BakerHostetler’s Privacy and Data Protection team has been named a Law360 “Practice Group of the Year” for the size, importance, and complexity of its wins and work mitigating reputational and financial risks for clients. This is the second year in a row Law360 has recognized the Privacy team, which is co-led by Partner and Law360 MVP Ted Kobus and Partner Jerry Ferguson. The team was profiled in a February 2 article, which ran as part of Law 360’s “Practice Group of the Year” series. The article highlighted the firm’s successes in breach class action defense on behalf of healthcare clients Advocate Health & Hospitals Corp. and Eisenhower Medical Center, as well as the firm’s work in a much-publicized celebrity hacking matter.
“This has been a tremendous year for our team and we are proud that Law360 has chosen to honor our accomplishments for a second year in a row,” said Kobus. “The depth and experience of our team has helped us achieve wins for our clients that are shaping the way that companies approach privacy and security issues. We have set new precedent in the courts and we have affected regulatory change. We’re already continuing this momentum into 2015 and we look forward to more success for our clients.”
Law360 selected the firm’s Privacy and Data Protection team as a top law practice for its adeptness at incident response, regulatory defense, proactive compliance counseling, data security risk assessments, and class action litigation. Law360 recognized the team for “…success both inside and outside the courtroom in 2014,” noting that the team’s “experience and versatility has led many companies and individuals to tap the firm to handle the fallout from data thefts.” Ferguson explained to Law360 how the team continues to evolve: “Our focus the past year has been on making sure that our strength in breach response and all the knowledge we’ve developed in terms of what are the best practices in responding to a breach are being applied to enhancing the services we’re providing our clients prebreach and in high-profile litigation.”
The team’s work in the healthcare industry changed the way regulators view healthcare privacy because of its approach to breach response, regulatory investigations, and the most significant class actions. In one set of victories, BakerHostetler successfully defended Advocate Medical Group against novel issues rarely before applied to healthcare, including the Fair Credit Reporting Act (FCRA) and overpayment theories. The team won the first of four substantive rulings in a case involving the theft of computers containing information on approximately four million patients.
In a California court decision, and a matter for which Partner Paul Karlsgodt was recognized as a Law360 “Privacy MVP,” BakerHostetler’s successful defense of Eisenhower Medical Center limited the definition of “medical information” and breach notification and reporting processes under California’s Confidentiality of Medical Information Act (CMIA). The team prevented $500 million in potential damages against Eisenhower –– a loss that could have put the hospital, and hospitals throughout California, at great financial risk. BakerHostetler’s work on this matter helped establish transformational reporting boundaries on data breach notification laws set by the CMIA and Customer Records Act (CRA) for all healthcare agencies licensed by the California Department of Public Health.
Partner Daniel Warren, Litigation Group coordinator for the firm’s Cleveland office and member of the Privacy and Data Protection team, explained one of the strategies behind the team’s success: “…is having broad-based experience in terms of litigation, which has served us well in novel battles because we are able to think about the issues from the standpoint of having handled cases in a lot of different areas.” Warren emphasized, “We have a lot of different tools in our toolbox.” Warren also noted that the firm’s knack for handling such unprecedented cases can be attributed in large part to the makeup of its team, which comprises not only data security experts but also lawyers versed in a wide range of class action law, including consumer protection, securities, insurance takeovers, and online privacy issues.
BakerHostetler’s Privacy and Data Protection team is a cross-disciplinary practice that counsels clients nationally and internationally from offices in New York, Washington, D.C., California, Colorado, Florida, Illinois, Ohio, Texas, and Washington. The team has experienced significant growth within the past year, with a series of high-profile lateral additions in New York, Los Angeles, Seattle, and Philadelphia. Built from a foundation of security incident response and regulatory defense, the team has helped organizations respond to more than 750 data security incidents. BakerHostetler attorneys guide and counsel clients in keeping their information secure, responding quickly when a data breach occurs and defending in litigation that may arise as a result. The team has been involved in some of the most significant privacy litigation in recent years, including as lead defense counsel for Community Health Systems, Schnuck Markets, Eisenhower Medical Center, Advocate Health, LivingSocial, Inc., Sentara Healthcare, and Vistaprint.
Law360 is a legal publication read by corporate counsel and firm decision-makers. The publication covers high-stakes litigation across 26 practice areas and includes in-depth analysis from high-profile attorneys at top firms. “Practice Group of the Year” awards firms “that came through for their clients in 2014, sealing the big deals and winning the high-stakes suits.” From the pool of nominations, the judges selected 158 practice groups to receive the honor as “Practice Group of the Year.”