skip to main content

Privacy and Data Protection

Privacy and data protection has become a significant concern for businesses and individuals in all sectors of the economy, including health careeducationinsurance, banking, finance and defense.  The proper protection of data is vital to commercial success, preventing adverse public relations and achieving regulatory compliance.

Today’s businesses collect, transfer, and store a wide range of data on a daily basis.  These records often contain vast amounts of sensitive and personal information which, if lost or misused, would create significant business risk.  In addition to protecting our clients’ data on the front end, we vigorously protect their interests if the unfortunate case of a breach or data incident does occur. We have a consistent record of assisting leading companies in a variety of industries with privacy and data protection matters. Our knowledge has increased with our client base to include health corporations, academic centers, insurance companies, federal organizations and a variety of other public and private sector clients.

At Shipman & Goodwin we offer a multi-disciplinary team of experienced lawyers who have been counseling clients on data issues for many years. In addition to their practices, several of them are involved in professional activities and associations that keep them abreast of key trends and developments in this critical area. The Chair of our Data Privacy Team, Bill Roberts, was selected by the American Bar Association to participate as a Business Law Fellow, where he focuses on data privacy, telemedicine and the intersection of healthcare and technology.  Partner Cathy Intravia is co-leader of the International Association of Privacy Professionals (IAPP) Connecticut Knowledge Net and a member of the American Bar Association’s Intellectual Property Committee on Software and Cloud Computing; she is also a Certified International Privacy Professional.  Partner Dan Schwartz is the author of the independent Connecticut Employment Law Blog, which includes posts relating to privacy and social media issues pertaining to employers; for the last 5 years, the ABA journal has named it one of the top 100 law blogs produced by lawyers.

Our team offers a comprehensive approach to our clients’ needs with an extensive skill-set in counseling and litigation capabilities, covering numerous aspects of privacy and data protection. Whether developing a privacy policy, advising on a data breach regulatory investigation, or crafting strategic company data protection guidelines, we have the proficiency required to assist our clients in navigating the increasingly complex and changing landscape of laws and regulatory requirements they are faced with. 

We counsel clients on the following types of matters:

  • Evaluating of privacy and data protection risk profiles
  • Developing strategies to build efficient privacy infrastructures
  • Establishing compliance programs for early detection of privacy concerns
  • Advising on retention, destruction, and e-discovery of documentation
  • Establishing and maintaining compliance hotlines
  • Developing licensing and data sharing agreements
  • Whistleblower and internal investigations
  • Guidance on conducting investigations and providing notifications when a breach has occurred
  • Litigating privacy disputes in jurisdictions throughout the country
  • Representation before federal and state agencies during investigations of breaches
  • Drafting and implementing company privacy and data protection policies
  • Advising on employee records issues and employees use of email and social media tools
  • Complying with domestic and international data protection laws
  • Protecting against and coping with cross-border data breaches


August 28, 2018  NYSDFS Upcoming Deadlines Fast Approaching: Next Key Date is September 4, 2018
May 8, 2018  The GDPR is Coming: Keep Calm and Plan
February 6, 2018  NYSDFS Upcoming Deadlines Fast Approaching: Next Key Date is February 15, 2018
August 22, 2017  NYSDFS Upcoming Deadline Fast Approaching: First Key Date is August 28, 2017
October 3, 2016  Family Policy Compliance Office Issues FERPA Privacy Guidelines
August 29, 2016  Compliance Conundrum -- Unauthorized Exports v. Discrimination: Find a Win in a Lose-Lose Scenario
June 20, 2016  Governor Signs Student Data Privacy Law
January 27, 2016  If You Provide Behavioral Health Services, Do the New HIPAA Reporting Rules Apply to You?
October 14, 2015  Court of Justice of the European Union Declares the U.S.-E.U. Safe Harbor Invalid
June 22, 2015  Conn. Seeks To Tighten Data Privacy Requirements
January 2015  Going Live with a Patient Portal—Legal Risks and Operating Documents
December 12, 2014  Recent Data Breach Demonstrates the Importance of Attention to Software and IT Systems
July 14, 2014  Dan Schwartz quoted in LTN News article, "Hackers Are After Employee Data Now"
May 12, 2014  Health Law: HIPAA Breaches: Getting It Right
March 14, 2014  Dan Schwartz quoted in CT Law Tribune article, "Bill Would Ban Requests For Social Media Passwords"
March 6, 2014  Employers Be Forewarned: The Forms You Use to Obtain Applicant Background Checks May Violate FCRA
August 27, 2013  Recent Data Breach Demonstrates the Importance of Keeping Track of Your Sensitive Information
June 26, 2013  Amended Rule for the Children's Online Privacy Protection Act Takes Effect
July 1, 2013
June 25, 2013  FDA Releases Draft Cybersecurity Guidance for Medical Devices
January 3, 2013  HHS Announces Mobile Device Security Initiative
November 2012  Connecticut's HIE: A Look at the Nutmeg State's Approach to Sharing Patient Information
August 2, 2012  Breaches of Personal Information Must Now Be Reported to the Attorney General
November 17, 2011  OCR Begins Pilot Phase of HIPAA Privacy and Security Audit Program
February 28, 2011  First-Ever Civil Monetary Penalties Imposed for Violation of the HIPAA Privacy Rule
February 5, 2010  Revised Massachusetts Regulations for the Protection of Personal Information Take Effect March 1, 2010
July 18, 2008  New Connecticut Law Mandates Safeguards for Personal Information and Social Security Numbers


