skip to main content
Partner - William J. Roberts, FIP, CIPP/US, CIPM

William J. Roberts, FIP, CIPP/US, CIPM


Download vCard

Bill Roberts is co-chair of the firm’s Data Privacy and Protection Practice Group and a partner in the firm's Health Law Practice Group. Bill has extensive, practical experience counseling clients worldwide on all aspects of cybersecurity protection and incident response, from handling data breaches affecting millions of individuals, to helping publicly traded corporations, privately held businesses and not-for-profit organizations establish compliance programs under the EU General Data Protection Regulation (GDPR) and related US federal and state data privacy and consumer protection regimes.

Early in his career, Bill focused his practice on data privacy and information security issues in the health care sector, which remains one of the most highly regulated industries in the global economy. As information collection, usage, storage, management and disposal has grown to include virtually every enterprise, Bill has expanded his work to help businesses in a broad range of industries and of all types - from startups to Fortune 50 corporations - address emerging issues at the intersection of privacy, technology and the law.

Bill and his team have also advised manufacturers, retailers, media and technology companies, software and mobile app developers, educational institutions and more on the development and launch of new technology products and services. As a testament to his skill and knowledge, many of the nation’s most sophisticated insurance and pharmacy companies, hospital systems and other health care providers regularly turn to Bill for guidance.

Bill has represented clients in hundreds of national and international data breach matters of all sizes and involving a broad range of consumer and proprietary business information. In the face of a suspected or actual data breach, he helps clients understand and comply with applicable reporting requirements and provides representation during investigations before or in connection with the US Department of Health & Human Services (HHS), the Office for Civil Rights (OCR), the Federal Trade Commission (FTC), the Federal Bureau of Investigation (FBI), the Secret Service, the White House, US attorneys’ office, state attorneys general and state departments of insurance. Among recent high-profile, broad-impact matters, Bill counseled a UK company that suffered a global data breach and represented the target of one of the largest-known HIPAA “business associate” breaches (helping the client avoid any penalties).

In an era in which technology advances by the day, Bill also helps clients develop and implement data security systems and processes and negotiate vendor agreements that minimize the risk of data theft, piracy, hacking and ransomware attacks. He recognizes that no business or platform can be absolutely secured against a potential breach; as such, he works with organizations to develop proactive breach-response protocols that enable them to take immediate action and work closely with law-enforcement officials to minimize potential losses or damage. He also helps clients manage public relations issues that can arise in the context of highly publicized data security incidents

Bill’s experience spans the gamut of privacy laws and regulations, including:

  • Gramm-Leach-Bliley Act (GLB)
  • Telephone Consumer Protection Act (TCPA)
  • EU General Data Protection Regulation (GDPR)
  • New York Department of Financial Services (DFS) Cybersecurity Regulation
  • Children’s Online Privacy Protection Act (COPPA)
  • Federal Trade Commission Act (FTCA)

A thought leader in the cybersecurity space, Bill speaks and writes on a near-monthly basis on topics involving data protection and privacy, both nationally and internationally. A certified privacy professional, he has served as a featured faculty member and presenter at numerous industry events, webinars and conferences, including the National HIPAA Summit and the Model Agreements & Guidelines International (MAGI) Clinical Research Conference, and is an appointed member of the State of Connecticut’s Health Data Collaborative in addition to his many other leadership positions. Bill is regularly called upon by the media to comment on health care and privacy legal matters.

Outside of his legal practice, Bill is a father and lifelong skier.


  • American Bar Association: Business Law Section Fellow (2014-2015)
  • Listed as a Connecticut Super Lawyer Rising Star®: Health Care (2011-2018)
  • New Leader in the Law, Connecticut Law Tribune (2013)
  • Certified Information Privacy Professional (CIPP/US)
  • Certified Information Privacy Manager (CIPM)
  • Appointed to State of Connecticut’s Connecticut Health Data Collaborative
  • Appointed Interlaw Global Chair of Data Privacy and Protection
  • Fellow of Information Privacy, International Association of Privacy Professionals 
  • Appointed to State of Connecticut’s Task Force to Study the Interests Consumers Have in Protecting Their Privacy

Professional Affiliations

  • Health Care Compliance Association (HCCA)
  • Interlaw
  • Hartford InsurTech
  • BioCT
  • Connecticut Bar Association
  • International Association of Privacy Professionals (IAPP)
  • National Association of College and University Attorneys

Establishment of EU GDPR Compliance Program

Counseled technology and software companies on the establishment and implementation of General Data Protection Regulation (GDPR) compliance programs. The establishment of the programs involved the drafting of data processing addendums, consents, privacy notices, privacy policies and stakeholder communications. Bill worked with the technology firms to ensure that the programs not only satisfied compliance requirements, but also positioned the firms to use privacy compliance to maintain and expand customer relationships.

General Outside Privacy Counsel

Bill Roberts and the attorneys on the Privacy and Data Protection team serve as general outside privacy counsel to a wide range of companies, from some of the nation’s largest businesses to innovative technology companies coast to coast. In this role, Bill and his team serve as 24/7 outside advisors to these firms on a variety of matters, including data breach response, privacy program development, technology contracting and the launching of new initiatives, programs and products.


