Photo of William J. Roberts

William Roberts is the Chair of Shipman & Goodwin LLP’s Privacy and Data Protection team. Bill is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP). Bill focuses his practice at the intersection of privacy, technology and the law, and represents a wide range of public and private entities. He assists clients nationwide in navigating legal challenges with respect to regulatory compliance, governmental investigations, data breaches and complex contracting. Clients who seek Bill’s guidance range from start-ups to Fortune 50 companies.

Aside from helping his busy clients, Bill is a father and lifelong skier.

Bill's complete biography can be found here.

Please join Shipman & Goodwin attorneys Bill Roberts and Alfredo Fernández for this complimentary CLE webinar which will discuss the unique threats presented by personnel with legitimate access to controlled company information and how to proactively mitigate risks of data misuse. Topics to include:

  • Insiders vs. intruders vs. knuckleheads
  • Motivators, risk factors and indicators
  • Technical

Shipman & Goodwin attorney William Roberts will be joined by attorney Marco Mello Cunha, from the Brazilian firm, Tess Advogados, as they discuss data privacy and security issues and analyze global trends in Brazil and the United States, two of the world’s top ten economic leaders.  Today’s businesses collect, transfer and store a wide range

After eleven years of litigation, including two decisions by the Connecticut Supreme Court, Byrne v. Avery Center for Obstetrics and Gynecology, P.C. has finally reached a verdict. Last month, the jury awarded the plaintiff $853,000 in damages in connection with her physician practice’s 2005 release of medical records in response to a non-HIPAA compliant subpoena.

Shipman & Goodwin attorney William Roberts joins Paige Backman, a Canadian attorney in privacy and data security and partner at Aird & Berlis LLP, as they discuss privacy and data security issues in Canada and the United States and analyze global trends.

Topics include:

  • An overview of laws in Canada and the United States
  • Understanding

On October 3, 2018, William Roberts will be joining a diverse group of cybersecurity professionals to discuss what businesses need to know about establishing a cybersecurity compliance program. Along with professionals from the public relations, leadership, and IT sectors, William will address preparing a cybersecurity strategy, current legal issues and regulatory concerns, and corporate culture

Members of Shipman & Goodwin’s Privacy and Data Protection team join their health law colleagues in explaining how health centers can protect their client data as health care transforms with the use of tools like patient portals and telemedicine in the breakout session The Digital Era: Ensuring Data Privacy in the Age of Transformation.

Regulatory compliance and data privacy and security are often cited as two of the top priorities for corporate counsel. Complying with the “first-in-the-nation” cybersecurity regulations passed by the New York Department of Financial Services last year combines those two priorities into one challenging corporate endeavor. With transitional periods, exemptions, and effective dates of different sections

Shipman & Goodwin attorney Bill Roberts will discuss privacy of personal information as a growing risk management concern for independent day and boarding schools. This webinar will address the legal requirements that apply to such schools and outline key risk mitigation strategies. Bill will discuss best practices for the development of a holistic school data

Bill Roberts will present on May 22nd at the Model Agreements & Guidelines International (MAGI) Clinical Research Conference in Arlington, Virginia, which runs from May 20 through the 23rd. Bill’s session on May 22, “Human Biological Material & Data Transfer Agreements: Ancillary Agreements that Matter” will address key contractual and regulatory concerns faced by research

On May 25, 2018, the European Union’s (“EU”) General Data Privacy Regulation (“GDPR”) takes effect, which purports to regulate the control and processing of the data of EU residents, wherever that data is stored. However, the broad territorial scope of the GDPR has not been tested in any court or legal proceeding, leaving many organizations, including United States-based independent schools, scratching their heads over compliance with the law.

What is the GDPR?

For those unfamiliar with the dreaded acronym, the GDPR is a law passed by the EU Parliament in 2016 that imposes a uniform set of data privacy regulations throughout the EU based on several key general privacy principles: transparency and consent, right of access to personal data, right to rectification and erasure (also known as the right to be forgotten), data portability, and the right to object to automated individual decision-making.

Independent schools who actively collect data from EU residents (such as applicants or alumni) are likely to be classified as “data controllers” as that term is defined in the GDPR. Generally, controllers are responsible for: implementing technical safeguards and organizational measures to protect data, implementing “protection by design and default” measures, and ensuring that data processors (such as software vendors) handle data responsibly and in accordance with the schools’ directives. Penalties for failing to comply with the GDPR can be quite steep, ranging up to 20 million Euros, or 4% of an organization’s global annual revenue, whichever is greater.


Continue Reading