Kevin E. Dolan

Kevin E. Dolan

Partner & Co-Chair, Advisory Compliance Practice
Mullen Coughlin LLC

Kevin E. Dolan is a Partner at Mullen Coughlin and Co-Chair of the Firm’s Advisory Compliance practice group. As Co-Chair, he leads a team of attorneys in counseling organizations of all sizes and across all industry groups in proactive data privacy and information security risk management planning. He is also an experienced data privacy and security incident response attorney.

Kevin’s Advisory Compliance practice involves assisting organizations with the avoidance or mitigation of data privacy and security incidents’ impact, as well as providing guidance to them to improve their overall compliance posture with respect to pertinent legal and regulatory frameworks. This includes development of organization-specific
Incident Response Plans (IRPs); review, modification and/or creation of data privacy policies relating to data collection and management; facilitation of tabletop exercises and other employee/Board trainings; and development of compliance and privacy programs related to various data privacy and information security laws and regulations, including, but not limited to the following:
• Comprehensive state privacy laws such as the:
• California Consumer Privacy Act (CCPA), and its amendment
the California Privacy Rights Act (CPRA);
• Virginia Consumer Data Protection Act (VCDPA);
• Utah Consumer Privacy Act (UCPA);
• Colorado Privacy Act (CPA); and
• Connecticut Personal Data Privacy and Online Monitoring Act
(CDTPA);
• Federal and state privacy laws and regulations including:
• the Family Educational Rights and Privacy Act (FERPA);
• the Health Insurance Portability and Accountability Act (HIPAA);
• the Gramm-Leach-Bliley Act (GLBA);
• New York’s Stop Hacks and Improve Electronic Data Security
Act (SHIELD Act) and Department of Financial Services
(NYDFS) Cybersecurity Regulation;
• the Massachusetts Information Security Standard; and
• the National Association of Insurance Commissioners (NAIC)
standards; and
• International privacy laws, in partnership with international
counsel, like the European Union’s General Data Protection
Regulation (GDPR) and Canada’s Personal Information Protection
and Electronic Documents Act (PIPEDA).

In addition to his Advisory Compliance practice, Kevin also counsels victim organizations in responding to, and investigating, data privacy and security incidents. He uses his Advisory Compliance knowledge to effectively and efficiently identify applicable state, federal and international legal and regulatory obligations as it relates to law enforcement reporting, individual and business partner notification and regulatory follow up or inquiries.

Kevin’s expertise in data privacy and information security is supplemented by his prior experience serving in a variety of legal and executive roles in the education industry, most recently as Vice
President of Strategy and General Counsel at a Philadelphia-based university. This experience informs the practical compliance strategies and recommendations Kevin provides to organizations prior to, during and after experiencing a data privacy and security incident.