March 20, 2018  Bill Roberts Selected as InsurTech Hartford Mentor
January 13, 2018  Bill Roberts Quoted on Issues in Law Firm Data Breaches
August 1, 2017  Bill Roberts Appointed to CT Health Data Collaborative
July 28, 2017  Bill Roberts Explains Health Care IT Balancing Act in Huffington Post
June 5, 2017  International Trade Attorneys Featured in U.S. Dept. of Commerce Webinar Series
April 4, 2017  Joan Feldman and Bill Roberts Highlight Key Health Care Compliance Issues at Nat'l Conference
March 6, 2017  Cyber Security Program and Panelist Bill Roberts Emphasize Preventive Measures
January 23, 2017  Bill Roberts Quoted on Importance of Cybersecurity Risk Management Plans
January 10, 2017  Bill Roberts Weighs in on Increased Attempts to Steal W-2s
October 26, 2016  Bill Roberts Suggests Quick Response to Student Data Breaches
August 19, 2016  Bill Roberts Offers New Guidance on Health Care Data Privacy
July 25, 2016  Bill Roberts Provides Commentary in Report on Medicare Compliance
July 20, 2016  Health Law Daily Recaps HCCA Vendor Privacy Webinar Presented by Bill Roberts
July 11, 2016  Bill Roberts Quoted in Part B News on Recent HIPAA Breach
June 10, 2016   Bill Roberts Featured in Q&A on Data Privacy, Information Security and Preventing Breaches
March 9, 2015  Dan Schwartz Offers Commentary on Password Bill for WNPR News
March 5, 2015  Bill Roberts Joins HIPAA Website as Commentator
November 14, 2014  Bill Roberts Comments on Medical Records Ruling
October 17, 2014  CT Attorneys Recognized as 2014 Super Lawyers
September 17, 2014  ABA Appoints Bill Roberts as Business Law Section Envoy
September 15, 2014  October Data Privacy Summit
November 4, 2013  Brown and Roberts Recognized as New Leaders in the Law
October 21, 2013  CT Attorneys Recognized as 2013 Super Lawyers
May 11, 2012  Panel Explores Risks and Rewards of Social Media for Health Care Providers
October 26, 2009  Partner Catherine Intravia Receives CIPP Designation
September 11, 2008  Shipman & Goodwin Attorneys Hold Seminar on New Connecticut Law Mandating Safeguards for Personal Information


