Deepali Doddi concentrates her practice on data privacy and cybersecurity matters. She regularly advises clients across a broad spectrum of industries on issues arising under domestic data security and privacy laws and regulations, including COPPA, CAN-SPAM, TCPA, GLBA, the FTC Act, CalOPPA, DFARS cybersecurity requirements and breach notification laws. Additionally, she helps clients navigate international data privacy matters, such as certifying to the EU-US Privacy Shield Framework, selecting appropriate cross-border data transfer mechanisms and complying with the EU General Data Protection Regulation (GDPR).
Leveraging her experience as a former regulator with the US Department of Health and Human Services, Office for Civil Rights (OCR), Deepali also counsels clients on all facets of HIPAA compliance, including audit preparation, policies and procedures, business associate agreements, risk analysis and management and breach response.
Deepali is both a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E) through the International Association of Privacy Professionals (IAPP).
Advised clients in a range of industries on GDPR compliance issues, including responding to data subject requests, assessing lawful bases for processing personal data, updating privacy policies, and implementing EU Model Clauses to validate cross-border data transfers
Advised a private equity fund in assessing the privacy and data security risks in a multi-million dollar acquisition of a health care revenue cycle management company
Assisted multiple clients with responding to security incidents and data breaches, including analyzing reporting obligations under HIPAA and state breach notification laws and preparing incident notification letters
International Association of Privacy Professionals, Chicago KnowledgeNet Chapter, co-chair
Illinois Association of Healthcare Attorneys, Board of Directors, 2018 to present
American Health Lawyers Association, Health Information Technology Practice Group
Chicago Bar Association, member
University of Notre Dame Law School, JD, 2010
Northwestern University, BA, 2007
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.