About
Our Firm
Management Team

Recognition
Community

Pro Bono
Diversity and Inclusiveness

Offices
International - Interlaw
The firm has a strong understanding of business and an impressive national network.

Chambers & Partners
People

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

PrevNext

View By:
Industries & Practices
Experience
News
Recent News(view all)

Shipman & Goodwin Expands Trusts & Estates Practice, Opens Old Lyme Office, With Addition of Kitchings & Potter Attorneys
Shipman & Goodwin Commits to Mansfield Rule 3.0 to Support Diversity and Inclusion
George Jepsen and Perry Zinn Rowthorn Weigh in on Opioid "Negotiation Class Action" in Cleveland Court
William Roberts Earns Fellow of Information Privacy Designation
Mike Chase Publishes New Book Revealing Abundance of Obscure Criminal Laws
Shipman & Goodwin Ranked a Top Firm in the Nation for Female Attorneys and Partners
Glenn Cunningham and Patrick Fahey Recognized as IP Stars USA
Events
Upcoming Events(view all)

Due Diligence at Dawn (October 16)
October 17, 2019 - Sexual Harassment Prevention Training - Stamford (October 17)
October 17, 2019 - Sexual Harassment Prevention Training - Hartford (October 17)
Upcoming CLE Events
Publications
Recent Publications(view all)

SEE YOU IN COURT! - October 2019
The Donor Disclosure Saga Continues: IRS Readdresses Donor Disclosure Requirements After Court Loss
Governor Lamont Signs Connecticut Biennial Budget: New Deal or Déjà Vu?
SEE YOU IN COURT! - September 2019
Fair Market Value: It Is Not As Easy As You May Think
New Health Insurance Option for Employers in 2020 - the Individual Coverage HRA
New Rule Requires Foreign-Domiciled Trademark Applicants to be Represented by U.S. Licensed Attorneys
The Prudence of Passivity: An Argument for Default Passive Management in Trust Investing
Legislature Passes Key Amendments to the Connecticut Transfer Act
General Assembly Passes Series of Reforms to Connecticut's Sexual Harassment and Discrimination Laws
In Washington Post Article, Mike Chase Shares Not-So-Funny Reason Behind Humorous Laws
Careers
Overview
Law Students
Lateral Opportunities
Administrative Opportunities
We realize that our future depends on a steady flow of new talent -- and that's where you come in.

Data Privacy and Protection

Overview Attorneys Experience Publications News Events

Shipman & Goodwin’s Data Privacy and Protection Practice Group holds a unique position among cybersecurity teams. Taken together, our group has extensive, first-person experience in each of the key domains —privacy and technology law, law enforcement and in-house corporate leadership — necessary to mount an effective defense against and response to data breaches, information theft, cyberterrorism and related threats; ensure compliance with the rapidly growing matrix of data privacy and notification laws; and enable businesses to pursue market growth and innovation.

Drawing on our blend of legal, law enforcement and industry experience, we guide clients across sectors and jurisdictions through each step of the data privacy and protection lifecycle, from initial information collection, management, protection and disposal, through regulatory compliance, to post-breach responses, notifications and litigation. Our practice is national; we represent clients across the United States — from New England to Silicon Valley — as well as multinational corporations with a truly global footprint.

Legal and Technological Acumen

Our data privacy lawyers are well-versed in the underlying technologies that have contributed to today’s business growth as well as the global, national and local legal frameworks being developed to regulate these tools and platforms. For example, practice co-chair William Roberts has advised clients in more than 100 national and international data breach matters and is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP). He has extensive experience with the specific privacy and security challenges faced by health care providers, insurance technology (InsurTech) and financial technology (FinTech) companies. He also has advised numerous other public and private entities, including startups and Fortune 50 companies, operating in the manufacturing, software and hardware, mobile application development, education and other sectors.

