Andreas Kaltsounis

Partner, BakerHostetler

Andreas Kaltsounis focuses on helping clients anticipate, manage and respond to complex privacy and security issues in connected, data-driven organizations. Recognized as a BTI Client Service All-Star, his clients appreciate his practical advice and ability to anticipate issues, thanks to his nearly 25 years of legal and technical experience as an attorney, an information security and privacy professional, a leader at an international information security consultancy and a federal agent investigating criminal, regulatory and national security cyber matters.

As a strategic advisor, Andreas helps clients anticipate, understand and comply with the rapidly evolving patchwork of global privacy and data protection laws, including U.S. privacy laws, the European Union’s General Data Protection Regulation and other international data protection laws. Focused on more than merely checking regulatory boxes, he works with his clients to identify and operationalize practical solutions that address risk while supporting an organization's growth.

Reactively, Andreas has advised clients through hundreds of data breach and privacy-related investigations, including in some of the largest publicly reported breaches. His investigative experience and deep technical background make him a go-to advisor for incidents involving widespread network intrusions, technically complex issues and potential insider threats. In the wake of these incidents, he has successfully defended clients in regulatory inquiries by the FTC, global supervisory authorities and multistate attorneys general, and he partners with BakerHostetler’s award-winning litigation team to defend against consumer class actions and shareholder actions.

Andreas speaks frequently to industry groups and boards of directors on privacy, data protection and incident response, and combines his extensive on-the-ground experience with leading industry credentials in privacy law (CIPP/US),* information security (CISSP), critical controls auditing and implementation (GCCC), penetration testing (GPEN) and computer forensics (EnCE and SCERS). He is also a member of the Sedona Conference’s Working Group 11 on Data Security and Privacy.

Andreas co-leads the firm’s national Digital Risk Advisory and Cybersecurity team, is a member of the firm's Privacy Governance and Technology Transactions team and serves as the Seattle Digital Assets and Data Management Leader.