Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 6,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.
Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.
Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler’s Data Counsel blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.
Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and a member of the firm’s Policy Committee.
Partners Fernando Bohorquez, Gerald Ferguson, Linda Goldstein and Jeewon Serrato, and Associate Justin Yedor served as panelists in a recent article published in the January 2022 issue of Financier Worldwide. In the article, they offer insights regarding key advertising technology regulation and compliance trends, including recent digital advertising efforts, benefits and insights, and current regulatory … Continue Reading
Please join me in welcoming Counsel Brian Craig to the Digital Assets and Data Management Group. Brian is located in our Washington, D.C. office and is a member of the Digital Risk Advisory and Cybersecurity (DRAC) Team. Brian has deep experience in guiding clients with federal government contracts considerations through cybersecurity matters. Cyber incidents for … Continue Reading
I’m delighted today to focus on a key player in BakerHostetler’s Digital Assets and Data Management group. David Carney is an exceptional lawyer who is on the cutting edge of privacy litigation in the United States. His work on a series of high-profile matters over the past six years has established important parameters regarding plaintiff … Continue Reading
Carpino recognized as “showcase winner” in all three type-of-library categories The American Association of Law Libraries’ (AALL) recently recognized BakerHostetler’s legal content services supervisor, Lindsey Carpino, for her role in developing “Review-it,” a crowd sourced review tool that shares feedback on legal resource tools to the community at large. “Review-it” swept all three type-of-library categories … Continue Reading
Sara Goldstein has been named to Law360’s 2021 list of “Top Attorneys Under 40,” for her career accomplishments in the Cybersecurity & Privacy practice area. Only 180 attorneys nationwide were recognized for what Law360 describes as “legal accomplishments that transcend their age.” Sara focuses her practice on legal issues related to data privacy and security … Continue Reading
Sara was recognized as part of the 2021 class of Professional Excellence Award winners by The Legal Intelligencer. The honorees were chosen based on a variety of factors, including service to the bar, peer recognition, distinctions and accomplishments, thought leadership, and other legal work of note. Read more.… Continue Reading
Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend to update this version throughout the … Continue Reading
With a practice focused on privacy class-action defense, Casie Collignon’s career takes her to courts across the country, through daily challenges of chess-like proportions and debate in advocacy for her clients. She has had a growing practice throughout the pandemic with multiple wins in 2020 alone, but she still finds time to be a mother, … Continue Reading
Partner Ted Kobus, Chair of the Digital Assets and Data Management Group, and Director of Practice Services Katherine Lowry, are featured in a Q&A article published on Dec. 10, 2020 by The American Lawyer. In the article, “With Technology a Constant, BakerHostetler Unit Aims to Make Sense Of Options,” the pair discuss the goals, structure … Continue Reading
We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading
Partner Ted Kobus is featured in the Nov. 19, 2020, episode of “Digital Detectives,” a Legal Talk Network podcast. Kobus spoke about the rapid increase in ransomware incidents in 2020 and what law firms should do in the event of an attack. Listen to the podcast or read the transcript.… Continue Reading
Ransomware has hit pandemic proportions and there does not seem to be a clear end in sight. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory regarding ransom payments and the risk of sanctions violations associated with such payments. Background Ransomware has been around for … Continue Reading
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships, and prevents or mitigates financial consequences. Unfortunately, some have sold the value of involving an attorney in the incident response process … Continue Reading
Dear Friends, In January, we announced the creation of the firm’s 6th practice group—Digital Assets and Data Management. Since September 2010, members of our group have been covering privacy and security topics through our Data Privacy Monitor blog. Today, we are excited to launch our rebranded blog – Data Counsel – to more fully capture … Continue Reading
We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year is taking us. Ransomware was, and continues to be, a big issue. We … Continue Reading
I am excited to announce the seventh practice team under our Digital Assets and Data Management (DADM) Practice Group. By focusing on capitalizing on innovations that maximize IP, data, and technology, this team advises on optimal strategies to accelerate business growth, pivot into new service lines, or fundamentally revamp business models. Co-leading the Digital Transformation … Continue Reading
Thank you to our clients and relationships, as well as to the BakerHostetler team who made the creation of the new Digital Assets and Data Management (DADM) Practice Group possible. In a world dependent on data, this group takes a 360-degree approach to the delivery of services and counsel to clients on how they manage … Continue Reading
We are excited to release the fifth edition of our annual Data Security Incident Response Report. This year’s report provides metrics from the 750+ potential incidents our team led clients through in 2018, as well as “Take Action” segments that feature insights from our team on key response items. Because it is our Report’s fifth … Continue Reading
On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to … Continue Reading
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading
On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading
The day before Thanksgiving, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the largest resolution agreement of 2015, against Lahey Hospital and Medical Center (Lahey). The incident giving rise to the $850,000 settlement was apparently an isolated theft involving 599 patients with electronic protected health information (ePHI) on … Continue Reading
State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident. Washington’s new law, which went into effect on July 24, includes a 45-day deadline for notification but goes further to allow for … Continue Reading
In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than 5% of the time. A post-breach investigation is not guaranteed. Certainly, in large, highly public incidents, companies can expect at least an … Continue Reading