Corporate Counsel & Data Risk Management

Overview

---

David provides comprehensive counsel to C-Suite executives and General Counsel navigating complex regulatory environments, data security requirements, and organizational risk. His approach combines Fortune 1000 in-house experience with the responsiveness and strategic perspective of outside counsel.

Representative Experience

---

• Advising a financial institution and payment processing vendor through all stages of a databreach incident involving the loss of sensitive customer data, including incident analysis and breach containment, incident disclosure, loss mitigation and remediation customized to meet each client's specific business and industry requirements.
• Counseling healthcare companies on incident response, ransomware attacks, recovery efforts and reporting to OCR-HHS.
• Counseling multiple franchise systems through incident analysis, breach response, and a state consumer protection regulatory inquiry and payment card brand investigation.
• Counseled a large construction company in developing a company-wide document retention policy, including drafting an electronic resources policy and various training documents for effective onsite implementation.
• Advised a multinational oil and gas company on data privacy issues including evaluation of all U.S. federal and state privacy and information management requirements.
• Advising multiple financial institutions on the development of incident response plans and the safeguarding of sensitive information, as required under federal regulations and banking regulatory guidelines.
• Counseling an international construction company and hotel portfolio management company through a breach investigation, response, and notification involving the theft of employee W-2 tax information obtained as a result of phishing scheme.
• Providing legal advice to high-level executives and department managers of major retail companies regarding consumer law, consumer protections issues, and collections practices, assuring compliance and helping these companies avoid detrimental risks.
• Conducted an analysis of a newly designed piece of equipment that was designed to report back end-user data through internet connected devices installed in the water crafts for a global marine engine, pleasure craft, and water sports equipment manufacturer.
• Counseling multiple clients regarding emerging and new digital offerings, e.g., cloud, software, interactive, analytics and mobility.
• Counseling clients on the development of data retention, deletion policies, and adoption of data governance models and standards.
• Advising numerous companies, in public and private mergers and acquisitions, the assessment of global privacy and data security risks and deal structuring.
• Performing privacy and security due diligence for both buy- and sell-side deals for multiple corporate clients, including private equity and venture capital funds.
• Drafting and revising vendor contracts for a national retailer, with particular attention to vendor contract due diligence, ongoing assessments, audits and testing, insurance requirements, security requirements and procedures, and indemnification.
• Reviewing the Twitter, Facebook, and other social media interfaces for many businesses, including providing disclaimers, acceptable use, privacy, and advertising limitations.