Firm Adds Three Data Privacy and Security Attorneys with Roy Wyman, Colton Driver and Wesley McCulloch

Nashville, (January 20, 2022) – Bass, Berry & Sims is pleased to announce the addition of Roy Wyman as a member and Colton Driver and Wesley McCulloch as associates in the Nashville office. Each attorney focuses his practice on complex data privacy and cybersecurity matters, bolstering the firm’s privacy and data security offerings within its Intellectual Property & Technology Practice Group. Prior to joining the firm, Wyman, Driver and McCulloch practiced with Nelson Mullins LLP, where Wyman chaired the Privacy & Security Industry Group.

“We are excited to welcome Roy, Wesley and Colton to our growing team,” said Robert Brewer, co-chair of the firm’s Intellectual Property & Technology Practice Group. “There is enormous demand and need by our clients for support given the dramatic changes in the privacy regulatory environment. We are excited for the chance to elevate and expand our services with the addition of such a recognized and respected leader in the space and with the great experience Colton and Wesley bring as certified cybersecurity professionals. All three attorneys bring diverse and impressive data privacy and security law backgrounds and experience in compliance and assessment services, developing privacy programs, responding to data breaches, and guiding clients through international, federal and state privacy laws and regulations. We continue to invest in our practice to ensure that we remain well-positioned to provide sophisticated guidance across the full-range of legal and business-sensitive privacy counseling matters, and related litigation, investigations and transactional issues.”

Roy Wyman brings 28 years of experience representing a variety of commercial entities on complex data security matters and related regulatory concerns, including previous service as Chief Privacy Officer and Associate General Counsel for TeamHealth, Inc., one of the nation’s largest physician staffing companies. He also served as Senior Legal Counsel for CVS Caremark Corp (now CVS Health), leading in operational and regulatory matters for certain divisions of CVS Health, including as primary counsel for MinuteClinic retail and for CVS’s disease management, medical/pharmacy software and claims management subsidiaries. A regular author and speaker, Wyman counsels businesses as they navigate data privacy and IT security issues arising under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), General Data Protection Regulation (EU GDPR), Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, the California Consumer Privacy Act (CCPA) and other similar and related statutes. He also counsels healthcare entities in regulatory and transactional matters. He earned a law degree from the University of Michigan Law School (1993) and a B.A. from Wheaton College (1986).

Colton Driver counsels clients on the development and implementation of data security and compliance programs and is experienced representing clients navigating the EU GDPR, CCPA and other regulatory statutes. He also works with companies on effective data collection, processing and transfer strategies related to complex litigation. He is a member of the International Association of Privacy Professionals (IAPP), the world’s largest and most comprehensive data privacy community, and he holds its Certified Information Privacy Professional – Europe (CIPP/E) certification. Driver is also a member of the Sedona Conference Working Group 11 on Data Security and Privacy Liability and the Defense Research Institute (DRI), and he holds multiple expert-level certifications in OneTrust software. Driver earned a law degree from the University of South Carolina School of Law (2016) and a B.A. from the University of South Carolina (2011).

Colton Driver is currently licensed to practice in South Carolina and registered to practice in Tennessee pursuant to Tenn. Sup. Ct. R. 7 Sec. 10.07

Wesley McCulloch advises clients in the areas of privacy and data security, as well as compliance with a wide range of related international, national and state regulations, including HIPAA, EU GDPR, TCPA and CCPA. He is experienced in drafting and negotiating agreements related to data processing and use and navigating data breach responses. He also counsels businesses in technology transactions, including licensing and reseller arrangements and strategic alliances. McCulloch is certified in Health Care Compliance by the Health Care Compliance Association, and he holds a CIPP/US certification. He is also a member of IAPP. McCulloch previously clerked with Judge Joseph H. Loper, Jr. of the Fifth Circuit Court District of Mississippi and with Judge Glen H. Davidson of the U.S. District Court for the Northern District of Mississippi. While in law school, he interned with Judge David Sanders of the U.S. District Court for the Northern District of Mississippi and with Judge Michael P. Mills of the U.S. District Court for the Northern District of Mississippi. McCulloch earned a law degree from the University of Mississippi School of Law (2015) and a B.B.A from Mississippi State University (2011).

About Bass, Berry & Sims PLC

With more than 300 attorneys in offices in Washington, D.C. and Tennessee, Bass, Berry & Sims represents numerous publicly traded companies and Fortune 500 businesses in significant litigation, investigations, international regulatory matters, and business transactions. Our attorneys work seamlessly across substantive practice disciplines, industries and geographies to deliver highly effective service and business-focused solutions. For more information, visit

Media Coverage

This announcement was covered in several media outlets, including: