Recognized as a top practitioner for multiple years in Privacy & Data Security in Chambers USA and Chambers Global, Colman advises clients across the country on their obligations under both domestic and international privacy and data security laws, including all 50 state data breach notification laws, the California Consumer Privacy Act (CCPA) and Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, Connecticut’s comprehensive privacy law, Gramm-Leach-Bliley Act, HIPAA/HITECH, Telephone Consumer Protection Act, CAN-SPAM, Fair Credit Reporting Act and the GDPR. He focuses on providing practical advice that goes beyond simple compliance with the letter of the law, to understand the unique circumstances and considerations for each client, having worked with government, private industry and nonprofit entities nationwide. 

When clients face front-end compliance obligations, they turn to Colman for advice on the drafting and implementation of both internal and consumer-facing policies and procedures, including privacy policies, terms of use and incident response plans. Colman also regularly advises on the drafting and negotiation of vendor contracts, data-transfer agreements, and HIPAA limited data-set agreements.

Colman regularly directs cybersecurity incident-response matters ranging from ransomware attacks to business-email compromise to employee theft of information to HIPAA risk assessments. Whether overseeing forensic investigations, preparing and delivering notifications, or responding to regulator inquiries, he helps guides entities through the uncertain waters of their legal obligations.

Colman is also an experienced litigator, with a broad background in general commercial matters, copyright and trademark, strict product liability and antitrust, and with significant experience in patent litigation. He has represented major technology companies in courts around the country in the areas of wireless communications, semiconductors and software. On numerous occasions he has helped clients achieve favorable outcomes through dismissal and summary judgment, and has prevailed in a number of discovery disputes that went before the court.

Colman has devoted substantial time to pro bono representation as well. His pro bono work has included privacy and data security advice for a world-renowned art museum, trademark protection for a major NGO, and representation in asylum, landlord-tenant, and abuse and neglect matters.

Outside of his client practice, Colman is the author of a bi-weekly newsletter tracking state privacy legislation that (somewhat mystifyingly) has been hailed as “pure genius”—by someone other than Colman himself, no less. He also makes frequent speaking and media appearances, helping to educate clients, legal professionals and the general public on a broad range of privacy and data-security issues. He is an active member of The Sedona Conference® Working Group 11: Data Security and Privacy Liability and the International Association of Privacy Professionals. And he previously served as Executive Director for the Johnson County First Amendment Foundation, a nonprofit organization dedicated to helping educate high school students on the importance of the First Amendment, the Constitution and civics in general.

Presentations and Publications

Data Privacy Primer, Second Edition, The Sedona Conference Working Group 11 Annual Meeting 2024, Minneapolis, Minnesota, May 2, 2024 (Panel moderator). 

WG11 Town Hall, The Sedona Conference Working Group 11 Annual Meeting 2024, Minneapolis, Minnesota, May 2, 2024 (Panel member).

Draft Commentary on the Privacy and Security of Emerging Health Data, The Sedona Conference Working Group 11 Annual Meeting 2024, Minneapolis, Minnesota, May 2, 2024 (Panel member).

A Deep Dive into the Complex Web of Federal and State Cyber and Privacy Laws and Regulations – and the Core Elements of a Cyber Compliance Program, American Conference Institute, February 28, 2024. 

An Overview of EU and US Cybersecurity Regulations, Interact Law, September 25, 2023, and November 8, 2023 (with Josh Hansen and Jasper Holsebosch).

Data Privacy Primer, Second Edition, The Sedona Conference Working Group 11 Mid-year Meeting 2023, Tampa, Florida, November 2, 2023 (Panel moderator). 

Children's Data Privacy, The Sedona Conference Working Group 11 Annual Meeting 2023, Denver, Colorado, May 5, 2023 (Panelist).

Privacy and Cybersecurity Overview, Virtual CLE Presentation, October 11, 2022 (with Josh Grajewski).

California’s Consumer Privacy Rights Act (CPRA): What Arizona Data Processors Need to Know, CPRA Enforcement and Tabletop Exercise, ARM International and Arizona Chapter Event, Phoenix, Arizona, September 15, 2022 (with Starr Drum and Garrett Groos).

Talking Tech: Making Sense of Forensics, ABA National Institute on Cybersecurity and Data Protection, San Francisco, California, September 13, 2022 (with Fidan Karimli, Serge Jorgensen, and Bryce Welke).

Tidal Wave Approaching: The Accelerating Trend of Comprehensive Privacy Laws, Update of the Law CLE webinar, June 2, 2022 (with Camila Tobón). 

