Kevin is a member of the Firm’s Privacy & Data Security Practice Group and is a Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Technologist (CIPT).
Kevin’s practice focuses on advising companies at all stages of the growth cycle regarding data privacy compliance and data security issues. With a strong understanding of technology and privacy, Kevin provides practical advice on ways to implement and maintain effective compliance programs, engage with vendors, and deal with privacy issues in the context of mergers and acquisitions. He counsels businesses in a variety of sectors such as education, financial services, healthcare, software-as-a-service (SaaS), technology, digital advertising, gaming, and life sciences on how to mitigate risks associated with handling personal data.
Specifically, Kevin works with clients to address a variety of issues such as: drafting and negotiating data processing agreements, data licenses, and data security exhibits; advising on international data transfer mechanisms (including the European Union (EU) and United Kingdom (UK) standard contractual clauses); preparing tailored privacy policies and cookie notices; creating and implementing internal documents such as employee privacy notices, written information security programs (WISPs), and incident response plans (IRPs) as well as conducting employee trainings; and investigating and responding to security incidents such as ransomware attacks and multi-state data breaches.
Kevin advises clients on several state, federal and international laws and regulations, including:
- California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
- Children’s Online Privacy Protection Act (COPPA);
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM);
- EU-U.S. Data Privacy Framework;
- General Data Protection Regulation (GDPR);
- Graham-Leach-Bliley Act (GLBA);
- Illinois Biometric Information Privacy Act (BIPA);
- Other state privacy laws such as those in Colorado, Connecticut, Utah and Virginia (CPA, CTDPA, UCPA, and VCDPA);
- Section 5 of the Federal Trade Commission Act (FTC Act); and
- Telephone Consumer Privacy Act (TCPA) and Telemarketing Sales Rule (TSR).
During law school, Kevin was a senior editor of the law review, participated in moot court, and worked as a teaching assistant for multiple professors. Prior to joining Morse, Kevin worked at several Boston area firms and the U.S. Attorney’s Office.
Publications
European Commission Approves EU-U.S. Data Privacy Framework
Data Privacy Compliance Basics: ICYMI Webinar Recap
GLBA Compliance: FTC Makes Significant Additions to the GLBA Safeguards Rule
Outside the office
Kevin is an avid Premier League and NBA fan, as well as an aspiring home chef. Originally from Brooklyn, NY Kevin now resides in Boston with his wife.
News & Events
-
2019-2023 M&A Deals
Mergers & Acquisitions: A Transaction Recap
February 21, 2024 -
Kevin Olson Earns IAPP Certified Information Privacy Technologist Credentials
September 11, 2023 -
Client Alert: European Commission Approves EU-U.S. Data Privacy Framework
July 17, 2023 -
Top Trends in Data Privacy
6 Takeaways from IAPP Global Summit
June 12, 2023 -
Intellectual Property Basics: ICYMI Webinar Recap
May 22, 2023
Education
Northeastern University School of Law, J.D.
Northeastern University Law Review
Gettysburg College, B.A.
Admissions
Massachusetts Bar