Randy Gray, CIPP/US


Gibbons P.C.

Associate Attorney

Randy Gray is an attorney at Gibbons P.C., where he concentrates his practice on data privacy and security, as well as litigation.  Randy’s passion for data privacy and cybersecurity issues stems from his experience working in public relations and digital communications.  He has drawn upon that to assist clients in navigating the real-world implications of evolving data privacy and security issues.


Within the scope of his data privacy and security practice, Randy advises clients, including HIPAA covered entities, regarding data breach investigations and federal and state reporting obligations.  He drafts web- and mobile-based privacy policies and terms of use for clients in a variety of industries and services, including e-commerce environments, event services, and SEC-regulated companies.  Further, he regularly advises clients on data privacy and security compliance, specifically with respect to compliance under GDPR and FTC Act Section 5, DFARS 7012 clauses, and NIST standards, as well as TCCWNA litigation avoidance, various state and federal written information security program requirements, and data breach and incident response management plans.  This also includes drafting written information security programs and incident response plans for clients, as well as advising on third party vendor agreements, including business associates of HIPAA covered entities.  Drawing upon his prior experience as a digital communications and marketing professional, Randy also assists companies in navigating CAN-SPAM Act compliance.