Digital Assets and Data Management

“We are a convergence practice, addressing enterprise risks, disputes, compliance and opportunities through the life cycle of data, technology, advertising and innovation, including brand strategies and monetization.”

— Ted Kobus, DADM Practice Group chair

BakerHostetler formed the Digital Assets and Data Management Practice Group (DADM Group) in 2020 to mirror how our clients do business. Leveraging data and technology is a priority for most entities. Our clients are collecting data and then utilizing advanced technology to transform their products and services. Doing this creates enterprise risk. Our practice group works with clients through the life cycle of data – privacy, security, marketing and advertising, transactions, and emerging technology – within an organization.

The Advertising, Privacy Governance and Technology Transactions, Digital Risk and Cybersecurity teams provide seamless overall counseling to global consumer products and retailers, helping the companies navigate the supporting of advertising claims, evolving loyalty and subscription programs, and CCPA compliance. The coordination of such work has never been more important as companies grapple with how lawfully to collect, protect and use valuable consumer data.
We served as incident response and post-disclosure counsel for Marriott Hotels regarding the Starwood Hotels guest record security incident disclosed in 2018. We also are defending Marriott in multidistrict litigation against claims brought by individuals, banks and cities.
All seven of our teams have supported a multinational grocer, including advised on CCPA compliance, conducting an advertising and digital media boot camp, providing counsel regarding e-commerce and cybersecurity and handling legal issues related to the response, notification and litigation arising from a payment card security incident.
We advised a large specialized research and treatment center on healthcare compliance, including the use of de-identified protected health information for research purposes.
Multiple DADM Group teams combined to provide services to a multi-brand restaurant company with thousands of locations. Our work included data security incident response; incident response training and tabletop exercises; extensive technology contract negotiations to support integration of new brands into the multi-brand concept; guidance regarding implementation of secure payment technology and mobile payment applications; and acquisition-related due diligence and security assessments.
We represent an alliance of multinational corporations in connection with a partnership with IBM Watson Health and other analytics providers. This partnership harnesses the power of IBM’s artificial intelligence capabilities and other provider services through the collection and analysis of health data to improve health outcomes for employees and to reduce healthcare costs for member companies.
Our Digital Risk Class Action and Litigation team defeated certification of a putative class action brought against a large regional discount retailer on behalf of banks that issued payment cards affected by the retailer’s 2015 data breach. The plaintiffs attempted to certify a class of about 2,500 banks, arguing that the retailer was negligent in its failure to maintain adequate cybersecurity, leading to damages including actual fraud losses, card reissuance costs and lost revenue from the potential compromise of more than 1 million payment cards. Through significant fact discovery, the team developed a solid factual record to oppose class certification.
We advised an international fast food chain regarding the use of a new blockchain tool to tokenize and distribute sensitive data, including an analysis of the technology against laws providing safe harbors for encryption in the event of a security incident.