Law Enforcement Experience

Prior to joining the firm, practice co-chair George Jepsen served for eight years as Connecticut’s Attorney General and partner Perry Zinn Rowthorn served for five years as the state’s Deputy Attorney General. During their tenure in that office, they made the pursuit of data privacy and protection matters one of their top priorities. Among other initiatives, they collaborated on the development of an innovative Privacy Task Force that became the Connecticut Privacy & Data Security Department. Partner Matt Fitzsimmons served as head of the department, the first such organization within a state attorney general’s office in the nation. That department led nationwide multi-state investigations into a number of the nation’s largest data breaches, resulting in sizeable settlements. Their work in office was as cooperative as it was adversarial: they met regularly with business leaders to establish practical, enforceable privacy best practices and standards and continue to advise industry groups on data security matters.

In-House Corporate Leadership

After co-leading national, bipartisan multistate investigations by the Connecticut Attorney General’s office into many of the country’s most severe data breaches, in 2017 Matt Fitzsimmons joined global health service company, Cigna. There, he served as the company’s U.S. Privacy Officer and lead cybersecurity counsel. In this role, Matt gained an in-depth, firsthand understanding of the daily challenges and strategic goals of businesses for which information is a core asset. Among other initiatives, he provided guidance on privacy aspects of the company’s acquisition of Express Scripts. Drawing on his law enforcement and in-house perspectives, Matt offers clients clear, actionable guidance that enables them to maximize the utility of their information assets and develop new technologies, products and services, while protecting the privacy of individuals and the security of proprietary data.

Our approach is proactive and comprehensive. We provide client-tailored guidance in the following:

Data Management and Protection. We counsel clients on all issues related to appropriately safeguarding data during collection, storage, maintenance and disposal, including:

Data privacy and protection audits and risk profiles
Strategies to build efficient privacy infrastructures
Developing and documenting company data privacy and protection policies
Retention, destruction and e-discovery of documentation
Employee records
Employee use of email and social media tools
Licensing and data-sharing agreements

Regulatory Compliance. We work with clients to develop compliance programs to protect the confidentiality of data and spot potential issues, including development and maintenance of compliance hotlines and training of privacy and security officers, as well as staff and employees. We also advise clients on the full spectrum of applicable privacy laws and regulations, including:

HIPAA/HITECH
Gramm-Leach-Bliley Act (GLB)
Telephone Consumer Protection Act (TCPA)
EU General Data Protection Regulation (GDPR)
New York Department of Financial Services (DFS) Cybersecurity Regulation
Children’s Online Privacy Protection Act (COPPA)
Federal Trade Commission Act (FTCA)

Data Breaches and Investigations. Our team has extensive experience handling all aspects of national and international data breach matters and other security incidents, including:

Whistleblower and internal investigations
Post-breach notifications
Cooperation with federal and state agency investigations, including with the U.S. Department of Health & Human Services (HHS), the Office for Civil Rights (OCR), the Federal Trade Commission (FTC), state attorneys general and state departments of insurance
Privacy litigation in federal and state courts

Attorneys

Alexander R. Cox Associate	acox@goodwin.com (860) 251-5236	Hartford Office
Alfredo G. Fernández Associate	afernandez@goodwin.com (860) 251-5353	Hartford Office
Matthew F. Fitzsimmons Partner	mfitzsimmons@goodwin.com 860-251-5819	Hartford Office
Stephanie M. Gomes-Ganhão Associate	sgomesganhao@goodwin.com (860) 251-5239	Hartford Office
Catherine F. Intravia Partner	cintravia@goodwin.com (860) 251-5805	Hartford Office
George C. Jepsen Partner	gjepsen@goodwin.com (860) 251-5915	Hartford Office
Damian J. Privitera Associate	dprivitera@goodwin.com (860) 251-5504	Hartford Office
William J. Roberts Partner	wroberts@goodwin.com (860) 251-5051	Hartford Office
Perry Zinn Rowthorn Partner	prowthorn@goodwin.com (860) 251-5955	Hartford Office
Daniel A. Schwartz Partner	dschwartz@goodwin.com (860) 251-5038	Hartford Office Stamford Office
Christopher A. Tracey Counsel	ctracey@goodwin.com (203) 324-8155	Stamford Office
Gwen J. Zittoun Partner	gzittoun@goodwin.com (860) 251-5523	Hartford Office

