David leads clients through complex privacy and cybersecurity matters, adapting to ever-changing laws to solve difficult client matters.
David helps clients understand and comply with the complex maze of existing and emerging state, federal, and international privacy and information security laws. David regularly counsels clients on the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA). He also assists clients in preparing for and responding to data security incidents, including managing multi-state breach notifications.
A recognized thought leader, David is a frequent author and speaker on privacy and cybersecurity. He was selected as JD Supra's top author in data privacy in 2022. He has been published and quoted in numerous publications, including the Wall Street Journal, Bloomberg Law, The Hill, U.S. News & World Report, CBS News, Cybersecurity Law Report, Law360, Security Magazine, Data Guidance, the IAPP's Privacy Advisor, and Corporate Counsel. David is editor of the Byte Back blog – one of the leading law firm data privacy blogs in the U.S. He hosts the Data Privacy Unlocked podcast, which focuses on the development of U.S. privacy law.
David also has assisted lawmakers in drafting privacy and cybersecurity legislation. In 2018, he assisted in drafting Colorado's data breach and information security legislation, serving as the outside subject-matter expert for the Colorado Attorney General's office. In 2022, he was a member of the work group for the Connecticut Data Privacy Act and served as an outside subject-matter expert for the bill's sponsors.
David is designated as a Privacy Law Specialist (PLS) by the International Association of Privacy Professionals (IAPP). The PLS designation verifies that David has met the IAPP and American Bar Association's rigorous experience and knowledge requirements and distinguished himself as a leader in the privacy law industry. David also is certified as a Fellow of Information Privacy (FIP) by the IAPP, a designation signifying comprehensive knowledge of privacy and data protection laws. He also has been certified by the IAPP as a Certified Information Privacy Professional in the laws of the United States (CIPP/US), the laws of the European Union (CIPP/E), and as a Certified Information Privacy Technologist (CIPT).