Kevin E. Dolan is a Partner at Mullen Coughlin and Co-Chair of the Firm’s Advisory Compliance practice group. As Co-Chair, he leads a team of attorneys in counseling organizations of all sizes and across all industry groups in proactive data privacy and information security risk management planning. He is also an experienced data privacy and security incident response attorney.
Kevin’s Advisory Compliance practice involves assisting organizations with the avoidance or mitigation of data privacy and security incidents’ impact, as well as providing guidance to them to improve their overall compliance posture with respect to pertinent legal and regulatory frameworks. This includes development of organization-specific Incident Response Plans (IRPs); review, modification and/or creation of data privacy policies relating to data collection and management; facilitation of tabletop exercises and other employee/Board trainings; and development of compliance and privacy programs related to various data privacy and information security laws and regulations, including, but not limited to the following:
- Comprehensive state privacy laws such as the:
- California Consumer Privacy Act (CCPA), and its amendment the California Privacy Rights Act (CPRA);
- Virginia Consumer Data Protection Act (VCDPA);
- Utah Consumer Privacy Act (UCPA);
- Colorado Privacy Act (CPA); and
- Connecticut Personal Data Privacy and Online Monitoring Act (CDTPA);
- Federal and state privacy laws and regulations including:
- the Family Educational Rights and Privacy Act (FERPA);
- the Health Insurance Portability and Accountability Act (HIPAA);
- the Gramm-Leach-Bliley Act (GLBA);
- New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and Department of Financial Services (NYDFS) Cybersecurity Regulation;
- the Massachusetts Information Security Standard;
- the National Association of Insurance Commissioners (NAIC) standards; and
- International privacy laws, in partnership with international counsel, like the European Union’s General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
In addition to his Advisory Compliance practice, Kevin also counsels victim organizations in responding to, and investigating, data privacy and security incidents. He uses his Advisory Compliance knowledge to effectively and efficiently identify applicable state, federal and international legal and regulatory obligations as it relates to law enforcement reporting, individual and business partner notification and regulatory follow up or inquiries.
Kevin’s expertise in data privacy and information security is supplemented by his prior experience serving in a variety of legal and executive roles in the education industry, most recently as Vice President of Strategy and General Counsel at a Philadelphia-based university. This experience informs the practical compliance strategies and recommendations Kevin provides to organizations prior to, during and after experiencing a data privacy and security incident.
Sajjad Matin is Principal Counsel, Cybersecurity and Data Protection at the University of California, where he joined the Office of General Counsel in May 2022. In his role in Cybersecurity and Data Protection, Sajjad counsels system-wide stakeholders through major cybersecurity incidents Sajjad serves as primary legal support to UCOP’s Office of Information Technology Services and Cybersecurity Audit Team, and advises UC Health, the Faculty Senate, and the UC campuses on a broad range of cybersecurity and technology matters.
Prior to his arrival at UCOP, Sajjad served as a federal prosecutor in Miami, Florida, where he focused on investigating and prosecuting cybercrimes, including intrusions and ransomware attacks. Sajjad’s experience includes civil enforcement as an attorney with the Securities and Exchange Commission, where he investigated bribery, insider trading, and fraud against investors. Prior to public service, Sajjad worked in the Silicon Valley as an intellectual property attorney, including as inhouse counsel for a company specializing in virtualization technology.