Theodore J. Kobus III

Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 6,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.

Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.

Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler’s Data Counsel blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.

Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and a member of the firm’s Policy Committee.

Subscribe to all posts by Theodore J. Kobus III

Congratulations to Sara Goldstein – a 2021 Law360 Rising Star!

Sara Goldstein has been named to Law360’s 2021 list of “Top Attorneys Under 40,” for her career accomplishments in the Cybersecurity & Privacy practice area. Only 180 attorneys nationwide were recognized for what Law360 describes as “legal accomplishments that transcend their age.” Sara focuses her practice on legal issues related to data privacy and security … Continue Reading

Seventh Annual Data Security Incident Response Report Released – Disruption and Transformation

Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend to update this version throughout the … Continue Reading

Congratulations to Casie Collignon for being named one of the “Top Litigators 2021” by Law Week Colorado!

With a practice focused on privacy class-action defense, Casie Collignon’s career takes her to courts across the country, through daily challenges of chess-like proportions and debate in advocacy for her clients. She has had a growing practice throughout the pandemic with multiple wins in 2020 alone, but she still finds time to be a mother, … Continue Reading

Ted Kobus and Katherine Lowry Discuss Trajectory of IncuBaker in Q&A with The American Lawyer

Partner Ted Kobus, Chair of the Digital Assets and Data Management Group, and Director of Practice Services Katherine Lowry, are featured in a Q&A article published on Dec. 10, 2020 by The American Lawyer. In the article, “With Technology a Constant, BakerHostetler Unit Aims to Make Sense Of Options,” the pair discuss the goals, structure … Continue Reading

BakerHostetler Named a Cybersecurity “Pacesetter” in ALM Intelligence Inaugural Ranking

We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading

Was OFAC’s Advisory an October Surprise or More of the Same?

Ransomware has hit pandemic proportions and there does not seem to be a clear end in sight. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory regarding ransom payments and the risk of sanctions violations associated with such payments. Background Ransomware has been around for … Continue Reading

The Destruction of Privilege and Work Product Protection for Data Breach Investigations?

Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships, and prevents or mitigates financial consequences. Unfortunately, some have sold the value of involving an attorney in the incident response process … Continue Reading

Welcome to Data Counsel

Dear Friends, In January, we announced the creation of the firm’s 6th practice group—Digital Assets and Data Management. Since September 2010, members of our group have been covering privacy and security topics through our Data Privacy Monitor blog. Today, we are excited to launch our rebranded blog – Data Counsel – to more fully capture … Continue Reading

Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World

We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year is taking us. Ransomware was, and continues to be, a big issue. We … Continue Reading

Meeting Client Needs: Our New Digital Transformation and Data Economy Team

I am excited to announce the seventh practice team under our Digital Assets and Data Management (DADM) Practice Group. By focusing on capitalizing on innovations that maximize IP, data, and technology, this team advises on optimal strategies to accelerate business growth, pivot into new service lines, or fundamentally revamp business models.  Co-leading the Digital Transformation … Continue Reading

Everything Data!

Thank you to our clients and relationships, as well as to the BakerHostetler team who made the creation of the new Digital Assets and Data Management (DADM) Practice Group possible. In a world dependent on data, this group takes a 360-degree approach to the delivery of services and counsel to clients on how they manage … Continue Reading

Fifth Annual Data Security Incident Response Report Released – Managing Enterprise Risks in a Digital World

We are excited to release the fifth edition of our annual Data Security Incident Response Report. This year’s report provides metrics from the 750+ potential incidents our team led clients through in 2018, as well as “Take Action” segments that feature insights from our team on key response items. Because it is our Report’s fifth … Continue Reading

Fourth Annual Data Security Incident Response Report Released – Building Cyber Resilience

On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to … Continue Reading

Be Compromise Ready: Go Back to the Basics

We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading

OCR Continues Waving Its HIPAA Enforcement Flag: Don’t Forget About Medical Devices

The day before Thanksgiving, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the largest resolution agreement of 2015, against Lahey Hospital and Medical Center (Lahey). The incident giving rise to the $850,000 settlement was apparently an isolated theft involving 599 patients with electronic protected health information (ePHI) on … Continue Reading

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident. Washington’s new law, which went into effect on July 24, includes a 45-day deadline for notification but goes further to allow for … Continue Reading

A Deeper Dive: Regulatory Investigations Following a Reported Breach

In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than 5% of the time. A post-breach investigation is not guaranteed. Certainly, in large, highly public incidents, companies can expect at least an … Continue Reading

BakerHostetler’s First Data Security Incident Response Report Shows Human Error is Most Often to Blame

We are pleased to announce the release of the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. It looks at the nature of the threats faced by companies, as well as detection and response trends, and … Continue Reading

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is self-insured and your company contracts with Anthem to administer the plan, process claims, etc., then your company’s group health plan … Continue Reading

Building Relationships with Your Regulators

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. One of the last recommendations clients like to hear from their lawyer is, “Let’s call the regulators.” Building relationships with regulators when it comes to privacy and security issues … Continue Reading

BakerHostetler and Woodcock Washburn Announce Strategic Combination

BakerHostetler and Woodcock Washburn, one of the country’s leading intellectual property boutiques, announced today that they have a signed letter of intent to combine, subject to an affirmative vote by the partners of both firms in early December. The announcement, made by BakerHostetler Executive Partner Steven Kestner and the Woodcock Washburn Policy Committee, notes they … Continue Reading
LexBlog