Biometric Privacy Primer, The Sedona Conference Working Group 11 Annual Meeting 2022, Phoenix, Arizona, April 27, 2022 (Panelist). 

Data Privacy Trends & Cybersecurity Preparedness, ACC Mid-America Chapter and Shook, Hardy & Bacon, L.L.P.,  April 13, 2022 (with Josh Hansen). 

Hot Topics in Privacy and Cybersecurity Law, Virtual Presentation, December 20, 2021 (with Al Saikali and Camila Tobón).

Insurance Cybersecurity Laws: Overview and Trends, Virtual CLE, December 14, 2021 (with Jon Wilson).

Cybersecurity and Environmental Management, Midwest Environmental Compliance Conference, Overland Park, Kansas, October 26, 2021 (with Dalton Mott).

Privacy & Security Developments, Update of the Law CLE, Virtual Presentation, Shook, Hardy & Bacon, June 10, 2021 (with Erin Hines, Tatiana Rice, Bill Sampson and Maveric Searle).

A Mishmash of Privacy and Data Security, Virtual CLE, February 25, 2021 (with Al Saikali).

Breaking It Down and Breaking It Out: Minimizing the Legal Risks of Emerging Trends in Privacy and Cybersecurity, ACC Annual Conference, October 14, 2020 (with Al Saikali and Melissa Siebert).

Ethical Issues for Privacy and Data Security Professionals, Practicing Law Institute’s Twenty-First Annual Institute on Privacy and Cybersecurity Law, Virtual Presentation, August 18, 2020.

The Office: A Series of Corporate Privacy and Data Security Vignettes,
Update of the Law CLE, Virtual Presentation, Shook, Hardy & Bacon, June 12, 2020 (with Al Saikali and Melissa Siebert).

Data Privacy Survival Guide—Building a Roadmap for Success,
ACC Mid-America Chapter, Virtual Presentation, May 13, 2020 (with Rebecca Perry and Ron Hoffman).

What All Corporate Counsel Should Know About Privacy and Data Security in 2020, CLE, Association of Corporate Counsel, Denver, Colorado, November 19, 2019 (Panel Leader).

The California Consumer Privacy Act (or: What I Did on My Summer Vacation), Webinar, National Association of Manufacturers, October 23, 2019 (with Steve Vieux). 

Privacy and Security Governance for Law Firms: Is it Time to Hire a CPO? ABA Fourth National Institute on Cybersecurity and Data Protection: A Law Firm's Responsibility in Managing Data Risk, New York City, June 20, 2019 (Panel Moderator).

Medical Device Cybersecurity: How the U.S. Food and Drug Administration and Other Stakeholders Are Collaborating to Increase Patient Safety, Update of the Law CLE, Kansas City, Missouri, June 13, 2019 (with Sonali Gunawardhana). 

The Ins and Outs of Blockchain and AI, Confidential Client Presentation - CLE, Sunnyvale, California, March 27, 2019 (with Cory Fisher and Keith Bae).

Advising Clients With Limited Resources on Cost-Effective Data Security and Privacy Strategies, The Sedona Conference Working Group 11 Annual Meeting 2019, Houston, Texas, March 1, 2019 (Panelist). 

Minimizing Cyber Risks: What Every In-House Lawyer Needs to Know, Mid-America Chapter of the Association of Corporate Counsel (CLE), Kansas City, Missouri, December 5, 2018 (with Al Saikali). 

Privacy & Data Security Risks,  Confidential Client Presentation - CLE, New York City, November 29, 2018 (with Al Saikali). 

The Legal and Ethical Risks of Privacy and Data Security Traps, Update of the Law CLE, Kansas City, Missouri, June 14, 2018 (with Alfred Saikali, Eric Boos, Patrick Castle, Bill Sampson and Camila Tobón).

Exhausted!: The Supreme Court Weakens Patent Owners’ Rights to Enforce Post-Sale Restrictions on Patented Products, Shook IpQ, August 2017 (with Robert Reckers, Elena McFarland and Melissa Marrero).

Patent War on Two Fronts, Update of the Law CLE, Kansas City, Missouri, June 22, 2017 (with Tanya Chaney and Fiona Bell). 

Criminal Relationships: Vertical and Horizontal Relatedness in Criminal RICO, 86 Wash. U. L. Rev. 1493, 2009.


Ten Cybersecurity Resolutions for 2024, Cybersecurity Law Report, January 10, 2024.