Marc C. Lombardi

Marc Lombardi is chair of Shipman’s Privacy, Cybersecurity and Data Innovation Practice Group. With more than 20 years of privacy law experience, Marc provides clients strategic business consulting on all aspects of information policy including privacy, cybersecurity, data incident response and data asset management. As a former software architect, Marc uses first-hand technical knowledge to resolve some of his clients’ most thorny problems and important concerns.

Marc advises clients in complex, highly regulated sectors, such as life sciences, healthcare, education, finance, banking, government, and insurance. From initial management, protection, disposal and regulatory compliance to incident/breach responses, notifications, post-breach investigation and litigation, Marc guides clients through each step of the data privacy and protection lifecycle. He regularly advises on compliance with all federal and state privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), as well as international standards such as the EU General Data Protection Regulation (GDPR).

Marc counsels clients regarding data governance, data security risk assessments and development of incident response policies and procedures. He helps clients maintain high quality and accessible data for business intelligence while maintaining compliance with applicable laws.

Much of Marc’s practice centers around emerging technologies. He counsels clients on adoption of new technologies and advises on investing in emerging technologies. Marc recommends best practices for compliant data use and helps clients monetize the value of digital assets in the context of partnerships, data licensing and other transactions. 

Prior to joining Shipman, Marc served as Deputy General Counsel of the Yale New Haven Health System, providing general counsel services encompassing a broad range of subject matter areas including HIPAA, data privacy and security, corporate transactions, fraud and abuse, telehealth, digital health and innovation, and intellectual property. As the lead attorney responsible for privacy and compliance, Marc regularly partnered with the Chief Compliance Officer and Chief Information Security Officer to lead data incident response teams, often on a large scale, through the process of incident assessment, breach notification, and regulatory review. Marc also served as the lead attorney to Yale New Haven Health’s Center for Health Care Innovation, where he devised several strategies to commercialize homegrown intellectual property, structured investment and partnership arrangements with emerging technology companies, capitalizing on the value of “know how” and data, while ensuring it was properly protected and used.  Because Marc began his career as a software architect developing complex n-tier and web-based solutions, he brings a wealth of knowledge of both legal compliance issues as well as software, technology, and data systems to his clients in highly regulated industries including health care, insurance, public utilities, and banking.