Kevin S. Olson

Kevin is a member of the Firm’s Privacy & Data Security Practice Group and is a Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Technologist (CIPT).

Kevin’s practice focuses on advising companies at all stages of the growth cycle regarding data privacy compliance and data security issues. With a strong understanding of technology and privacy, Kevin provides practical advice on ways to implement and maintain effective compliance programs, engage with vendors, and deal with privacy issues in the context of mergers and acquisitions. He counsels businesses in a variety of sectors such as education, financial services, healthcare, software-as-a-service (SaaS), technology, digital advertising, gaming, and life sciences on how to mitigate risks associated with handling personal data.

Specifically, Kevin works with clients to address a variety of issues such as: drafting and negotiating data processing agreements, data licenses, and data security exhibits; advising on international data transfer mechanisms (including the European Union (EU) and United Kingdom (UK) standard contractual clauses); preparing tailored privacy policies and cookie notices; creating and implementing internal documents such as employee privacy notices, written information security programs (WISPs), and incident response plans (IRPs) as well as conducting employee trainings; and investigating and responding to security incidents such as ransomware attacks and multi-state data breaches.

Kevin advises clients on several state, federal and international laws and regulations, including:

• California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
• Children’s Online Privacy Protection Act (COPPA);
• Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM);
• EU-U.S. Data Privacy Framework;
• General Data Protection Regulation (GDPR);
• Graham-Leach-Bliley Act (GLBA);
• Illinois Biometric Information Privacy Act (BIPA);
• Other state privacy laws such as those in Colorado, Connecticut, Utah and Virginia (CPA, CTDPA, UCPA, and VCDPA);
• Section 5 of the Federal Trade Commission Act (FTC Act); and
• Telephone Consumer Privacy Act (TCPA) and Telemarketing Sales Rule (TSR).

During law school, Kevin was a senior editor of the law review, participated in moot court, and worked as a teaching assistant for multiple professors. Prior to joining Morse, Kevin worked at several Boston area firms and the U.S. Attorney’s Office.