Paul Rothermel
Senior Attorney
O: 651.430.7150
M: 651.364.7514

Paul’s practice is focused on interpreting and applying privacy and cybersecurity laws, regulations, and standards, as well as general health care compliance matters. He gives clients confidence through his practical experience and deep knowledge of privacy laws including HIPAA, GDPR, and CCPA, among other state and federal laws.

Paul advises clients routinely on data privacy, technology, and cybersecurity issues impacting device and drug manufacturers. He is experienced in counseling on innovative health care technologies, clinical research, cybersecurity, contracting, and third-party risk management. He works regularly with clients to assess and implement privacy and data protection programs. Paul is also deployed as a contracted privacy and data protection officer for a variety of clients.

Representative Experience

  • Works routinely with clients to assess and implement privacy and cybersecurity programs, including drafting and implementing policies, procedures, and training.
  • Develops privacy policies, notices, and consents for websites and applications.
  • Counsels drug and device manufacturers in clinical trial privacy requirements, including conducting data protection impact assessments, standard contractual clauses, and reviewing informed consent forms.
  • Drafts and negotiates business associate agreements, data processing agreements, standard contractual clauses, and other privacy and data protection provisions and agreements.
  • Serves as privacy officer and data protection officer including for organizations which are HIPAA covered entities and with global operations.
  • Performs diligence for third party privacy and cybersecurity controls and develops standard contractual provisions and agreements to protect client interests.
  • Assesses reimbursement programs for compliance privacy and cybersecurity requirements.


  • Juris Doctor, Mitchell Hamline School of Law
  • Bachelor of Arts, History, University of Northwestern - St.Paul

Bar Admissions and Qualifications

  • Minnesota
  • Certified Information Privacy Manager (CIPM)

Court Admissions

  • State of Minnesota


  • Member, Minnesota State Bar Association - Heath Law Section
  • Member, International Association of Privacy Professionals

Honors and Awards

  • Super Lawyers Rising Star 2023