David leads clients through complex privacy and cybersecurity matters, adapting to ever-changing laws to solve difficult client matters.
David helps clients understand and comply with the complex maze of existing and emerging state, federal, and international privacy and information security laws. David regularly counsels clients on the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA). He also assists clients in preparing for and responding to data security incidents, including managing multi-state breach notifications.
A recognized thought leader, David is a frequent author and speaker on privacy and cybersecurity. He was selected as JD Supra's top author in data privacy in 2022. He has been published and quoted in numerous publications, including the Wall Street Journal, Bloomberg Law, The Hill, U.S. News & World Report, CBS News, Cybersecurity Law Report, Law360, Security Magazine, Data Guidance, the IAPP's Privacy Advisor, and Corporate Counsel. David is editor of the Byte Back blog – one of the leading law firm data privacy blogs in the U.S. He hosts the Data Privacy Unlocked podcast, which focuses on the development of U.S. privacy law.
David also has assisted lawmakers in drafting privacy and cybersecurity legislation. In 2018, he assisted in drafting Colorado's data breach and information security legislation, serving as the outside subject-matter expert for the Colorado Attorney General's office. In 2022 and 2023, he was a member of the work groups for the Connecticut Data Privacy Act and children's privacy law amendments, serving as an outside subject-matter expert for the bill's sponsors. In 2024, he was a member of the multi-state work group on artificial intelligence regulation.
David is designated as a Privacy Law Specialist (PLS) by the International Association of Privacy Professionals (IAPP). The PLS designation verifies that David has met the IAPP and American Bar Association's rigorous experience and knowledge requirements and distinguished himself as a leader in the privacy law industry. David also is certified as a Fellow of Information Privacy (FIP) by the IAPP, a designation signifying comprehensive knowledge of privacy and data protection laws. He also has been certified by the IAPP as a Certified Information Privacy Professional in the laws of the United States (CIPP/US), the laws of the European Union (CIPP/E), and as a Certified Information Privacy Technologist (CIPT).