Developing, implementing, and maintaining privacy policies and data security practices that protect sensitive business and customer information from unauthorized use and disclosure is imperative for organizations of all sizes and across all industries. Whether it’s personally identifiable customer information, patient information, trade secrets, intellectual property, or other confidential information, the data must be managed in compliance with rapidly evolving laws and regulations and consistent with best practices. In today’s complex legal and regulatory landscape, businesses need an experienced, reliable, and responsive legal team.

        Verrill’s team of Privacy and Data Security attorneys have extensive experience across various industries, practice areas, and jurisdictions. Our attorneys stay updated with the latest state, federal, and international privacy laws and regulations for collecting personal/sensitive data. We offer counsel on data privacy and cybersecurity concerns, data security breaches, mergers and acquisitions, joint ventures, consumer protection, marketing programs, compliance and regulatory issues, information management, and information sharing. We help clients understand and implement necessary safeguards and comply with applicable notification and other legal requirements.

        We have experience with a wide range of state, federal, and international laws and industry best practices, including:

        • Healthcare: HIPAA, HITECH
        • Education: FERPA
        • Finance: GLBA, FACTA, FCRA
        • Marketing and Communications: TCPA, TSR, FTC, and CAN-SPAM
        • International: EU GDPR, UK GDPR, PIPEDA
        • Technology: COPPA, CFAA, Stored Communications Act
        • State Data Privacy and Information Security laws

        Verrill takes a collaborative and proactive approach to helping its clients comply with regulations. We carefully analyze and pinpoint areas that require immediate attention and improvement and work with our clients to implement effective measures to address and rectify them. If any challenges arise, Verrill is always ready to support clients in conducting a timely, thorough, and effective response.

        The following are the services we provide related to data governance and privacy:

        • Providing counsel on compliance with evolving data privacy laws and regulations, helping clients navigate complex legal requirements and adapt their practices accordingly.
        • Establishing and maintaining privacy and data security programs tailored to the client’s specific needs, ensuring ongoing adherence to best practices and regulatory requirements.
        • Conducting comprehensive risk assessments to evaluate data governance practices, including conducting privacy impact assessments to identify potential risks to data privacy.
        • Formulating and implementing administrative safeguards, encompassing the creation of robust policies, procedures, and contractual agreements to ensure compliance with privacy regulations and standards.
        • Delivering targeted awareness training sessions to educate employees and stakeholders on the importance of data privacy and security measures.
        • Advocating for clients in both defensive and prosecutorial capacities regarding privacy and data security claims, ensuring their interests are protected.
        • Responding promptly and effectively to regulatory inquiries and criminal investigations related to data privacy, ensuring compliance with legal obligations.
        • Overseeing incident readiness and response procedures, including counseling with respect to data breach reporting and notifications under state and federal law, including drafting and coordinating individual and agency notifications.
        • Drafting data use and sharing agreements, customized policies and procedures, training materials, and business associate agreements.
        • Developing robust business continuity and disaster recovery plans to mitigate the impact of data breaches or other unforeseen events on the client’s operations.
        • Negotiating cyber insurance coverage tailored to the client’s specific risk profile and pursuing claims in the event of data breaches or cyber incidents.
        • Resolving transactional disputes related to data governance and privacy matters through negotiation or other legal means, protecting the client’s interests.
        People
        
 Keefe B. Clemons
        (617) 357 3717
        
 Patrick D. Duplessis
        (203) 222 3116
        
 Michael K. Fee
        (617) 292 2866
        
 Andrew Ferrer
        (617) 357 3733
        
 Robert L. Hover
        (617) 292 2871
        
 Rebecca Lessard
        (207) 253 4424
        
 Adam Nyhan

        Adam Nyhan

        Partner
        (207) 253 4416
        
 Abby Plummer

        Abby Plummer

        Associate
        (207) 253 4486
        
 Derek Rocha
        (857) 383 2644
        
 Jeffrey D. Russell
        (207) 253 4626
        
 William H. Stiles
        (207) 253 4966
        
 John W. Van Lonkhuyzen
        (207) 253 4624
        Events
        When: June 5, 2026 at 8:00am - 4:30pm
        Location: University of Maine School of Law
        People: Keefe B. Clemons
        When: April 8, 2026 at 1:00pm - 2:00pm
        Location: Webinar
        People: Keefe B. Clemons
        When: October 20-23, 2025
        Location: Portland, Maine
        People: Keefe B. Clemons
        When: June 6, 2025 at 8:45am – 4:45pm (EDT)
        Location: University of Maine School of Law
        People: Keefe B. Clemons

        Firm Highlights

        Press Releases

        Verrill Recognized by U.S. News as One of the Best Law Firms to Work for in 2026

        BOSTON, Mass., BANGOR and PORTLAND, Maine, GREENWICH and WESTPORT, Conn., – Verrill has been featured on U.S. News’ 2026 Best Companies to Work...
        Blog

        SECURE 2.0 Roth Catch-Up Rules and the 403(b) 15-Year Catch-Up: What Tax-Exempt Employers Need to Know

        Tax-exempt employers whose 403(b) plans offer catch-up contributions for participants age 50 and above should be well on their way to compliance with...
        Media Mentions

        Robert Keach Quoted in Law360 on SIMAD Summer Camp Bankruptcy Sale

        Verrill attorney Robert Keach was recently quoted in a Law360 article examining the Chapter 11 bankruptcy proceedings involving SIMAD Holdings and...
        Media Mentions

        Chris Tsouros Featured in Law360’s Coverage of Sports Real Estate Deals

        Verrill Partner Chris Tsouros was recently recognized in a Law360 article highlighting law firms involved in significant sports real estate projects...
        Blog

        What Maine’s New Employer Surveillance Law Means for Maine Employers

        Maine employers who monitor their workforce, whether through productivity software, GPS, call recording, or cameras, have a new compliance obligation...
        Blog

        Run Don’t Walk: The Implication of “While Supplies Last” Prize Promotions

        This month a big-chain grocery store has been offering daily mystery boxes during specific timed drops on a first-come, first-served basis, to users...
        Blog

        Maine’s Noncompete Statute is Reshaped for Health Care Workers: What You Need to Know

        Employers of individuals who are licensed under state law to perform, or provide, health care services in the State of Maine should be prepared for...
        Media Mentions

        Steven Davis Featured in the Environmental Business Journal

        Steven Davis, President of Verrill Strategic Consulting, was recently interviewed and featured in the Environmental Business Journal, Volume 39...
        Blog

        What is a Bonus for Purposes of ERISA?

        An ongoing dispute about a Department of Labor advisory opinion published last September raises a basic but unanswered question under the ERISA: What...
        Media Mentions

        Verrill Recognized by WMTW for Partnership Supporting Hunger Relief in Maine

        Verrill was recently featured in coverage by WMTW News 8 for its role in a collaborative effort to combat food insecurity across southern...
        Press Releases

        33 Verrill Attorneys, Across Four Offices, Recognized in the 2026 Chambers USA Guide

        BOSTON, Massachusetts, PORTLAND, Maine, WESTPORT, Connecticut, and WASHINGTON, D.C. – Verrill has been recognized as a Leading Firm in 14...
        Blog

        Will the Knicks Beat the Spurs? (Are Prediction Market Event Contracts Gambling?)

        For those of you who like to keep score, currently 18 states are engaged in litigation over prediction markets, such as Kalshi and Polymarket,...