May 8, 2019  Measles Outbreak and Implications for Connecticut Schools
January 3, 2019  Physician Practice Liable for Violating its Duty of Confidentiality to a Patient
May 8, 2018  The GDPR is Coming: Keep Calm and Plan
January 24, 2018  HHS Takes Action to Protect Religious Beliefs and Moral Convictions
January 17, 2018  Connecticut Supreme Court Recognizes New Cause of Action for Patient Privacy Breach
January 10, 2018  OIG Scrutiny of Patient Assistance Programs
August 2017  Firm Attorneys Published in Legal Resource for School Health Services
February 15, 2017  SAMHSA Modernizes Regulations Governing the Confidentiality of Substance Use Disorder Records
October 11, 2016  Providing Transgender-Inclusive Health Care
October 3, 2016  Family Policy Compliance Office Issues FERPA Privacy Guidelines
October 27, 2016  October 17th Compliance Deadline for HHS Nondiscrimination Notifications Approaches
June 20, 2016  Governor Signs Student Data Privacy Law
May 24, 2016  Connecticut Legislature Passes Non-Compete Act Concerning Contracts With Physicians
April 2016  Communicating Protected Health Information Via Text Messaging
January 27, 2016  If You Provide Behavioral Health Services, Do the New HIPAA Reporting Rules Apply to You?
January 21, 2016  APCDs: One Solution to Obtaining Meaningful Performance Data
December 9, 2015  Stark Law Update
August 4, 2015  Doing Business With the State of Connecticut: A Guide to Data Privacy and Security Requirements
June 22, 2015  Conn. Seeks To Tighten Data Privacy Requirements
May 11, 2015  Achieving Diversity in Pharmaceutical Clinical Trials
February 9, 2015  Key Issues in Negotiating a Health Information Technology Agreement
January 2015  Going Live with a Patient Portal—Legal Risks and Operating Documents
December 12, 2014  Recent Data Breach Demonstrates the Importance of Attention to Software and IT Systems
November 14, 2014  Bill Roberts Quoted in CT Law Tribune Article, "Conn. Medical Records Ruling Could Have Widespread Impact"
November 11, 2014  Health and Human Services Addresses Ebola and Other Public Health Emergencies
October 2014  Reflecting America's Patient Population - The Need for Diversity in Clinical Trials

View All »


October 17, 2019  CT Attorneys Recognized as 2019 Super Lawyers
June 17, 2019  William Roberts Earns Fellow of Information Privacy Designation
February 22, 2019  Shipman & Goodwin Weighed in With Aetna on Data Security for New App
October 18, 2018  CT Attorneys Recognized as 2018 Super Lawyers
August 7, 2018  William Roberts Recognized as a Hartford "40 Under Forty"
March 20, 2018  Bill Roberts Selected as InsurTech Hartford Mentor
January 13, 2018  Bill Roberts Quoted on Issues in Law Firm Data Breaches
October 17, 2017  CT Attorneys Recognized as 2017 Super Lawyers
August 1, 2017  Bill Roberts Appointed to CT Health Data Collaborative
July 28, 2017  Bill Roberts Explains Health Care IT Balancing Act in Huffington Post
April 4, 2017  Joan Feldman and Bill Roberts Highlight Key Health Care Compliance Issues at Nat'l Conference
March 6, 2017  Cyber Security Program and Panelist Bill Roberts Emphasize Preventive Measures
January 23, 2017  Bill Roberts Quoted on Importance of Cybersecurity Risk Management Plans
January 10, 2017  Bill Roberts Weighs in on Increased Attempts to Steal W-2s
January 1, 2017  Firm Names New Partners: Michele Backus and William Roberts
December 20, 2016  Bill Roberts Quoted by Association of American Medical Colleges
October 26, 2016  Bill Roberts Suggests Quick Response to Student Data Breaches
October 18, 2016  CT Attorneys Recognized as 2016 Super Lawyers
September 13, 2016  Bill Roberts Published in New Handbook by American Health Lawyers Association
August 19, 2016  Bill Roberts Offers New Guidance on Health Care Data Privacy
July 20, 2016  Health Law Daily Recaps HCCA Vendor Privacy Webinar Presented by Bill Roberts
July 11, 2016  Bill Roberts Quoted in Part B News on Recent HIPAA Breach
June 10, 2016   Bill Roberts Featured in Q&A on Data Privacy, Information Security and Preventing Breaches
October 19, 2015  CT Attorneys Recognized as 2015 Super Lawyers
March 5, 2015  Bill Roberts Joins HIPAA Website as Commentator
November 14, 2014  Bill Roberts Comments on Medical Records Ruling

View All »


