Theodore J. Kobus III

Partner

New York
T +1.212.271.1504
F +1.212.589.4201

"Theodore Kobus is 'extremely knowledgeable in the cyber space and...is an industry leader and well-respected,' according to clients. He has a wealth of experience in data security."

— Chambers USA 2019

Overview

Ted Kobus stands at the forefront of cyber protection -- no small role in an era defined by crippling data breaches and daily digital threats. The leader of BakerHostetler's Privacy and Data Protection team and a member of the firm's Policy Committee, Ted has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 4,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. He knows the most proactive regulators involved in this space and interacts with them regularly. Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.

Ted is consistently ranked in Chambers USA: America's Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler's Data Privacy Monitor blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session.

Select Experience

  • Led the breach response, regulatory defense and class action defense of a massive credit card breach on behalf of a large, privately held retailer. Guided the client through the initial investigation of a criminal attack and a payment processing network, including the engagement of a forensics team and collaboration with government entities to pursue the attackers. Led the defense against six putative class actions, a single plaintiff lawsuit and inquiries from state attorneys general and the Federal Trade Commission, convincing the regulator not only to close the investigation against the client but to establish the client as a victim in the breach. Developed a strategic plan to defend against lawsuits and actions filed in six different state and federal jurisdictions and negotiated settlements with putative plaintiffs. Continues to defend the client against demands by issuing banks alleging losses related to fraudulent charges and card reissuance costs, and provides guidance to the client regarding obligations held to the payment processor under specific regulations.

  • Leads an engagement with a health system providing advice on breach analysis, notification obligations, crisis management, investigation of incident and regulatory compliance following the theft of computers containing information of approximately 4 million patients. Coordinates the breach investigation, including a forensics team, and leads the breach response, crisis management and the notification of all patients and physicians affected. Leads the post-breach response as well, involving the resolution of patient complaints and regulatory investigations. Assisting and advising the client in responses to investigations initiated by government agencies. Has led the response to nearly half of the 12 largest Health Insurance Portability and Accountability Act breaches announced to date.

  • Led the response efforts to approximately 50 percent of the top 10 healthcare breaches reported to date. Ted represents some of the largest health systems, as well as several of the most highly regarded academic medical centers. He has defended more than 200 investigations brought by all regional offices of the Department of Health and Human Services Office for Civil Rights. He and his team have negotiated more than 10 resolution agreements.

More »

Experience

  • Led the breach response, regulatory defense and class action defense of a massive credit card breach on behalf of a large, privately held retailer. Guided the client through the initial investigation of a criminal attack and a payment processing network, including the engagement of a forensics team and collaboration with government entities to pursue the attackers. Led the defense against six putative class actions, a single plaintiff lawsuit and inquiries from state attorneys general and the Federal Trade Commission, convincing the regulator not only to close the investigation against the client but to establish the client as a victim in the breach. Developed a strategic plan to defend against lawsuits and actions filed in six different state and federal jurisdictions and negotiated settlements with putative plaintiffs. Continues to defend the client against demands by issuing banks alleging losses related to fraudulent charges and card reissuance costs, and provides guidance to the client regarding obligations held to the payment processor under specific regulations.

  • Leads an engagement with a health system providing advice on breach analysis, notification obligations, crisis management, investigation of incident and regulatory compliance following the theft of computers containing information of approximately 4 million patients. Coordinates the breach investigation, including a forensics team, and leads the breach response, crisis management and the notification of all patients and physicians affected. Leads the post-breach response as well, involving the resolution of patient complaints and regulatory investigations. Assisting and advising the client in responses to investigations initiated by government agencies. Has led the response to nearly half of the 12 largest Health Insurance Portability and Accountability Act breaches announced to date.

  • Led the response efforts to approximately 50 percent of the top 10 healthcare breaches reported to date. Ted represents some of the largest health systems, as well as several of the most highly regarded academic medical centers. He has defended more than 200 investigations brought by all regional offices of the Department of Health and Human Services Office for Civil Rights. He and his team have negotiated more than 10 resolution agreements.