Experience

Counseled Major Health Insurer on Privacy and Data Security for New Mobile App

Formation of State Health Information Exchange

Outside Data Privacy Counsel

Data Privacy Breach Investigation and Response

General Outside Privacy Counsel

Establishment of EU GDPR Compliance Program

Creation of Health Care Compliance Software

Development of Privacy and Protection Policies

General Outside Privacy Counsel for Major Health Insurer

Data Privacy Breaches

Data Privacy Compliance and Contractual Guidance

Development of Mobile App

Data Privacy Investigations

FERPA Compliance

HIPAA, HITECH and State Privacy Law Compliance

Development and Launch of All-Payer Claims Database

Data Breach Investigation and Response

Development of Cybersecurity Compliance Program

Counseling Employer on Loss of Employee Data

GDPR Compliance Review

Counseled on Application of GDPR to Infrastructure Administration

Development of Privacy Incident Response Tool and Manual

Development of GDPR Compliance Program

Data Privacy and Cybersecurity Guidance

Publications

February 4, 2019	NYSDFS Upcoming Deadlines Fast Approaching: Next Key Dates are February 15, 2019 and March 1, 2019
December 11, 2018	Expansion of CFIUS Oversight of Certain Non-Controlling Foreign Investments
August 28, 2018	NYSDFS Upcoming Deadlines Fast Approaching: Next Key Date is September 4, 2018
May 8, 2018	The GDPR is Coming: Keep Calm and Plan
February 6, 2018	NYSDFS Upcoming Deadlines Fast Approaching: Next Key Date is February 15, 2018
August 22, 2017	NYSDFS Upcoming Deadline Fast Approaching: First Key Date is August 28, 2017
October 3, 2016	Family Policy Compliance Office Issues FERPA Privacy Guidelines
August 29, 2016	Compliance Conundrum -- Unauthorized Exports v. Discrimination: Find a Win in a Lose-Lose Scenario
June 20, 2016	Governor Signs Student Data Privacy Law
January 27, 2016	If You Provide Behavioral Health Services, Do the New HIPAA Reporting Rules Apply to You?
October 14, 2015	Court of Justice of the European Union Declares the U.S.-E.U. Safe Harbor Invalid
June 22, 2015	Conn. Seeks To Tighten Data Privacy Requirements
January 2015	Going Live with a Patient Portal—Legal Risks and Operating Documents
December 12, 2014	Recent Data Breach Demonstrates the Importance of Attention to Software and IT Systems
July 14, 2014	Dan Schwartz quoted in LTN News article, "Hackers Are After Employee Data Now"
May 12, 2014	Health Law: HIPAA Breaches: Getting It Right
March 14, 2014	Dan Schwartz quoted in CT Law Tribune article, "Bill Would Ban Requests For Social Media Passwords"
March 6, 2014	Employers Be Forewarned: The Forms You Use to Obtain Applicant Background Checks May Violate FCRA
August 27, 2013	Recent Data Breach Demonstrates the Importance of Keeping Track of Your Sensitive Information
June 26, 2013	Amended Rule for the Children's Online Privacy Protection Act Takes Effect July 1, 2013
June 25, 2013	FDA Releases Draft Cybersecurity Guidance for Medical Devices
January 3, 2013	HHS Announces Mobile Device Security Initiative
November 2012	Connecticut's HIE: A Look at the Nutmeg State's Approach to Sharing Patient Information
August 2, 2012	Breaches of Personal Information Must Now Be Reported to the Attorney General

