Matthew Coleman is a privacy and data security associate based in Ropes & Gray’s Boston office. His practice focuses on privacy, information security, intellectual property transactions and consumer protection. Prior to joining the firm, Matthew was an Enterprise Privacy Solutions Manager for TRUSTe, a San Francisco-based data management consulting and certification firm, and an adjunct law professor of Privacy Law at Santa Clara University.
Matthew is a Certified Information Privacy Manager and a Certified Information Privacy Professional with a specialization in United States privacy law. Matthew leverages years of experience in researching, auditing, counseling, and litigating complex, multi-jurisdictional issues surrounding data privacy and information governance. Matthew focuses his practice on helping clients develop privacy programs to meet the requirements of an incomplete patchwork of data privacy and security laws, both in the U.S. and abroad, including HIPAA, GLBA, FCRA, ECPA, COPPA, CAN-SPAM, CASL, PIPEDA, and the EU Data Protection Directive. He also has extensive experience guiding clients through various self-regulatory privacy programs such as the EU-US Privacy Shield, Binding Corporate Rules, Standard Contractual Clauses, APEC CBPRs, and sectoral programs covering online behavioral advertising including the DAA, EDAA, IAB, and the NAI.
Matthew leans on his experience working for federal regulators to keep clients on the safe side of the watchful eye of the law. His understanding of overarching data management best practices help him counsel beyond the letter of the law, but also facilitate worldwide expansion, interoperable business processes, and innovative uses of consumer data while maintaining user trust.
His all-encompassing approach involves developing and executing internal and external policies for the collection, use, disclosure, sharing, retaining, transferring, and destruction of personal information. This includes managing contractual relationships with vendors, employees, acquired entities, and creditors as well as the operationalization of regular privacy impact assessments. In the event of a data incident, Matthew can assist with their response, auditing, and remediation needs.
Through law school, Matthew worked for the Federal Trade Commission, pursuing enforcement actions in their Bureau of Consumer Protection and Samsung, prosecuting and administering patents and licensing transactions.
- Conducted privacy and security operational assessments for clients various industries, including health care, CPG, entertainment, advertising, SaaS providers, mobile gaming, fantasy gaming, and B2B services.
- Developed an automated privacy assessment program for a worldwide pharmaceutical company.
- Guided dozens of major multinational corporations through U.S.- E.U./Swiss Safe Harbor certification and re-certification.
- Advised a major B2B products and services client on the acquisition of a major data broker.
- Advised a major B2B SaaS cloud services provider on their acquisition of multiple marketing and advertising companies.
- Developed an internal employee policy on the collection, use, transfer, disclosure, and retention for a German consumer products company.
Please note that the above transactions were prior to joining Ropes & Gray.