Donald DePass

LanguagesEnglish

Practice groupGlobal Regulatory

Donald DePass helps clients tackle challenging state, federal, and international privacy and data security issues. He advises on compliance with the Health Insurance Portability and Accountability Act (HIPAA), state health-privacy laws, the Federal Trade Commission (FTC) Act, and the Family Educational Rights and Privacy Act (FERPA), among other privacy and data security laws and regulations.

Donald regularly counsels clients on incident response, including breach notification obligations as well as response to government investigations and enforcement actions in the wake of large-scale cyberattacks. He also helps clients develop and implement compliance programs and draft contractual language for safeguarding sensitive information and legitimizing cross-border data transfers.

Donald counsels clients facing dynamic regulatory environments in a wide range of industries, primarily in the technology, life sciences and health care, and education sectors. In addition to assisting clients with complex legal matters, Donald helps clients resolve complicated policy issues affecting data privacy and security. In a rapidly evolving marketplace, he provides practical solutions that help clients meet legal and policy challenges and retain consumer trust.

While in law school, Donald served as a student attorney in the Georgetown Social Enterprise & Nonprofit Clinic and was a member of The Tax Lawyer.

Awards and recognitions

2019

Top 40 Under 40
The National Black Lawyers

Education and admissions

Education

J.D., Georgetown University Law Center, with honors, 2014

B.A., Duke University, with honors, 2011

Memberships

Member, American Bar Association

Member, International Association of Privacy Professionals

Bar admissions and qualifications

District of Columbia

New York

Related industries

Related practices

Government Relations and Public Affairs Health Law Investigations, White Collar, and Fraud Privacy and Cybersecurity

Related areas of focus

Breach Preparedness, Response, Investigation, and Comms Health Privacy and Cybersecurity Privacy and Cybersecurity Public Policy Counseling and Advocacy Risk Management, Governance, and Compliance Retail and Consumer Goods Hospitals and Health Care Providers

Representative experience

Obtained successful resolution, without penalty, in numerous HHS OCR investigations of academic institutions and insurance organizations.

Assisted a major U.S. university in responding to cybersecurity incidents, including forensic review, notification analysis, and remediation.

Helped a global company assess compliance with privacy laws in multiple countries, focusing on privacy notices, cross-border transfers, and data use restrictions.

Advised clients on privacy-related HHS OCR and state attorney general and insurance commission investigations and enforcement actions.

Conducted privacy- and cybersecurity-related diligence for several transactions involving health care and education companies.

Privacy counsel in largest health-related cyberattacks in U.S. history, supporting breach response, government investigation, and privacy compliance.

Latest thinking and events

Hogan Lovells Publications

New York regulators lead the charge to fill health data protection gaps left by federal law Chronicle of Data Protection

27 April 2017