REGULATORY & ADMINISTRATIVE LAW

Data Security & Information Privacy

Every business collects, stores and manages personal information. Some businesses handle particularly sensitive information, such as health care or financial information. Whether digital or in paper format, companies are responsible for managing and protecting sensitive information, and that’s no small challenge.

REGULATORY & ADMINISTRATIVE LAW PRACTICES

Jim Gallagher and Chris Marino

Our work includes:

  • anticipating developments that will impact businesses
  • creating and designing systems and software to maintain data security
  • developing, reviewing and ensuring compliance with the necessary plans, policies, agreements and terms of service to comply with state and federal data security laws and regulations, including tough new rules in California and Massachusetts
  • determining when security threats rise to the level of actionable security breaches
  • counseling for and assisting with breach response activities
  • ensuring compliance with international data security and privacy requirements, including the European Data Protection Regulation (GDPR) and the European Privacy Regulations
RESULTS

Proof positive.

  • Represent companies in developing and refining WISPs and related policies such as incident response plans, record retention polices, emergency recovery plans, website terms and conditions, and website privacy policies, including for a large retailer with operations in New England, Metro New York and Mid-Atlantic states.  
  • Review HIPAA/HITECH compliance issues for a fast-growing medical software company. 
  • Assist health care clients with HIPAA/HITECH compliance, including preparing internal policies, business associate agreements, and license and service agreements.  
  • Advise corporate clients on data security issues raised in both buyer- and seller-side mergers and acquisition transactions.  
  • Counsel companies in evaluating potential security breaches and required response activities and disclosures.  
  • Counseled a cloud security company in assisting U.S. and European clients on privacy compliance matters and in licensing matters.
  • Counseled companies on revising terms and conditions, privacy policies and other documents to achieve and maintain compliance with GDPR and other international data regulations.  

REGULATORY & ADMINISTRATIVE LAW ATTORNEYS

Meet the Data Security & Information Privacy Team.

Meet All Of Our Attorneys

Shareholder

Tamsin R. Kaplan

Learn More

Shareholder

Robert J. Munnelly, Jr.

Learn More

Shareholder

John F. Tocci

Learn More

RESOURCES

Happenings, headlines and insights.
See what’s new at Davis Malm.

View Our Regulatory & Administrative Law Resources

Alerts

January 20, 2026

National Data Privacy Day: 8 Tips for Employers to Protect Company and Employee Data

Read More

Firm Announcements

January 9, 2026

Robert J. Munnelly, Jr. Re-elected to NECA Board of Directors for Eleventh Consecutive Year

Read More

Publications

December 17, 2025

Robert J. Munnelly, Jr. Contributes to LexisNexis Practice Guide: Massachusetts Administrative Law and Practice

Read More

Speaking Engagements

September 16, 2025

Robert J. Munnelly Jr. Presents at the NECA Retail Markets Conference

Read More

Publications

August 4, 2025

The Next Phase of Massachusetts’ Solar Revolution

Read More

Publications

June 22, 2025

Evolving in a Time of Change: Next Steps for Massachusetts “SMART”

Read More

Publications

June 20, 2025

Phil Olsen Serves as Contributing Author for 2023-2024 ABA Sales & Use Tax Deskbook

Read More

Firm Announcements

June 12, 2025

Courtney A. Simmons Named a “Rising Star” by New England Real Estate Journal

Read More

Publications

February 7, 2025

Attorneys eager to see how Trump crypto revolution takes shape

Read More

Contact Us

Need Regulatory & Administrative Law Counsel?

Get in touch
Scroll to Top