Theodore J. Kobus III

He | Him | His

Partner

New York
T +1.212.271.1504
F +1.212.589.4201

"[Ted] has command of the relevant laws and regulatory frameworks. He is also incredibly responsive and available."

— Chambers USA 2022

Overview

Ted has been a leader, mentor and counsellor in the digital risk space for over 15 years. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him and his attorneys with more than 10,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Ted leads the fastest growing practice group at the firm, the Digital Assets and Data Management Practice Group, which was formed in January 2020 and focuses on the data lifecycle.

Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.

Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 300 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.

Under his leadership, the DADM group has garnered ongoing recognition from industry heavyweights such as BTI, Law360, ALM, Vault and others. Ted also provides pertinent quotes and contributions when contacted by major media outlets who are looking for the latest news and trends in privacy and data security. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.

Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and as of January 2023 is serving his third three-year term on the firm's Policy Committee.

Select Experience

  • Led the breach response, regulatory defense and class action defense of a massive credit card breach on behalf of a large, privately held retailer. Guided the client through the initial investigation of a criminal attack and a payment processing network, including the engagement of a forensics team and collaboration with government entities to pursue the attackers. Led the defense against six putative class actions, a single plaintiff lawsuit and inquiries from state attorneys general and the Federal Trade Commission, convincing the regulator not only to close the investigation against the client but to establish the client as a victim in the breach. Developed a strategic plan to defend against lawsuits and actions filed in six different state and federal jurisdictions and negotiated settlements with putative plaintiffs. Continues to defend the client against demands by issuing banks alleging losses related to fraudulent charges and card reissuance costs, and provides guidance to the client regarding obligations held to the payment processor under specific regulations.

  • Leads an engagement with a health system providing advice on breach analysis, notification obligations, crisis management, investigation of incident and regulatory compliance following the theft of computers containing information of approximately 4 million patients. Coordinates the breach investigation, including a forensics team, and leads the breach response, crisis management and the notification of all patients and physicians affected. Leads the post-breach response as well, involving the resolution of patient complaints and regulatory investigations. Assisting and advising the client in responses to investigations initiated by government agencies. Has led the response to nearly half of the 12 largest Health Insurance Portability and Accountability Act breaches announced to date.

  • Led the response efforts to approximately 50 percent of the top 10 healthcare breaches reported to date. Ted represents some of the largest health systems, as well as several of the most highly regarded academic medical centers. He has defended more than 200 investigations brought by all regional offices of the Department of Health and Human Services Office for Civil Rights. He and his team have negotiated more than 10 resolution agreements.

More »

Experience

  • Led the breach response, regulatory defense and class action defense of a massive credit card breach on behalf of a large, privately held retailer. Guided the client through the initial investigation of a criminal attack and a payment processing network, including the engagement of a forensics team and collaboration with government entities to pursue the attackers. Led the defense against six putative class actions, a single plaintiff lawsuit and inquiries from state attorneys general and the Federal Trade Commission, convincing the regulator not only to close the investigation against the client but to establish the client as a victim in the breach. Developed a strategic plan to defend against lawsuits and actions filed in six different state and federal jurisdictions and negotiated settlements with putative plaintiffs. Continues to defend the client against demands by issuing banks alleging losses related to fraudulent charges and card reissuance costs, and provides guidance to the client regarding obligations held to the payment processor under specific regulations.

  • Leads an engagement with a health system providing advice on breach analysis, notification obligations, crisis management, investigation of incident and regulatory compliance following the theft of computers containing information of approximately 4 million patients. Coordinates the breach investigation, including a forensics team, and leads the breach response, crisis management and the notification of all patients and physicians affected. Leads the post-breach response as well, involving the resolution of patient complaints and regulatory investigations. Assisting and advising the client in responses to investigations initiated by government agencies. Has led the response to nearly half of the 12 largest Health Insurance Portability and Accountability Act breaches announced to date.

  • Led the response efforts to approximately 50 percent of the top 10 healthcare breaches reported to date. Ted represents some of the largest health systems, as well as several of the most highly regarded academic medical centers. He has defended more than 200 investigations brought by all regional offices of the Department of Health and Human Services Office for Civil Rights. He and his team have negotiated more than 10 resolution agreements.

  • Defending several Civil Investigative Demands brought by state attorneys general regarding a client's data security practices and compliance with federal and state laws. He and his team have negotiated more than 15 settlements.

