Kevin E. Dolan

Partner & Co-Chair, Advisory Compliance
426 W. Lancaster Avenue, Suite 200
Devon, PA 19333

Office: (267) 930-4861


Temple University Beasley School of Law
Juris Doctor

University of Delaware
Bachelor of Arts


  • Pennsylvania
  • New Jersey

Practice Areas

Kevin E. Dolan is a Partner at Mullen Coughlin and Co-Chair of the Firm’s Advisory Compliance practice group. As Co-Chair, he leads a team of attorneys in counseling organizations of all sizes and across all industry groups in proactive data privacy and information security risk management planning.  He is also an experienced data privacy and security incident response attorney. 

Kevin’s Advisory Compliance practice involves assisting organizations with the avoidance or mitigation of data privacy and security incidents’ impact, as well as providing guidance to them to improve their overall compliance posture with respect to pertinent legal and regulatory frameworks. This includes development of organization-specific Incident Response Plans (IRPs); review, modification and/or creation of data privacy policies relating to data collection and management; facilitation of tabletop exercises and other employee/Board trainings; and development of compliance and privacy programs related to various data privacy and information security laws and regulations, including, but not limited to the following: 

  • Comprehensive state privacy laws such as the:
    • California Consumer Privacy Act (CCPA), and its amendment the California Privacy Rights Act (CPRA);
    • Virginia Consumer Data Protection Act (VCDPA);
    • Utah Consumer Privacy Act (UCPA);
    • Colorado Privacy Act (CPA); and
    • Connecticut Personal Data Privacy and Online Monitoring Act (CDTPA); 
  • Federal and state privacy laws and regulations including:
    • the Family Educational Rights and Privacy Act (FERPA);
    • the Health Insurance Portability and Accountability Act (HIPAA);
    • the Gramm-Leach-Bliley Act (GLBA);
    • New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and Department of Financial Services (NYDFS) Cybersecurity Regulation;
    • the Massachusetts Information Security Standard; and
    • the National Association of Insurance Commissioners (NAIC) standards; and 
  • International privacy laws, in partnership with international counsel, like the European Union’s General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). 

In addition to his Advisory Compliance practice, Kevin also counsels victim organizations in responding to, and investigating, data privacy and security incidents. He uses his Advisory Compliance knowledge to effectively and efficiently identify applicable state, federal and international legal and regulatory obligations as it relates to law enforcement reporting, individual and business partner notification and regulatory follow up or inquiries.  

Kevin’s expertise in data privacy and information security is supplemented by his prior experience serving in a variety of legal and executive roles in the education industry, most recently as Vice President of Strategy and General Counsel at a Philadelphia-based university. This experience informs the practical compliance strategies and recommendations Kevin provides to organizations prior to, during and after experiencing a data privacy and security incident.


  • “Cyber Risk Incident Response Tabletop Exercise,” FCCS 2024 Risk Management & Insurance Conference, Phoenix, AZ, April 10, 2024
  • “Data Privacy and New Regulations,” PLUS Cyber Symposium 2024, New York, NY, March 6, 2024
  • “Data Privacy and Information Security: Regulatory and Incident Response Trends,” CMMC CON 2023, Virtual, September 27, 2023
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, Phoenix, AZ, January 26, 2023
  • “Building an IRP,” DataStream Webinar, Virtual, October 26, 2022
  • “Cyber Insurance 101,” DataStream Webinar, Virtual, October 19, 2022
  • “2022 Cyber Trends,” NFP Turning Point 2022, Park City, UT, October 6, 2022
  • “Cyber: Prepare, Prevent, Mitigate, Restore,” Travelers Institute, St. Paul, MN, October 4, 2022
  • “State of the Market: Cyber Claims Evolution,” Mullen Coughlin/Tracepoint CLE/CE, Devon, PA, September 29, 2022
  • “Mitigating Cyberattacks and Transferring Cyber Risk,” Council of the Great City Schools CIO Directors Meeting, Virtual, February 15, 2022
  • “Mitigating Data Security Risk and Exposure,” Board Governance Training, Philadelphia, PA, March 2020
  • “Navigating Social Media Issues at Religiously Affiliated Institutions,” National Association of College and University Attorneys Annual Conference, Minneapolis, MN, June 2018
  • “Data Security Incident Response Planning” Cyber Security Tabletop Exercise, Philadelphia, PA, September 2017
  • “Data Security Mistakes to Avoid – For Faculty, Administrators, and Counsel,” National Association of College and University Attorneys Annual Conference, Chicago, IL, June 2017
  • “FERPA Fundamentals,” Philadelphia, PA, September 2016
  • “Data Security Incident Response Planning,” Cyber Security Tabletop Exercise, Denver, CO March 2015
  • “Cyber Risk Threats, Loss Control, Liability & Claims,” New Jersey Municipal Joint Insurance Fund Conference, Woodbridge, NJ, April 2014
  • “Data Breach Coverage, Preparation, and Response,” CPA Roundtable, January 2014
  • “Data Breaches: Is Your Community Vulnerable?,” Massachusetts Municipal Association, Boston, MA, January 2014
  • “Privacy Breach, The Aftermath,” RIMS Rebex Conference, Chicago, IL, October 2013