  • Defending several Civil Investigative Demands brought by state attorneys general regarding a client's data security practices and compliance with federal and state laws. He and his team have negotiated more than 15 settlements.

  • Represented a financial institution following the discovery of malicious software on an employee workstation computer possibly capturing confidential customer information. Coordinating the breach investigation, response strategy and post-breach response, including the resolution of customer complaints and defense of the investigation by banking regulators.

  • Working with global companies regarding cybersecurity preparation, including facilitating tabletop exercises and developing incident response plans. Ted has conducted breach preparation exercises in various countries outside of the U.S. to address international issues.

Recognitions and Memberships

Recognitions

  • Chambers Global: Privacy & Data Security (USA) (2014 to 2019)
    • Band 2 (2018 to 2019), Band 3 (2014 to 2017)
  • Chambers USA: Nationwide Privacy and Data Security (2013 to 2019)
    • Band 2 (2017 to 2019), Band 3 (2013 to 2016)
  • The Legal 500 United States (2016 to 2019)
    • Leading Lawyer in in Media, Technology and Telecoms: Cyber law (including data privacy and protection) (2019)
    • Recommended in Media, Technology and Telecoms: Cyber law (including data privacy and protection) (2016 to 2018)
  • New York Metro "Super Lawyer" (2018 to 2019)
  • National Law Journal "Cybersecurity Trailblazer" (2016)
  • Cybersecurity Docket "Incident Response 30" (2016)
  • The Best Lawyers in America© (2016 to Present)
    • New York: Privacy and Data Security Law
  • Law360: MVP in Privacy & Consumer Protection (2013)
  • Certified Information Privacy Manager

News

News

Press Releases

Admissions

  • U.S. Court of Appeals, Federal Circuit, 2002
  • U.S. Court of Appeals, Third Circuit, 2002
  • U.S. District Court, District of Colorado, 2009
  • U.S. District Court, Middle District of Pennsylvania, 2004
  • U.S. District Court, Western District of Pennsylvania, 1998
  • U.S. District Court, Eastern District of Pennsylvania, 1995
  • U.S. District Court, District of New Jersey, 1995
  • Pennsylvania
  • New York

Education

  • J.D., Widener University School of Law, 1994, cum laude
  • B.S., Purdue University, 1987

Blog

In The Blogs

Previous Next
Data Privacy Monitor
CCPA Amendments Signed into Law by California Governor
By Kyle R. Fath
October 14, 2019
On Friday, October 11, 2019, California’s governor signed into law each of the six CCPA amendment bills passed by the legislature, bringing some finality and clarity to the scope of the CCPA (at least with respect to details which will not...
Read More ->
Data Privacy Monitor
CCPA Regs: "This is the meat on the bones…."
By Alan L. Friel
October 10, 2019
“Data is today’s gold. Everyone is rushing to mine data. Here in California, we are not unfamiliar with gold rushes… [in fact,][w]e are better than Captain Kirk and the Enterprise. We are going [with the CCPA regulations] to where no one...
Read More ->
Data Privacy Monitor
California Bill SB-208 Tackles Pervasive Robocalls
By Kamran Salour
September 27, 2019
On Sept. 11, 2019, the California State Senate approved the Consumer Call Protection Act of 2019, SB-208. The measure seeks to protect consumers from fraudulent robocalls and enact into law provisions that, despite strong support from...
Read More ->
Data Privacy Monitor
If Signed by Governor, California Bill AB-602 Will Provide Private Right of Action for Victims of Sexually Explicit ‘Deepfakes'
By Kamran Salour
September 26, 2019
AB-602, passed by the California State Senate on September 12, 2019, will, if approved by the governor, create a private right of action against persons who create or disclose another’s sexually explicit content through use of “deepfake”...
Read More ->
Data Privacy Monitor
Fourth Annual Data Security Incident Response Report Released – Building Cyber Resilience
By Theodore J. Kobus III
March 28, 2018
On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks...
Read More ->