Click the image to download the 2022 DSIR Report.

2021 did not turn out the way many of us had hoped. Best-laid plans to “return to normal” were postponed numerous times due to multiple waves of COVID-19 outbreaks and new variants. The steady frequency of ransomware attacks in 2020 continued into 2021, highlighting the serious ongoing threat cyberattacks pose. The most frequent client requests this year included assistance with the ransom “pay-no pay” decision tree, OFAC compliance, and ransomware playbooks. The war in Ukraine and the responsive government sanctions have already increased interest in these topics, and we expect that to continue through 2022.

Despite these challenges, our clients continue to be resilient and more strategic in their approach to security than in the past. Clients are taking time to understand the best steps to secure their networks, and are relying on the information learned from others’ mistakes to guide their approach. Most significantly, perhaps, clients are becoming more nimble in their approach because of the constant evolution of technology and the legal landscape.

The Digital Assets and Data Management (DADM) Practice Group is in its third year of existence at the firm. The pandemic time warp we have been in makes it seem like we have been in existence forever — and that is because the seven teams that comprise the practice group work so well together to support our clients’ interests in the data life cycle. We now have several clients who utilize all seven teams to support their enterprise risk. Although the focus of this Report remains consistent with prior years, we have continued to broaden the topics and analysis to address the issues that the seven practice teams focus on: incident response, healthcare privacy compliance, global privacy issues, blockchain technology, non-fungible tokens (NFTs), truth in advertising, and emerging regulatory trends. We are excited to soon launch a new digital platform version of the DSIR Report that we plan to update throughout the year with real-time data to help keep you informed of trends.

Last year, I addressed the firm’s diversity, equity, and inclusion (DEI) efforts. One reader questioned why this topic was included in this Report. Let’s be clear: while conversations around DEI may be uncomfortable, they must occur. Being open about our efforts promotes conversations both inside and outside of our organization — that’s the way we improve and do better. In 2021, BakerHostetler announced it is participating in the Mansfield Rule 5.0 Certification process. The goal of the Mansfield Rule is to boost the representation of historically underrepresented lawyers in law firm leadership. Under the Mansfield Rule, BakerHostetler will commit to tracking and measuring that we have affirmatively considered at least 30% women, lawyers from underrepresented racial and ethnic groups, lawyers with disabilities, and LGBTQ+ lawyers for top leadership roles, senior-level lateral hiring, promotions into the equity partnership, and participation in client pitch meetings. The DADM Group continues to lead the way in this initiative. Currently, over 50% of our practice group is comprised of female lawyers and approximately 30% are persons of color or LGBTQ+. Our work is not finished and we intend to continue our efforts to attract, retain, and find a successful path upward for underrepresented minority groups. Thank you to our clients and the vendors we partner with for all of your support. We hope you enjoy this edition of the DSIR Report and we welcome you to contact our DADM group members with questions or suggestions.

Photo of Theodore J. Kobus III Theodore J. Kobus III

Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him…

Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 6,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.

Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.

Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler’s Data Counsel blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.

Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and a member of the firm’s Policy Committee.