Donald DePass | Washington, D.C. | Hogan Lovells

Donald DePass

Counsel Global Regulatory



DePass Donald

Donald DePass
DePass Donald
  • Overview
  • Experience
  • Credentials
  • Insights and events

Donald DePass helps innovative organizations protect and manage health data and other sensitive information. In a rapidly developing landscape, he provides pragmatic solutions to help address complex privacy, data security, and consumer protection challenges, including with respect to sophisticated and emerging technologies, such as machine learning and artificial intelligence, and digital health products.

Donald counsels clients facing highly regulated and dynamic environments, primarily in the technology, life sciences and health care, and sports and fitness sectors, including technology and data companies, academic medical centers, laboratories, device and pharmaceutical manufacturers, health plans, researchers, and media and fitness companies.  

Donald routinely helps clients with privacy program design and strategic compliance with data privacy and consumer protection laws.  He regularly advises on issues related to the use and disclosure of sensitive information, including genetic and biometric information, research, de-identification, notice and consent practices, privacy and cyber incident response and preparedness, government investigations, and commercial negotiations. Working with stakeholders across legal, compliance, and product teams, Donald can be counted on to help organizations tackle their most pressing legal challenges and achieve key business objectives.

While in law school, Donald served as a student attorney in the Georgetown Social Enterprise & Nonprofit Clinic and was a member of The Tax Lawyer.

Representative experience

Obtained successful resolution, without penalty, in numerous HHS OCR investigations of academic institutions and insurance organizations.
Assisted a major U.S. university in responding to cybersecurity incidents, including forensic review, notification analysis, and remediation.
Helped a global company assess compliance with privacy laws in multiple countries, focusing on privacy notices, cross-border transfers, and data use restrictions.
Advised clients on privacy-related HHS OCR and state attorney general and insurance commission investigations and enforcement actions.
Conducted privacy- and cybersecurity-related diligence for several transactions involving health care and education companies.
Privacy counsel in largest health-related cyberattacks in U.S. history, supporting breach response, government investigation, and privacy compliance.


  • J.D., Georgetown University Law Center, with honors, 2014
  • B.A., Duke University, with honors, 2011
Bar admissions and qualifications
  • District of Columbia
  • New York
  • Member, American Bar Association
  • Member, International Association of Privacy Professionals


Top 40 Under 40

The National Black Lawyers

Recognized for work in Privacy and Data Security

Best Lawyers: Ones to Watch