  • Represented a financial institution following the discovery of malicious software on an employee workstation computer possibly capturing confidential customer information. Coordinating the breach investigation, response strategy and post-breach response, including the resolution of customer complaints and defense of the investigation by banking regulators.

  • Working with global companies regarding cybersecurity preparation, including facilitating tabletop exercises and developing incident response plans. Ted has conducted breach preparation exercises in various countries outside of the U.S. to address international issues.

Recognitions and Memberships

Recognitions

  • BTI Client Service All-Star (2022)
  • Chambers Global
    • Privacy & Data Security (USA) (2022 to 2023) - Band 2; (2018 to 2021) – Band 3; (2014 to 2017) – Band 4
    • Privacy & Data Security: Incident Response - Spotlight Table (2022 to 2023)
  • Chambers USA
    • Nationwide Privacy & Data Security 
      • Band 2 (2017 to 2022); Band 3 (2013 to 2016)
    • Nationwide Privacy & Data Security: Incident Response
      • Spotlight Table (2021 to 2022)
  • The Legal 500 United States (2016 to 2022)
    • Leading Lawyer in Media, Technology and Telecoms: Cyber law (including data privacy and protection) (2019 to 2022)
    • Recommended in Media, Technology and Telecoms: Cyber law (including data privacy and protection) (2016 to 2018)
  • New York Metro "Super Lawyer" (2018 to 2019)
  • National Law Journal "Cybersecurity Trailblazer" (2016)
  • Cybersecurity Docket "Incident Response 30" (2016)
  • Cybersecurity Docket "Incident Response 40" (2019 to present)
  • Cybersecurity Docket "Incident Response 50" (2023)
  • The Best Lawyers in America® (2016 to Present)
    • New York: Privacy and Data Security Law
  • Law360: MVP in Privacy & Consumer Protection (2013)
  • Certified Information Privacy Manager

News

News

Press Releases

Publications

Alerts

Admissions

  • U.S. Court of Appeals, Federal Circuit, 2002
  • U.S. Court of Appeals, Third Circuit, 2002
  • U.S. District Court, District of Colorado, 2009
  • U.S. District Court, Middle District of Pennsylvania, 2004
  • U.S. District Court, Western District of Pennsylvania, 1998
  • U.S. District Court, Eastern District of Pennsylvania, 1995
  • U.S. District Court, District of New Jersey, 1995
  • Pennsylvania
  • New York

Education

  • J.D., Widener University School of Law, 1994, cum laude
  • B.S., Purdue University, 1987

Blog

In The Blogs

Previous Next
Data Counsel
Welcome to our 9th annual Data Security Incident Response Report!
By Theodore J. Kobus III
April 27, 2023
We are now three years post pandemic, and while a lot has changed, some things remain the same. Last year, I talked about resilience—the uncertainties of the pandemic were still present, the war in Ukraine had just begun, and businesses...
Read More ->
Data Counsel
Welcome Counsel Andrew Epstein to the DADM Group
By Theodore J. Kobus III
February 2, 2023
We are excited to welcome new Counsel Andrew Epstein to our Digital Assets and Data Management Group. Andrew joins our Digital Risk Advisory and Cybersecurity team and works out of our Seattle office. Andrew joins us most recently from...
Read More ->
Data Counsel
Congratulations to Katherine Lowry and the IncuBaker Team
By Theodore J. Kobus III
December 9, 2022
BakerHostetler is proud to announce that Financial Times recently recognized the firm’s IncuBaker team, along with incoming CIO Katherine Lowry, in its annual Innovative Lawyers North America 2022 Awards. The IncuBaker team won in the...
Read More ->
Data Counsel
Welcome Partner Ed McAndrew to the DADM Group
By Theodore J. Kobus III, Edward McAndrew
July 11, 2022
We are excited to welcome new partner Ed McAndrew to our Digital Assets and Data Management Group! Ed joins our Privacy and Digital Risk Class Action and Litigation and Digital Risk Advisory and Cybersecurity teams, and will work out of...
Read More ->
Data Counsel
Welcome to our 8th Annual Data Security Incident Response (DSIR) Report. What a year it has been!
By Theodore J. Kobus III
April 7, 2022
2021 did not turn out the way many of us had hoped. Best-laid plans to “return to normal” were postponed numerous times due to multiple waves of COVID-19 outbreaks and new variants. The steady frequency of ransomware attacks in 2020...
Read More ->