News

June 17, 2019	William Roberts Earns Fellow of Information Privacy Designation
May 6, 2019	Matthew Fitzsimmons, Former Cigna U.S. Privacy Officer and Lead Cybersecurity Counsel, Joins Firm as Partner
February 22, 2019	Shipman & Goodwin Weighed in With Aetna on Data Security for New App
March 20, 2018	Bill Roberts Selected as InsurTech Hartford Mentor
January 13, 2018	Bill Roberts Quoted on Issues in Law Firm Data Breaches
August 1, 2017	Bill Roberts Appointed to CT Health Data Collaborative
July 28, 2017	Bill Roberts Explains Health Care IT Balancing Act in Huffington Post
June 5, 2017	International Trade Attorneys Featured in U.S. Dept. of Commerce Webinar Series
April 4, 2017	Joan Feldman and Bill Roberts Highlight Key Health Care Compliance Issues at Nat'l Conference
March 6, 2017	Cyber Security Program and Panelist Bill Roberts Emphasize Preventive Measures
January 23, 2017	Bill Roberts Quoted on Importance of Cybersecurity Risk Management Plans
January 10, 2017	Bill Roberts Weighs in on Increased Attempts to Steal W-2s
October 26, 2016	Bill Roberts Suggests Quick Response to Student Data Breaches
August 19, 2016	Bill Roberts Offers New Guidance on Health Care Data Privacy
July 25, 2016	Bill Roberts Provides Commentary in Report on Medicare Compliance
July 20, 2016	Health Law Daily Recaps HCCA Vendor Privacy Webinar Presented by Bill Roberts
July 11, 2016	Bill Roberts Quoted in Part B News on Recent HIPAA Breach
June 10, 2016	Bill Roberts Featured in Q&A on Data Privacy, Information Security and Preventing Breaches
March 9, 2015	Dan Schwartz Offers Commentary on Password Bill for WNPR News
March 5, 2015	Bill Roberts Joins HIPAA Website as Commentator
November 14, 2014	Bill Roberts Comments on Medical Records Ruling
October 17, 2014	CT Attorneys Recognized as 2014 Super Lawyers
September 17, 2014	ABA Appoints Bill Roberts as Business Law Section Envoy
September 15, 2014	October Data Privacy Summit
November 4, 2013	Roberts Recognized as New Leaders in the Law
October 21, 2013	CT Attorneys Recognized as 2013 Super Lawyers
May 11, 2012	Panel Explores Risks and Rewards of Social Media for Health Care Providers

