Kevin J. Angle
Counsel
Kevin Angle is counsel in the data, privacy & cybersecurity group based in Ropes & Gray’s Boston office. Recognized as a “Go To Lawyer: Cybersecurity & Data Privacy” by Massachusetts Lawyers Weekly, he represents a broad range of companies on privacy and cybersecurity matters, guiding clients through the existing patchwork of U.S. federal and state laws as well as the European Union’s comprehensive General Data Protection Regulation (GDPR) and other international privacy and cybersecurity laws. Kevin also advises clients on privacy and cybersecurity matters arising in complex corporate transactions, helping clients to realize the value of data and protect it post close, along with assisting clients in responding to data security incidentsranging from ransomware to payment card theft in both the United States and multi-jurisdictional settings.
A member of the steering committee of the Boston Bar Association’s Privacy, Cybersecurity & Digital Law Section, Kevin guides companies through the creation and implementation of comprehensive privacy and cybersecurity compliance programs while navigating the complexobligations and requirements of the GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Connecticut Data Privacy Act, and other comprehensive US state privacy laws. He also regularly assists clients in complying with electronic and communications privacy laws such as the Electronic Communication Privacy Act (ECPA), rules and regulations governing ad-tech, the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule, and the Florida Telephone Solicitation Act, among others.
Kevin is a Certified Information Privacy Professional and leverages his prior experience in litigation to provide clients with risk-conscious advice. Kevin helps clients to anticipate and address potential areas of legal exposure and to structure breach responses and privacy programs to minimize potential liability.
Experience
Compliance and Counseling
- Represents prominent university in developing and implementing comprehensive GDPR compliance program
- Assists public biotechnology companies in operationalizing GDPR and CCPA compliance
- Assisting companies in industries ranging from construction to consumer goods in developing CCPA/CPRA compliant policies and procedures
- Provided product counseling to interactive, internet-connected fitness device manufacturer
- Advising consortium of retirement plan recordkeepers in developing data sharing, auto-portability framework
- Assists asset management clients in complying with financial privacy laws and regulations including the Gramm-Leach-Bliley Act and its implementing regulations, security safeguards rules, and identity theft red flag rules
- Advises companies on Illinois Biometric Information Privacy Act (BIPA), FTC Act, TCPA, CAN-SPAM, HIPAA, state data breach notification and security laws, along with the Payment Card Industry Data Security Standards (PCI DSS)
Transactional
- Represented New Mountain Capital in its equity investment in W20 Group, a leading independent provider of analytics-driven digital marketing in the health care sector, along with follow-on acquisitions by W20 of Swoop.com, 21Grams and TI Health
- Represented TH Lee in acquisition of Intelligent Medical Objects, a healthcare data enablement provider
- Led privacy diligence in TPG’s $2.2 billion acquisition of Change Healthcare’s claims editing business, ClaimsXten
- Represented TPG in its simultaneous carve-out of AT&T’s U.S. video business (DirecTV) and $1.8 billion investment in carved out business
- Represented Goddard School in $420 million whole-business securitization bond offering backed by Goddard’s brand assets including data
Crisis Management and Incident Response
- Represented Fortune 500 engineering company in responding to ransomware attack
- Represented medical device maker regarding data theft and related US and European regulatory inquiries
- Represented Fortune 100 insurance company in responding to multi-state attorney general investigation stemming from criminal cyber attack
- Represented Home Depot in aftermath of well-publicized payment card breach
- Represented Supervalu Inc. regarding theft of payment card information and related regulatory inquiries
Publications
- Co-author, “Key Requirements of Connecticut & Colorado Privacy Laws,” Bloomberg Law (June 2023)
- Profiled, “Go-To Lawyers – Cybersecurity & Data Privacy 2022,” Massachusetts Lawyers Weekly (October 31, 2022)
- Co-author, “Cybersecurity 2022,” Chambers Global Practice Guides (2022)
- Co-author, “USA Law & Practice and Trends & Developments,” Chambers Global Practice Guide Cybersecurity 2022 (April 4, 2022)
- Co-author, “U.S. Cybersecurity Laws and Regulations,” chapter in International Comparative Legal Guide - Cybersecurity 2022 (January 2022)
- Co-author, “US Litigation Considerations and Landscape,” The Guide to Cyber Investigations, second edition (2021)
- Co-author, “Cyber Trends and Investigations in Europe: A Practitioner’s Perspective,” The Guide to Cyber Investigations, second edition (2021)
- Co-author, “Cybersecurity 2021: USA,” Chambers “Cybersecurity 2021” Global Practice Guide (March 16, 2021)
- Co-author, “Data Privacy Compliance Best Practices For Asset Managers,” Law360 (October 9, 2019)
- Quoted, “Sweeping New Privacy, Conduct Regs Loom for Fund Managers,” FundFire (October 2, 2019)
- Co-author, “US Litigation Considerations and Landscape,” The Guide to Cyber Investigations, first edition (2019)
- Co-author, “California Passes Consumer Privacy Act,” Westlaw Practitioner’s Insight (August 9, 2018) and Westlaw Journal of Computer & Internet (August 24, 2018)
- Co-author, “Increased Enforcement Activity Underscores Need for Firms to Conduct Rigorous Cybersecurity Oversight,” Wolters Kluwer’s Securities Regulation Daily (May 24, 2018)
- Quoted, “Inside Track,” Law.com (January 24, 2018)
- Author, “EU Privacy Regulator Group’s First Annual Privacy Shield Report—Ensuring a Future for the EU-U.S. Data Transfer Regime,” Bloomberg BNA’s Privacy Law Watch (January 22, 2018)
- Co-author, “Global Perspectives On High Court Microsoft Warrant Case,” Law360 (January 10, 2018)
Presentations
- Presenter, “The Convergence of Data Security, Governance, and Privacy in the Context of Modern Data Protection and Privacy Regulations,” Global GRC, Data Privacy & Cyber Security ConfEx (May 31, 2023)
- Speaker, “Neighbors in Privacy: The Connecticut Data Privacy Act and Implementing Comprehensive Privacy Programs,” Boston Bar Association (April 20, 2023)
- Speaker, “Securing Research: NSPM-22 and Cybersecurity in Federally Funded Research,” Boston Bar Association (March 23, 2023)
- Speaker, “Alternative Data: How to Harness the Power and Manage the Risks of Third-Party Alternative Data,” Centerforce IP Strategy Summit (April 11, 2019)
- Speaker, “Blockchain, Data Protection, and Cybersecurity Best Practices,” Boston College Conference on Cybersecurity (March 6, 2019)
- Speaker, “GDPR and Beyond: Best Practices for GDPR Compliance and for Responding to Cyber Incidents,” European IP Summit (October 4, 2018)
Education
- JD, Columbia University School of Law, 2009; James Kent Scholar; Columbia Law Review , Senior Editor
- AB (Government), cum laude, Harvard University, 2003
Admissions / Qualifications
Qualifications
- New York, 2012
- Massachusetts, 2010