November 30, 2018  CLE Event: Professionalism Boot Camp
November 20, 2018  CEN Education and Development Advisory Council Workshop
October 25, 2018  Privacy and Data Security in a Globalized World: Cross-Border Issues and Trends
September 14, 2018  Annual Risk Management Day
August 7, 2018  CLE Event: Webinar: Compliance Checkup: NY DFS Cybersecurity Regulations
June 13, 2018  CLE Event: Webinar: Export Controls in the Cloud
May 22, 2018  Model Agreements & Guidelines International (MAGI) Clinical Research Conference
April 3, 2018  Independent School Webinar: Safeguarding Data - Developing a School Data Privacy and Security Program
March 27, 2018  Data Privacy for Public and Charter Schools: What Lies Ahead - Stamford
March 15, 2018  Data Privacy for Public and Charter Schools: What Lies Ahead - Hartford
January 25, 2018  Digital Health - InsurTech With Benefits
December 8, 2017  Social Media and Apps, Cyberbullying, Privacy and Other Technology Issues
November 30 - December 2, 2017  2017 TABS Annual Conference
August 17, 2017  Webinar: Export Controls in the Cloud
July 18, 2017  Health Care Compliance Association Web Conference
May 23, 2017  Cybersecurity Threats: Are You Next?
May 18, 2017  WorkSmart Hartford 2017: Annual IT, Business & Security Conference
May 12, 2017  2017 Connecticut Education Network Annual Conference
March 28, 2017  Is Your HR Data Going Rogue? Practical Steps for HR to Take
March 26-29, 2017  Health Care Compliance Association's 21st Annual Compliance Institute
March 1, 2017  The Next Generation of Cyber Security: It's Not Just About Firewalls and Antivirus Software Anymore
February 23, 2017  Recent Privacy and Security Developments in Human Subjects Research
February 22, 2017  CLE Event: Webinar: Safeguarding Your Business: Preventing and Responding to Data Breach and Cyber-liability
November 30 - December 2, 2016  OCR Audits Phase 2 With Real Life Experience - How to Navigate?
October 23-26, 2016  MAGI's Clinical Research Conference - 2016 West
October 20, 2016  CT Technology Council 2016 IT Summit
October 11, 2016  Webinar: Compliance Conundrum--Unauthorized Exports v. Discrimination
July 19, 2016  Vendor Privacy: Due Diligence and Contracting Solutions
June 27, 2016  Briefing on Public Act 16-189: An Act Concerning Student Data Privacy
June 15, 2016  Webinar: Managing HIPAA Data Breaches
May 2, 2016  HR's New Challenge: Cyber Security
April 9, 2016  American Bar Association Business Law Section Spring Meeting
March 23, 2016   Webinar: Telemedicine & eConsults - Where We Are Today and Where We're Going
December 11, 2015  Update on Data Privacy and Human Resources Law
December 2, 2015  Webinar: Business Associates: How to Differentiate Your Organization Using HIPAA Compliance
November 18, 2015  CT Technology Council 2015 IT Summit
November 9, 2015  Capitol Region Education Council - Technology Conference
September 29, 2015  IAPP: The Intersection of Information Governance and Privacy
September 24, 2015  Data Security and Privacy Risk Management in a New World of Big Data Collection and Sharing
September 24, 2015  Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
September 18, 2015  American Bar Association Business Law Section Annual Meeting
July 14, 2015  Webinar: HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Practices
April 30, 2015  Webinar: Legal Consideration and Best Practices for Developing an Effective Cybersecurity Strategy
March 13, 2015  Right to Privacy & HIPAA
February 12, 2015  CHCACT: Corporate Compliance Workgroup
January 15, 2015  IAPP: Transactional Aspects of Big Data and Related Privacy Issues
January 14, 2015  Stage 2 Meaningful Use Audit: What You Need to Know
October 16, 2014  Raiders of the Data Ark - Data Privacy & Cybersecurity Summit
October 9, 2014  CCPA: Establishing an Effective Compliance Program
June 12, 2014  International Association of Privacy Professionals KnowledgeNet
May 2, 2014  SHRM: Pirates of the Data Stream - HR's Role in Securing Corporate Information
January 8, 2014  CALPI: Investigations and Background Screening
November 15, 2013  Connecticut Technology Council: The IT Summit 2013
April 8, 2013  Family Opposition to First Person Consent
March 15, 2013  Complying With the New HIPAA Regulations - Part II
March 1, 2013  Complying With the New HIPAA Regulations - Part I
May 10, 2012  Catching the Social Media Bug: The Risks and Rewards of Social Media For Health Care Providers
October 11, 2011  Protecting Corporate Data in a Technology‐Driven Business Climate: Are You Prepared?
September 10, 2008  Mandated Safeguards for Personal Information Seminar - Stamford
September 9, 2008  Mandated Safeguards for Personal Information Seminar - Hartford
© Shipman & Goodwin LLP, 2018. All Rights Reserved.