October 29, 2019  Webinar: GDPR and Educational Institutions - Where We've Been, and Where We Are Now
October 24, 2019  Webinar: GDPR and Manufacturers - Where We've Been, and Where We Are Now
October 15, 2019  Lunch & Learn: Data Privacy and Protection
October 1, 2019  Webinar: Legal Check-Up: Student Health Issues
August 23, 2019  PrognoCIS Summit 2019
July 17, 2019  CLE Event: CLE Webinar: General Counsel Briefing: Your Controlled Information and the "Insider Threat"
May 8, 2019  Webinar: Privacy and Data Security: US/Brazilian Cross-Border Issues and Trends
March 5, 2019  28th National HIPAA Summit
October 25, 2018  Privacy and Data Security in a Globalized World: Cross-Border Issues and Trends
September 14, 2018  2018 Community Health Summit: Working Together for a Healthier Connecticut
August 7, 2018  CLE Event: Webinar: Compliance Checkup: NY DFS Cybersecurity Regulations
May 22, 2018  Model Agreements & Guidelines International (MAGI) Clinical Research Conference
April 18, 2018  What Independent Schools Need to Know About EUGDPR
April 13, 2018  Community Health Center Association of Connecticut
April 3, 2018  Independent School Webinar: Safeguarding Data - Developing a School Data Privacy and Security Program
March 15, 2018  Data Privacy for Public and Charter Schools: What Lies Ahead - Hartford
January 25, 2018  Digital Health - InsurTech With Benefits
November 30 - December 2, 2017  2017 TABS Annual Conference
July 18, 2017  Health Care Compliance Association Web Conference
June 23, 2017  Community Health Center Association of Connecticut (CHCACT)
June 20, 2017  CT Community Nonprofit Alliance Behavioral Health Compliance Forum
May 23, 2017  Cybersecurity Threats: Are You Next?
April 21 2017  Sustaining the Transition to Value in a Time of Policy and Market Turmoil
March 26-29, 2017  Health Care Compliance Association's 21st Annual Compliance Institute
March 10, 2017  CLE Event: Labor and Employment Spring Seminar: 2017 Public Sector Legal Update
March 1, 2017  The Next Generation of Cyber Security: It's Not Just About Firewalls and Antivirus Software Anymore
February 23, 2017  Recent Privacy and Security Developments in Human Subjects Research
February 22, 2017  CLE Event: Webinar: Safeguarding Your Business: Preventing and Responding to Data Breach and Cyber-liability
November 30 - December 2, 2016  OCR Audits Phase 2 With Real Life Experience - How to Navigate?
November 10, 2016  CT Community Nonprofit Alliance, Inc. Behavioral Health CFO Forum
October 23-26, 2016  MAGI's Clinical Research Conference - 2016 West
October 20, 2016  CT Technology Council 2016 IT Summit
September 20, 2016  CT Community Nonprofit Alliance, Inc. Compliance Roundtable
July 19, 2016  Vendor Privacy: Due Diligence and Contracting Solutions
June 27, 2016  Briefing on Public Act 16-189: An Act Concerning Student Data Privacy
June 15, 2016  Webinar: Managing HIPAA Data Breaches
May 2, 2016  HR's New Challenge: Cyber Security
April 9, 2016  American Bar Association Business Law Section Spring Meeting
March 23, 2016   Webinar: Telemedicine & eConsults - Where We Are Today and Where We're Going
February 23, 2016  CT HFMA: 2016 Legal Playbook: Best Practices to Keep Your Healthcare Operations on the Winning Side
December 11, 2015  Update on Data Privacy and Human Resources Law
December 2, 2015  Webinar: Business Associates: How to Differentiate Your Organization Using HIPAA Compliance
November 18, 2015  CT Technology Council 2015 IT Summit
November 9, 2015  Capitol Region Education Council - Technology Conference
September 24, 2015  Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
September 24, 2015  Data Security and Privacy Risk Management in a New World of Big Data Collection and Sharing
September 18, 2015  American Bar Association Business Law Section Annual Meeting
July 14, 2015  Webinar: HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Practices
June 11, 2015  Feldman & Roberts to Speak about The Physician Payments Sunshine Act
March 13, 2015  Right to Privacy & HIPAA
February 19, 2015  Webinar: How to Effectively Negotiate a Business Associate Agreement: What's Important/What's Not
February 12, 2015  CHCACT: Corporate Compliance Workgroup
January 20, 2015  HCBA: Business Associate Compliance - Keeping Your Own House in Order
January 14, 2015  Stage 2 Meaningful Use Audit: What You Need to Know
November 5, 2014  CT HFMA: Annual Healthcare Leaders Legal Update

View All »


Your e-mail and any information in your e-mail to this individual are not protected by the attorney client privilege. Therefore your e-mail should not contain any confidential information and should be for general information purposes only. The e-mail to this individual is not intended to create, and does not constitute, an attorney-client relationship.

Practice Areas

Industries & Featured Services


  • University of Wisconsin Law School, J.D., 2008, with honors
  • Colby College, B.A., 2002, with high honors

Bar Admissions

  • Connecticut
  • Rhode Island
© Shipman & Goodwin LLP 2019. All Rights Reserved.