We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Madeline (Maddy) H. Gitomer

Washington, D.C.

Madeline (Maddy) H. Gitomer

Madeline Gitomer works with legal counsel and privacy officers to navigate the regulatory landscape for organizations responding to cyber attacks and data breaches. Whether it is life sciences, education technology, digital health, or technology-driven startups, Madeline regularly advises clients on compliance with various data privacy laws, regulations, and public policy initiatives.

Drawing from her Capitol Hill experience, Madeline understands the legislative and regulatory environment around health and education privacy and helps clients in responding to a dynamic and evolving legal landscape. Organizations in crisis reach out to Madeline for skills in managing incident response, evaluating breach notification requirements, and responding to government investigations and enforcement actions. Against increased government scrutiny and an active enforcement environment, Madeline advocates on behalf of clients in outlining their reasonable compliance efforts in the face of rising numbers of hacks and cyber attacks.

Madeline regularly counsels clients on compliance with data privacy and security laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the FTC Act, the Family Educational Rights and Privacy Act (FERPA), and state laws and regulations. In addition, she advises clients on privacy policies, compliance programs, and policy issues affecting data governance.

Madeline also maintains an active pro bono practice. While in law school, Madeline received the Edward C. Baker Award for the student with the most pro bono hours in her graduating class and the Penn Law Pro Bono Award for her exceptional leadership of the Custody and Support Assistance Clinic.

Madeline has a master's degree in education policy; she served as a professional staff member to the U.S. Senate Committee on Health, Education, Labor, and Pensions.

Representative Experience

Privacy counsel in largest health-related cyber attacks in U.S. history, supporting breach response, government investigation, and privacy compliance.

Obtained successful resolution, without penalty, in numerous HHS OCR investigations of academic institutions and insurance organizations.

Advised clients on privacy-related HHS OCR and state attorney general and Insurance Commission investigations and enforcement actions.

Assisted organizations in in-depth legal education privacy assessments and associated remediation activities.

Represented amicus curiae in landmark Supreme Court case on marriage equality where brief was cited in the majority opinion.

Education and admissions


  • J.D., University of Pennsylvania Law School, 2013
  • M.S.Ed., University of Pennsylvania, 2013
  • B.A., cum laude, American University, 2006
  • B.S., cum laude, American University, 2006


  • Member, American Bar Association
  • Member, International Association of Privacy Professionals
  • Member, National LGBT Bar Association

Bar admissions and qualifications

  • District of Columbia
  • Maryland
  • New Jersey
Loading data