Kevin J. Angle

Jump to:

Kevin Angle is counsel in the data, privacy & cybersecurity group based in Ropes & Gray’s Boston office. Recognized as a “Go To Lawyer: Cybersecurity & Data Privacy” by Massachusetts Lawyers Weekly, he represents a broad range of companies on privacy and cybersecurity matters, guiding clients through the existing patchwork of U.S. federal and state laws as well as the European Union’s comprehensive General Data Protection Regulation (GDPR) and other international privacy and cybersecurity laws. Kevin also advises clients on privacy and cybersecurity matters arising in complex corporate transactions, helping clients to realize the value of data and protect it post close, along with assisting clients in responding to data security incidentsranging from ransomware to payment card theft in both the United States and multi-jurisdictional settings.

A member of the steering committee of the Boston Bar Association’s Privacy, Cybersecurity & Digital Law Section, Kevin guides companies through the creation and implementation of comprehensive privacy and cybersecurity compliance programs while navigating the complexobligations and requirements of the GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Connecticut Data Privacy Act, and other comprehensive US state privacy laws. He also regularly assists clients in complying with electronic and communications privacy laws such as the Electronic Communication Privacy Act (ECPA), rules and regulations governing ad-tech, the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule, and the Florida Telephone Solicitation Act, among others.

Kevin is a Certified Information Privacy Professional and leverages his prior experience in litigation to provide clients with risk-conscious advice. Kevin helps clients to anticipate and address potential areas of legal exposure and to structure breach responses and privacy programs to minimize potential liability.

Experience

Compliance and Counseling

Represents prominent university in developing and implementing comprehensive GDPR compliance program
Assists public biotechnology companies in operationalizing GDPR and CCPA compliance
Assisting companies in industries ranging from construction to consumer goods in developing CCPA/CPRA compliant policies and procedures
Provided product counseling to interactive, internet-connected fitness device manufacturer
Advising consortium of retirement plan recordkeepers in developing data sharing, auto-portability framework
Assists asset management clients in complying with financial privacy laws and regulations including the Gramm-Leach-Bliley Act and its implementing regulations, security safeguards rules, and identity theft red flag rules
Advises companies on Illinois Biometric Information Privacy Act (BIPA), FTC Act, TCPA, CAN-SPAM, HIPAA, state data breach notification and security laws, along with the Payment Card Industry Data Security Standards (PCI DSS)

Transactional

Represented New Mountain Capital in its equity investment in W20 Group, a leading independent provider of analytics-driven digital marketing in the health care sector, along with follow-on acquisitions by W20 of Swoop.com, 21Grams and TI Health
Represented TH Lee in acquisition of Intelligent Medical Objects, a healthcare data enablement provider
Led privacy diligence in TPG’s $2.2 billion acquisition of Change Healthcare’s claims editing business, ClaimsXten
Represented TPG in its simultaneous carve-out of AT&T’s U.S. video business (DirecTV) and $1.8 billion investment in carved out business
Represented Goddard School in $420 million whole-business securitization bond offering backed by Goddard’s brand assets including data

Crisis Management and Incident Response

Represented Fortune 500 engineering company in responding to ransomware attack
Represented medical device maker regarding data theft and related US and European regulatory inquiries
Represented Fortune 100 insurance company in responding to multi-state attorney general investigation stemming from criminal cyber attack
Represented Home Depot in aftermath of well-publicized payment card breach
Represented Supervalu Inc. regarding theft of payment card information and related regulatory inquiries

Credentials

Clerkships

Publications

Co-author, “Overview of intellectual property, contractual, and statutory frameworks for protecting data assets in view of artificial intelligence applications,” Patent Lawyer Magazine (September 2023)
Co-author, “Overview of Intellectual Property, Contractual and Statutory Frameworks for Protecting Data Assets in View of Artificial Intelligence Applications,” The Patent Lawyer (September-October 2023)
Profiled, “Go-To Lawyers – Cybersecurity & Data Privacy 2022,” Massachusetts Lawyers Weekly (October 31, 2022)
Co-author, “Cybersecurity 2022,” Chambers Global Practice Guides (2022)
Co-author, “USA Law & Practice and Trends & Developments,” Chambers Global Practice Guide Cybersecurity 2022 (April 4, 2022)
Co-author, “U.S. Cybersecurity Laws and Regulations,” chapter in International Comparative Legal Guide - Cybersecurity 2022 (January 2022)
Co-author, “US Litigation Considerations and Landscape,” The Guide to Cyber Investigations, second edition (2021)
Co-author, “Cyber Trends and Investigations in Europe: A Practitioner’s Perspective,” The Guide to Cyber Investigations, second edition (2021)
Co-author, “Cybersecurity 2021: USA,” Chambers “Cybersecurity 2021” Global Practice Guide (March 16, 2021)
Co-author, “Data Privacy Compliance Best Practices For Asset Managers,” Law360 (October 9, 2019)
Quoted, “Sweeping New Privacy, Conduct Regs Loom for Fund Managers,” FundFire (October 2, 2019)
Co-author, “US Litigation Considerations and Landscape,” The Guide to Cyber Investigations, first edition (2019)
Co-author, “California Passes Consumer Privacy Act,” Westlaw Practitioner’s Insight (August 9, 2018) and Westlaw Journal of Computer & Internet (August 24, 2018)
Co-author, “Increased Enforcement Activity Underscores Need for Firms to Conduct Rigorous Cybersecurity Oversight,” Wolters Kluwer’s Securities Regulation Daily (May 24, 2018)
Quoted, “Inside Track,” Law.com (January 24, 2018)
Author, “EU Privacy Regulator Group’s First Annual Privacy Shield Report—Ensuring a Future for the EU-U.S. Data Transfer Regime,” Bloomberg BNA’s Privacy Law Watch (January 22, 2018)
Co-author, “Global Perspectives On High Court Microsoft Warrant Case,” Law360 (January 10, 2018)

Presentations

Speaker, “Artificial Intelligence: Advisor Risks and Board Oversight,” Investment Company Institute: 2023 Securities Law Development Conference (October 24, 2023)
Moderator, “Privacy in the Home: From Voice Assistants to Vacuums—Children, Privacy and Our Daily Lives,” Boston Bar Association (October 24, 2023)
Presenter, “The Convergence of Data Security, Governance, and Privacy in the Context of Modern Data Protection and Privacy Regulations,” Global GRC, Data Privacy & Cyber Security ConfEx (May 31, 2023)
Speaker, “Neighbors in Privacy: The Connecticut Data Privacy Act and Implementing Comprehensive Privacy Programs,” Boston Bar Association (April 20, 2023)
Speaker, “Securing Research: NSPM-22 and Cybersecurity in Federally Funded Research,” Boston Bar Association (March 23, 2023)
Speaker, “Alternative Data: How to Harness the Power and Manage the Risks of Third-Party Alternative Data,” Centerforce IP Strategy Summit (April 11, 2019)
Speaker, “Blockchain, Data Protection, and Cybersecurity Best Practices,” Boston College Conference on Cybersecurity (March 6, 2019)
Speaker, “GDPR and Beyond: Best Practices for GDPR Compliance and for Responding to Cyber Incidents,” European IP Summit (October 4, 2018)

Experience

Credentials

Education

Admissions

Clerkships

Publications

Presentations

Areas of Practice