News
CPRA countdown: New compliance obligations and challenges around “sensitive personal information”
11 February 2021
Senior AssociateWashington, D.C.
Email donald.depass@hoganlovells.com
Phone +1 202 637 3286
Fax +1 202 637 5910
LanguagesEnglish
Practice groupGlobal Regulatory
Donald DePass helps clients tackle challenging state, federal, and international privacy and data security issues. He advises on compliance with the Health Insurance Portability and Accountability Act (HIPAA), state health-privacy laws, the Federal Trade Commission (FTC) Act, and the Family Educational Rights and Privacy Act (FERPA), among other privacy and data security laws and regulations.
Donald regularly counsels clients on incident response, including breach notification obligations as well as response to government investigations and enforcement actions in the wake of large-scale cyberattacks. He also helps clients develop and implement compliance programs and draft contractual language for safeguarding sensitive information and legitimizing cross-border data transfers.
Donald counsels clients facing dynamic regulatory environments in a wide range of industries, primarily in the technology, life sciences and health care, and education sectors. In addition to assisting clients with complex legal matters, Donald helps clients resolve complicated policy issues affecting data privacy and security. In a rapidly evolving marketplace, he provides practical solutions that help clients meet legal and policy challenges and retain consumer trust.
While in law school, Donald served as a student attorney in the Georgetown Social Enterprise & Nonprofit Clinic and was a member of The Tax Lawyer.
Top 40 Under 40
The National Black Lawyers
Education
J.D., Georgetown University Law Center, with honors, 2014
B.A., Duke University, with honors, 2011
Memberships
Member, American Bar Association
Member, International Association of Privacy Professionals
Bar admissions and qualifications
District of Columbia
New York
Obtained successful resolution, without penalty, in numerous HHS OCR investigations of academic institutions and insurance organizations.
Assisted a major U.S. university in responding to cybersecurity incidents, including forensic review, notification analysis, and remediation.
Helped a global company assess compliance with privacy laws in multiple countries, focusing on privacy notices, cross-border transfers, and data use restrictions.
Advised clients on privacy-related HHS OCR and state attorney general and insurance commission investigations and enforcement actions.
Conducted privacy- and cybersecurity-related diligence for several transactions involving health care and education companies.
Privacy counsel in largest health-related cyberattacks in U.S. history, supporting breach response, government investigation, and privacy compliance.
News
11 February 2021
News
10 December 2020
Hogan Lovells Publications
27 April 2017