Events

October 29, 2019	Webinar: GDPR and Educational Institutions - Where We've Been, and Where We Are Now
October 28, 2019	The Present and Future of Data Breach Reporting
October 24, 2019	Webinar: GDPR and Manufacturers - Where We've Been, and Where We Are Now
October 15, 2019	Lunch & Learn: Data Privacy and Protection
September 19, 2019	IMLA's 84th Annual Conference
September 12, 2019	Technology Summit for Commercial Real Estate - Emerging Technologies, Cybersecurity and Data Privacy
August 23, 2019	PrognoCIS Summit 2019
July 17, 2019	CLE Event: CLE Webinar: General Counsel Briefing: Your Controlled Information and the "Insider Threat"
May 8, 2019	Webinar: Privacy and Data Security: US/Brazilian Cross-Border Issues and Trends
March 5, 2019	28th National HIPAA Summit
November 30, 2018	CLE Event: Professionalism Boot Camp
November 20, 2018	CEN Education and Development Advisory Council Workshop
October 25, 2018	Privacy and Data Security in a Globalized World: Cross-Border Issues and Trends
September 14, 2018	Annual Risk Management Day
August 7, 2018	CLE Event: Webinar: Compliance Checkup: NY DFS Cybersecurity Regulations
June 13, 2018	CLE Event: Webinar: Export Controls in the Cloud
May 22, 2018	Model Agreements & Guidelines International (MAGI) Clinical Research Conference
April 3, 2018	Independent School Webinar: Safeguarding Data - Developing a School Data Privacy and Security Program
March 27, 2018	Data Privacy for Public and Charter Schools: What Lies Ahead - Stamford
March 15, 2018	Data Privacy for Public and Charter Schools: What Lies Ahead - Hartford
January 25, 2018	Digital Health - InsurTech With Benefits
November 30 - December 2, 2017	2017 TABS Annual Conference
August 17, 2017	Webinar: Export Controls in the Cloud
July 18, 2017	Health Care Compliance Association Web Conference
May 23, 2017	Cybersecurity Threats: Are You Next?
May 18, 2017	WorkSmart Hartford 2017: Annual IT, Business & Security Conference
May 12, 2017	2017 Connecticut Education Network Annual Conference
March 28, 2017	Is Your HR Data Going Rogue? Practical Steps for HR to Take
March 26-29, 2017	Health Care Compliance Association's 21st Annual Compliance Institute
March 1, 2017	The Next Generation of Cyber Security: It's Not Just About Firewalls and Antivirus Software Anymore
February 23, 2017	Recent Privacy and Security Developments in Human Subjects Research
February 22, 2017	CLE Event: Webinar: Safeguarding Your Business: Preventing and Responding to Data Breach and Cyber-liability
November 30 - December 2, 2016	OCR Audits Phase 2 With Real Life Experience - How to Navigate?
October 23-26, 2016	MAGI's Clinical Research Conference - 2016 West
October 20, 2016	CT Technology Council 2016 IT Summit
October 11, 2016	Webinar: Compliance Conundrum--Unauthorized Exports v. Discrimination
July 19, 2016	Vendor Privacy: Due Diligence and Contracting Solutions
June 27, 2016	Briefing on Public Act 16-189: An Act Concerning Student Data Privacy
June 15, 2016	Webinar: Managing HIPAA Data Breaches
May 2, 2016	HR's New Challenge: Cyber Security
April 9, 2016	American Bar Association Business Law Section Spring Meeting
March 23, 2016	Webinar: Telemedicine & eConsults - Where We Are Today and Where We're Going
December 11, 2015	Update on Data Privacy and Human Resources Law
December 2, 2015	Webinar: Business Associates: How to Differentiate Your Organization Using HIPAA Compliance
November 18, 2015	CT Technology Council 2015 IT Summit
November 9, 2015	Capitol Region Education Council - Technology Conference
September 29, 2015	IAPP: The Intersection of Information Governance and Privacy
September 24, 2015	Data Security and Privacy Risk Management in a New World of Big Data Collection and Sharing
September 24, 2015	Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
September 18, 2015	American Bar Association Business Law Section Annual Meeting
July 14, 2015	Webinar: HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Practices
April 30, 2015	Webinar: Legal Consideration and Best Practices for Developing an Effective Cybersecurity Strategy
March 13, 2015	Right to Privacy & HIPAA
February 12, 2015	CHCACT: Corporate Compliance Workgroup
January 15, 2015	IAPP: Transactional Aspects of Big Data and Related Privacy Issues
January 14, 2015	Stage 2 Meaningful Use Audit: What You Need to Know
October 16, 2014	Raiders of the Data Ark - Data Privacy & Cybersecurity Summit
October 9, 2014	CCPA: Establishing an Effective Compliance Program
June 12, 2014	International Association of Privacy Professionals KnowledgeNet
May 2, 2014	SHRM: Pirates of the Data Stream - HR's Role in Securing Corporate Information
January 8, 2014	CALPI: Investigations and Background Screening
November 15, 2013	Connecticut Technology Council: The IT Summit 2013
April 8, 2013	Family Opposition to First Person Consent
March 15, 2013	Complying With the New HIPAA Regulations - Part II
March 1, 2013	Complying With the New HIPAA Regulations - Part I
May 10, 2012	Catching the Social Media Bug: The Risks and Rewards of Social Media For Health Care Providers

Primary Contact

Related Practice Areas

Related Industries

Attorney Advertising | Disclaimer | Privacy Policy | Contact Us

Our Firm	Management Team
Recognition	Community
Pro Bono	Diversity and Inclusiveness
Offices	International - Interlaw