The following is an excerpt from Practice Perspectives: Vault's Guide to Legal Practice Areas.
Theodore J. Kobus III, Partner—Digital Assets and Data Management
Theodore J. (“Ted”) Kobus III stands at the forefront of privacy and data security. Under his direction, Ted’s group has managed more than 5,000 data breach responses and hundreds of regulatory investigations. In the health care space, he has defended more than 200 OCR investigations and negotiated more privacy/security-related resolution agreements than any other lawyer.
In January 2020, Ted became the firmwide chair of the firm’s newly formed Digital Assets and Data Management (DADM) Practice Group. The DADM group brings preeminent teams together to provide comprehensive counsel on the full range of complex and evolving issues associated with data and technology, including digital innovation, e-commerce, fintech, cybersecurity, consumer privacy, transactions, governance, risk management, and more. Data is everywhere, and every company is—in some form—
a technology company. BakerHostetler created a one-stop enterprise risk solutions option that clients are seeking.
Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business and has been named an MVP by Law360 for Privacy and Consumer Protection. Ted has spoken at the National Association of Attorneys General in a closed session, as well as at the DOJ’s National Security Cyber Specialist’s Training Conference.
Ted is also a member of the firm’s Policy Committee.
Describe your practice area and what it entails.
In a world dependent on data, this group takes a 360-degree approach to the delivery of services and counsel to clients on how they manage and use information, comply with regulations, incorporate new technology, and defend against internal and external threats. For more than a decade, different teams at BakerHostetler have been at the forefront of helping clients leverage data and technology to transform their products and services. Following our own advice of using an enterprise approach to address these issues, we prioritized the importance of “data” as it affects the practice of law and merged these teams into a unique multidisciplinary practice group to help clients address the spectrum of issues in this area.
Our services are structured to reflect the business life cycle of data.
What types of clients do you represent?
We represent some of the most well-known names in retail, hospitality, financial services, health care, and education. Our clients include Marriott, Chipotle, Forever 21, Memorial Sloan Kettering, UC Regents, Children’s Hospital of Philadelphia, Sherwin-Williams, McDonalds, Duke University, and QVC.
What types of cases/deals do you work on?
I work on a variety of matters and oversee the various teams that support our clients. Most of my legal work involves working with the C-suite and boards regarding compliance issues. Additionally, I lead the defense of regulatory investigations by a multi-state group of attorneys general and other regulators. The other members of the practice group focus on all issues that touch the business life cycle of data, including cybersecurity, privacy, advertising, marketing, tech transactions, artificial intelligence, CCPA, GDPR, the increase of the value of data, and health care compliance.
How did you choose this practice area?
I was a full-time litigator before I started practicing in this area more than 15 years ago. I moved into this area of law because of the opportunity to assist clients with business issues. It is very fulfilling to help clients solve problems and to achieve their business objectives—particularly when they are working at brands that my family and I enjoy.
What is a typical day like and/or what are some common tasks you perform?
There are no typical days. Some weeks, I am hopping from city to city, visiting clients or speaking. I particularly enjoy being on-site with a client. The face-to-face interaction is terrific, but it also gives me the opportunity to see what their day is like and to meet people across the enterprise. Since the issues facing a company’s assets are not just legal or IT issues, we interact with a lot of other departments—human resources, finance, compliance, internal audit, marketing, consumer affairs, and others.
What training, classes, experience, or skills development would you recommend to someone who wishes to enter your practice area?
Understanding technology is extremely important. That knowledge helps with counseling clients on privacy issues related to new products. Also, a deep understanding of technology helps attorneys translate the findings of an investigation to a client or redirect the direction of the investigation. And, of course, understanding technology helps to tackle emerging issues, such as artificial intelligence and blockchain.
What is unique about your practice area at your firm?
The practice is a priority at BakerHostetler, and that is why we created the Digital Assets and Data Management practice group. As The American Lawyer pointed out, this practice is on the same level as other core groups at law firms, such as tax, litigation, and business.
What are some typical tasks that a junior lawyer would perform in this practice area?
The type of work varies by team. The one thing that is consistent throughout the teams is that there is direct contact with clients. We think that is very important. This happens a variety of ways, whether you are working on the defense to a regulatory investigation, managing a breach response, or preparing discovery for a litigation we are defending.
How do you see this practice area evolving in the future?
The practice will evolve as technology evolves, and that is why we have an Emerging Tech group in this practice. Data is gold at every company, and every company is—in some form—a technology company. So, as businesses evolve in the way they use and handle data, we too will need to evolve.
What kinds of experience can summer associates gain in this practice area at your firm?
We have had summer associates work on client matters, including compliance projects and incident response. Sometimes our summer associates help us improve the materials we use to train clients with respect to cybersecurity and privacy compliance issues. Other projects include working on surveys of laws globally and helping us prepare our annual Data Security Incident Response Report. We want them to have contact with a variety of teams and projects so that they can see what they really enjoy doing most.