Kevin L. Coy

Partner

Direct: 202.677.4034
Fax: 202.677.4035
Washington
2100 Pennsylvania Avenue NW
Suite 350S
Washington, District of Columbia 20037

Biography

Kevin is a partner and chair of the Privacy & Cybersecurity practice, co-chair of the Background Screening industry team, and a member of the International practice group and Life Sciences industry team. He advises consumer reporting agencies, background screening companies, data and information service providers, employers, housing organizations, life sciences companies, and international businesses on U.S. and global privacy, cybersecurity, and consumer protection compliance. For organizations that rely on sensitive personal information — including criminal history, credit and financial data, health information, biometric identifiers, and employee data — Kevin provides practical business guidance on using data lawfully, structuring compliant processes, and managing regulatory risk.

Kevin counsels clients on developing and updating privacy policies and notices, negotiating data protection provisions in commercial and vendor contracts, and building scalable privacy and information security compliance programs. His experience includes advising on the Gramm-Leach-Bliley Act (“GLBA”), Section 5 of the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act (“HIPAA”), the Driver’s Privacy Protection Act, the Telephone Consumer Protection Act, and the growing number of comprehensive state privacy laws.

Employers, landlords, and background screening companies face increasing scrutiny over how consumer information is used in employment and housing decisions. Kevin works with these organizations to build compliant processes under  the Fair Credit Reporting Act (“FCRA”) and state and local fair chance and “ban the box” laws, including when and how criminal history, credit, and eviction data may be considered. His work includes designing required disclosures, timing, conditional offers, adverse action procedures, and risk mitigation strategies designed to align legal requirements with operational realities.

As organizations increasingly deploy artificial intelligence tools that ingest and process personal data, Kevin works closely with privacy officers, compliance teams, and business leaders to develop practical AI governance frameworks. He advises on risk assessments, internal governance structures, regulatory compliance strategies, and contractual safeguards for AI vendors and platforms, helping clients integrate innovation with defensible compliance.

Kevin is also well versed in the complex web of international privacy regimes. He manages transborder data flow issues and matters with the European Union General Data Protection Regulation (“GDPR”) and other foreign privacy laws and regulations. He also advises clients on international data transfer strategies, including standard contractual clauses and participation in the EU-U.S. Data Privacy Framework and related UK and Swiss programs.

When data security incidents arise, Kevin leads clients through breach response, notification analysis, regulator engagement, and remediation planning. He is known for providing clear, business-focused guidance, empowering organizations to protect their operations, reputation, and long-term growth.

Related Services

Related Industries

Experience

  • Advised a digital health and wellness company on the development of consumer privacy disclosures, user authorizations, and governance frameworks for an artificial intelligence (“AI”)-powered chatbot, addressing HIPAA, state privacy laws, and emerging AI regulatory requirements.
  • Advised a U.S.-based multinational software-as-a-service provider on the applicability of the U.S. Department of Justice bulk data rule and the design and implementation of a tailored compliance program, including policies, certifications, and contractual updates.
  • Advised a national property management company on revisions to its tenant screening program to comply with federal, state, and local requirements governing the use of criminal history, credit, and eviction information, including updates to screening criteria and adverse action procedures.
  • Advised a client in connection with the development of a consolidated online privacy policy to govern more than 80 company websites. Work included assisting the client in developing a survey tool to assess website privacy practices, reconciling the survey results, making best practice recommendations regarding changes in website practices, and developing a consolidated online privacy policy.
  • Successfully represented a consumer reporting agency before the Federal Trade Commission in a nonpublic FTC inquiry into compliance with the Fair Credit Reporting Act. Following document productions, responses to interrogatories, and meetings with the FTC staff, the inquiry was closed without further action by the FTC.
  • Advised a consumer electronics retailer regarding consumer data breach notification obligations and other steps to respond to a data breach. In addition to advising the client regarding consumer, regulatory, and other notifications advice also addressed matters pertaining to the investigation of the breach, cooperation with law enforcement, and enhancing internal controls to minimize the potential for additional breaches.
  • Advised a client regarding the development of a HIPAA/HI-TECH Act compliance program covering its potential obligations as a business associate of HIPAA-covered entities. Assisted the client in the conduct of a gap analysis to identify areas where further action may be necessary depending upon proposed changes to the HIPAA privacy, security, and breach notification regulations.
  • Represented a large consumer information company in one of the nation’s first high-profile data breaches. In addition to representing the client before the Federal Trade Commission, we also advised the client on consumer breach notification issues, congressional testimony, and enhancements to the client’s internal controls.
    Client Successes

    Credentials

    Education
    • Georgetown University Law Center, Juris Doctor
    • Georgetown University, Bachelor of Arts,
      cum laude
    Admissions
    • District of Columbia 1998
    • State of Texas 1997
    Associations
      • Professional Background Screening Association
        • Educational Resources Committee, Co-Chair, 2016-18
      • American Bar Association
      • National LGBTQ Bar Association
      • C. LGBTQ Bar Association
      • C. Equality Chamber of Commerce
      • International Association of Privacy Professionals, CIPP/US, CIPP/E, CIPM, FIP, PLS

    News & Insights

    View More