Photo of William J. Roberts

William Roberts is the Chair of Shipman & Goodwin LLP’s Privacy and Data Protection team. Bill is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP). Bill focuses his practice at the intersection of privacy, technology and the law, and represents a wide range of public and private entities. He assists clients nationwide in navigating legal challenges with respect to regulatory compliance, governmental investigations, data breaches and complex contracting. Clients who seek Bill’s guidance range from start-ups to Fortune 50 companies.

Aside from helping his busy clients, Bill is a father and lifelong skier.

Bill's complete biography can be found here.

After eleven years of litigation, including two decisions by the Connecticut Supreme Court, Byrne v. Avery Center for Obstetrics and Gynecology, P.C. has finally reached a verdict. Last month, the jury awarded the plaintiff $853,000 in damages in connection with her physician practice’s 2005 release of medical records in response to a non-HIPAA compliant subpoena. The subpoena was issued in connection with a paternity suit brought by the plaintiff’s former boyfriend, a man whom the plaintiff had specifically requested her physician practice not share her medical information with.

Without speculating too much about its judicial progeny, Byrne nevertheless highlights several areas of HIPAA compliance that should be areas of heightened review for physicians and medical providers now. Please click here for a detailed analysis of this verdict and its implications for providers.

Shipman & Goodwin attorney William Roberts joins Paige Backman, a Canadian attorney in privacy and data security and partner at Aird & Berlis LLP, as they discuss privacy and data security issues in Canada and the United States and analyze global trends.

Topics include:

  • An overview of laws in Canada and the United States
  • Understanding global trends and the EU’s General Data Protection Regulation
  • Taking a proactive approach to privacy data security issues
  • Highlights from recent privacy and security cases
  • Understanding and avoiding damage awards

When: Thursday, October 25, 2018, 12:00 – 1:00 EDT
Where: Webinar

REGISTER NOW!

This CLE program has been approved in accordance with the requirements of the New York CLE Board for a maximum of 1.0 credit hour, of which 1.0 can be applied toward the Professional Practice requirement. This program is appropriate for both transitional and nontransitional attorneys.

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approves or accredits CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to one hour toward your annual CLE requirement in Connecticut, including zero hour(s) of ethics/professionalism.

If you are unable to attend the live webinar, but are interested in accessing the archive for on-demand viewing, please click on the registration button to be added to the archive mailing list.

On October 3, 2018, William Roberts will be joining a diverse group of cybersecurity professionals to discuss what businesses need to know about establishing a cybersecurity compliance program. Along with professionals from the public relations, leadership, and IT sectors, William will address preparing a cybersecurity strategy, current legal issues and regulatory concerns, and corporate culture changes that can help improve cybersecurity safeguards and compliance.

The event will be held in Rye Brook, NY. For more information and to register, please visit https://innovativecybersolutions.com/.

Members of Shipman & Goodwin’s Privacy and Data Protection team join their health law colleagues in explaining how health centers can protect their client data as health care transforms with the use of tools like patient portals and telemedicine in the breakout session The Digital Era: Ensuring Data Privacy in the Age of Transformation.

For more information, please click here.

When: September 14, 2018
2:30 PM – 3:15 PM EDT
Where: Toyota Oakdale Theatre, 95 S Turnpike Road, Wallingford, CT 06492

Regulatory compliance and data privacy and security are often cited as two of the top priorities for corporate counsel. Complying with the “first-in-the-nation” cybersecurity regulations passed by the New York Department of Financial Services last year combines those two priorities into one challenging corporate endeavor. With transitional periods, exemptions, and effective dates of different sections of the regulations phasing in over the next several years, entities subject to these regulations are currently in the midst of, and must remain engaged in compliance efforts. In this program, Shipman & Goodwin attorneys William Roberts and Damian Privitera will provide an overview of the regulations and compliance strategies and discuss data privacy and security programs more generally.

Topics will include:

  • Scope of regulations and regulated entities;
  • Limited exemptions, affiliates, third party service providers;
  • Currently effective sections of the regulations that require compliance and self-checkups to ensure compliance;
  • Preparing for sections of the regulations that become effective and require compliance by September 2018, including encryption, audit trails, application security, limitations on data retention, and training and monitoring of authorized users;
  • Identifying gaps in your cybersecurity program and policies, and steps to take to come into compliance;
  • Meeting reporting deadlines and approaches to annual Certifications of Compliance.

Who Should Attend: C-Suite Executives, Legal Counsel and IT Personnel in the Insurance and Financial Services Industries

When: August 7, 2018, 12:00 PM – 1:00 PM EDT

Where: Webinar

REGISTER NOW!

This CLE program has been approved in accordance with the requirements of the New York CLE Board for a maximum of 1.0 credit hour, of which 1.0 can be applied toward the Professional Practice requirement. This program is appropriate for both transitional and nontransitional attorneys.

Neither the Connecticut Judicial Branch nor the Commission on Minimum Continuing Legal Education approves or accredits CLE providers or activities. It is the opinion of this provider that this activity qualifies for up to one hour toward your annual CLE requirement in Connecticut, including zero hour(s) of ethics/professionalism.

Shipman & Goodwin attorney Bill Roberts will discuss privacy of personal information as a growing risk management concern for independent day and boarding schools. This webinar will address the legal requirements that apply to such schools and outline key risk mitigation strategies. Bill will discuss best practices for the development of a holistic school data privacy program, including recommendations on structure, policies and practices.

Who should attend: Independent day and boarding school Heads of School, Information Technology Managers, Business Office Managers and Human Resources Professionals.

When: April 3, 2018, 12:00 PM – 1:00 PM EDT

Where: Webinar

REGISTER NOW!

Bill Roberts will present on May 22nd at the Model Agreements & Guidelines International (MAGI) Clinical Research Conference in Arlington, Virginia, which runs from May 20 through the 23rd. Bill’s session on May 22, “Human Biological Material & Data Transfer Agreements: Ancillary Agreements that Matter” will address key contractual and regulatory concerns faced by research organizations and academic medical centers when drafting and negotiating material and data transfer agreements. The MAGI Clinical Research Conference offers comprehensive programming on operations, regulatory compliance, contracts, budgeting, and special topics and draws over 600 clinical research professionals.

>> More information or to register

On May 25, 2018, the European Union’s (“EU”) General Data Privacy Regulation (“GDPR”) takes effect, which purports to regulate the control and processing of the data of EU residents, wherever that data is stored. However, the broad territorial scope of the GDPR has not been tested in any court or legal proceeding, leaving many organizations, including United States-based independent schools, scratching their heads over compliance with the law.

What is the GDPR?

For those unfamiliar with the dreaded acronym, the GDPR is a law passed by the EU Parliament in 2016 that imposes a uniform set of data privacy regulations throughout the EU based on several key general privacy principles: transparency and consent, right of access to personal data, right to rectification and erasure (also known as the right to be forgotten), data portability, and the right to object to automated individual decision-making.

Independent schools who actively collect data from EU residents (such as applicants or alumni) are likely to be classified as “data controllers” as that term is defined in the GDPR. Generally, controllers are responsible for: implementing technical safeguards and organizational measures to protect data, implementing “protection by design and default” measures, and ensuring that data processors (such as software vendors) handle data responsibly and in accordance with the schools’ directives. Penalties for failing to comply with the GDPR can be quite steep, ranging up to 20 million Euros, or 4% of an organization’s global annual revenue, whichever is greater.

Continue Reading The GDPR is Coming: Keep Calm and Plan

2018 CAIS Social and Networking Event and Consortium Purchasing Meeting

The European Union passed a sweeping data privacy law that is affecting businesses, organizations and educational institutions worldwide. This law, known as the “General Data Protection Regulation” (or “GDPR” for short), will in many cases dramatically change the manner in which organizations collect, use and disclose the personal information of European Union residents. The GDPR comes into effect on May 25, 2018, and many in the independent school community are asking if, or how, the GDPR may impact the operations, policies and procedures of independent schools in Connecticut. Shipman & Goodwin attorneys Bill Roberts and Ben FrazziniKendrick will offer a brief overview of the GDPR, its potential application to your institution and, if applicable, advice on how to work towards compliance.

When: April 18, 2018, 4:30 PM – 5:45 PM EDT

To register, please click here.