Kevin E. Dolan is a Partner at Mullen Coughlin and Co-Chair of the Firm’s Advisory Compliance practice group. As Co-Chair, he leads a team of attorneys in counseling organizations of all sizes and across all industry groups in proactive data privacy and information security risk management planning.  He is also an experienced data privacy and security incident response attorney. 

Kevin’s Advisory Compliance practice involves assisting organizations with the avoidance or mitigation of data privacy and security incidents’ impact, as well as providing guidance to them to improve their overall compliance posture with respect to pertinent legal and regulatory frameworks. This includes development of organization-specific Incident Response Plans (IRPs); review, modification and/or creation of data privacy policies relating to data collection and management; facilitation of tabletop exercises and other employee/Board trainings; and development of compliance and privacy programs related to various data privacy and information security laws and regulations, including, but not limited to the following: 

Comprehensive state privacy laws such as the:

• California Consumer Privacy Act (CCPA), and its amendment the California Privacy Rights Act (CPRA);
• Virginia Consumer Data Protection Act (VCDPA);
• Utah Consumer Privacy Act (UCPA);
• Colorado Privacy Act (CPA); and
• Connecticut Personal Data Privacy and Online Monitoring Act (CDTPA); 

Federal and state privacy laws and regulations including:

• the Family Educational Rights and Privacy Act (FERPA);
• the Health Insurance Portability and Accountability Act (HIPAA);
• the Gramm-Leach-Bliley Act (GLBA);
• New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and Department of Financial Services (NYDFS) Cybersecurity Regulation;
• the Massachusetts Information Security Standard; and
• the National Association of Insurance Commissioners (NAIC) standards; and 

International privacy laws, in partnership with international counsel, like the European Union’s General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). 

Kevin’s expertise in data privacy and information security is supplemented by his prior experience serving in a variety of legal and executive roles in the education industry, most recently as Vice President of Strategy and General Counsel at a Philadelphia-based university. This experience informs the practical compliance strategies and recommendations Kevin provides to organizations prior to, during and after experiencing a data privacy and security incident.