partner and National Leader of the Privacy and Data Protection practice discusses what questions regulators ask following an incident, what their expectations are, and the future of these investigations.


In The Blogs

Previous Next
Data Privacy Monitor
Deeper Dive: The Landscape of Healthcare Data Breaches
April 24, 2019
Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health...
Data Privacy Monitor
SEC Updates Data Privacy and Cybersecurity Guidance for Registered Firms
April 22, 2019
On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P –...
Data Privacy Monitor
Deeper Dive: Choose the Right Forensics Firm for the Job
By William R. Daugherty, Eric A. Packel
April 17, 2019
Forensics are a key component of many data incident investigations. The importance of forensics cannot be overstated. In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not...
Data Privacy Monitor
In BIPA's Wake, a Wave of New Biometric Privacy Proposals
By Robyn M. Feldstein, Melinda L. McLellan
April 15, 2019
Over the past year, a host of new national, state and local laws have been introduced to regulate the collection and use of biometric information. Although these proposals vary in their requirements, certain elements appear to be inspired...
Data Privacy Monitor
Deeper Dive: The Scourge of O365 Incidents
April 11, 2019
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved...