Kevin is a member of the Firm’s Privacy & Data Security Practice Group and is a Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Technologist (CIPT).
Kevin’s practice focuses on advising companies at all stages of the growth cycle regarding data privacy compliance and data security issues. With a strong understanding of technology and privacy, Kevin provides practical advice on ways to implement and maintain effective compliance programs, engage with vendors, and deal with privacy issues in the context of mergers and acquisitions. He counsels businesses in a variety of sectors such as education, financial services, healthcare, software-as-a-service (SaaS), technology, digital advertising, gaming, and life sciences on how to mitigate risks associated with handling personal data.
Specifically, Kevin works with clients to address a variety of issues such as: drafting and negotiating data processing agreements, data licenses, and data security exhibits; advising on international data transfer mechanisms (including the European Union (EU) and United Kingdom (UK) standard contractual clauses); preparing tailored privacy policies and cookie notices; creating and implementing internal documents such as employee privacy notices, written information security programs (WISPs), and incident response plans (IRPs) as well as conducting employee trainings; and investigating and responding to security incidents such as ransomware attacks and multi-state data breaches.
Kevin advises clients on several state, federal and international laws and regulations, including:
- California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
- Children’s Online Privacy Protection Act (COPPA);
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM);
- EU-U.S. Data Privacy Framework;
- General Data Protection Regulation (GDPR);
- Graham-Leach-Bliley Act (GLBA);
- Illinois Biometric Information Privacy Act (BIPA);
- Other state privacy laws such as those in Colorado, Connecticut, Utah and Virginia (CPA, CTDPA, UCPA, and VCDPA);
- Section 5 of the Federal Trade Commission Act (FTC Act); and
- Telephone Consumer Privacy Act (TCPA) and Telemarketing Sales Rule (TSR).
During law school, Kevin was a senior editor of the law review, participated in moot court, and worked as a teaching assistant for multiple professors. Prior to joining Morse, Kevin worked at several Boston area firms and the U.S. Attorney’s Office.
Outside the office
Kevin is an avid Premier League and NBA fan, as well as an aspiring home chef. Originally from Brooklyn, NY Kevin now resides in Boston with his wife.
News & Events
Kevin Olson Earns IAPP Certified Information Privacy Technologist Credentials
September 11, 2023
Client Alert: European Commission Approves EU-U.S. Data Privacy Framework
July 17, 2023
Top Trends in Data Privacy
6 Takeaways from IAPP Global Summit
June 12, 2023
Intellectual Property Basics: ICYMI Webinar Recap
May 22, 2023
2022 M&A Deals
Mergers & Acquisitions: A Transaction Recap
March 24, 2023
Celebrating Data Privacy Week 2023
February 3, 2023
Northeastern University School of Law, J.D.
Northeastern University Law Review
Gettysburg College, B.A.