William H. Berglund


T +1.216.861.7416
F +1.216.696.0740


Bill Berglund helps clients develop creative solutions to achieve their business goals by managing privacy and cybersecurity risks and responding to data breaches and other security incidents. He focuses on diverse problem-solving approaches tailored to the individual business, legal and technological needs of his clients.

Bill counsels clients in financial services, K-12 and higher education, manufacturing, public sector governance and professional services firms to prepare for and respond to data security incidents. He guides clients through enterprise risk and readiness assessments and privacy and security training. Bill supports clients on compliance with applicable federal, state and international privacy and security laws and regulations, including the Gramm-Leach Bliley Act (GLBA), state financial services and insurance requirements, HIPAA, state breach notification statues and the growing number of state privacy laws, such as the California Consumer Privacy Act (CCPA). Bill is an effective communicator who establishes a confident and caring rapport with all levels of an organization, information technology and security employees and experts, law enforcement, public relations specialists and regulators.


  • Leads teams in responding to data security incidents, including ransomware, network intrusions, business email compromise and third-party vendor breaches. Partners with clients to guide strategy on forensic investigations, crisis communications, reputation preservation, negotiations with threat actors and legal notifications.
  • Advises clients on cybersecurity and incident response preparedness and risk mitigation, including drafting of incident response plans, facilitating table-top exercises and counseling on identifying enterprise privacy and security risk and enhancing data protection postures and culture.
  • Oversee state and federal regulators in investigations into data incidents and client compliance with privacy and security laws and regulations.
  • Assists clients in financial services, manufacturing, marketing and other industries with privacy and cybersecurity compliance and risk management strategies, including drafting data processing agreements and managing third-party vendor risk.
  • Represent and defend hospitals, health care practices and business associates in HHS Office for Civil Rights data breach and HIPAA compliance investigations, privacy breach cases and medical / billing records class actions.
  • Manage incident response matters for HIPAA-regulated entities and manufacturing companies, including engaging and overseeing IT/technology and forensics experts.
  • Represents healthcare practices in OCR data breach and HIPAA compliance investigations, including breach factual investigations and risk assessments and oversees communications and responses with government investigators.
  • Represented covered entities and their business associates in medical privacy and data breach litigation; developed legal strategy and conducted discovery and motion practice in Ohio state court, resulting in summary judgment on grounds that disclosure of medical records complied with federal and state laws and regulations.
  • Led legal strategy focusing on medical device product liability and class action litigation for Fortune 500 companies involving multimillion-dollar cases, including effective and efficient retention and management of counsel across the country while serving in various national counsel roles.

Recognitions and Memberships


  • Certified Information Privacy Professional/US (CIPP/US)


  • Ohio State Bar Association
  • Cleveland Metropolitan Bar Association, Cyber+ Section: Former Co-Chair
  • International Association of Privacy Professionals


  • Cleveland Metropolitan Bar Association 3Rs: Rights, Responsibilities, and Realities Volunteer: John Hay High School (2007 to 2016)
  • Open Doors Academy, Board of Directors: Vice President and Governance Committee Chair (2012 to 2018)

Prior Positions

  • The Honorable Carl J. Barbier, U.S. District Court for the Eastern District of Louisiana: Law Clerk (2002-2003)
  • The Honorable James L. Dennis, U.S. Fifth Circuit Court of Appeals: Summer Law Clerk (2000)


  • U.S. Court of Appeals, Sixth Circuit
  • U.S. District Court, Northern District of Ohio
  • U.S. District Court, Southern District of Ohio
  • Ohio
  • Louisiana [Inactive]


  • J.D., Tulane University Law School, 2002, magna cum laude; Tulane Law Review, Honoree and Articles Editor; Order of the Coif
  • B.A., Syracuse University, 1996


In The Blogs

Previous Next
Data Counsel
Ohio Proposes Comprehensive Privacy Legislation
By Damon C. Barhorst, William H. Berglund
September 7, 2021
Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio...