Director
and access,
As the leader of the firm’s Privacy + Data Responsibility team, David efficiently collaborates with cross-functional partners and client senior leadership to develop, implement, and maintain enterprise privacy, AI, and other data compliance programs. A decorated combat veteran who served as a Special Operations A-Team, Team Sergeant, David is experienced at skillfully operating on and through small teams within large bureaucratic organizations, while efficiently leveraging and managing internal and external resources to build consensus and collaboratively achieve team and organizational objectives. David brings this blend of disciplined, practical advice to his clients. David is recognized as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals (IAPP), and he is an IAPP accredited Artificial Intelligence Governance Professional (AIGP), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Professional/Europe (CIPP/E). Clients rely on David to provide proactive product and program counseling by leveraging his in-depth knowledge of practical considerations and best practices with an understanding of emerging and established technologies with respect to pre-RFP vendor selection considerations, design, development, implementation, and post implementation oversight and governance. For certain clients, David collaborates in strategic discussions and implementations with an eye toward unlocking potential data uses in a compliant manner to enable and enhance business objectives and third-party risk management. He also develops and maintains client contract management procedures, templates, and training closely collaborating with client associates, and manages the review and negotiation of enterprise level vendor contracts and related DPAs and TIAs for select clients and directly negotiates certain SaaS and other enterprise level client agreements. He also designs GLBA, CFPB, FTC and related state privacy and regulatory compliance training programs, controls, tools, and materials for insurtech and financial services clients, and as part of financial services industry events to help ensure programs and clients are well positioned to comply with rapidly evolving, complex regulatory and contractual requirements while achieving business objectives. David also adds value through advice related to data with respect to analyzing and entering into M+A transactions, and regularly counsels businesses in international acquisition transactions and cross-border joint ventures related to privacy, artificial intelligence, technology licensing, and exporting. David provides actionable advice and product-level guidance related to compliance with and in response to enforcement actions under U.S. and global privacy laws, standards, and guidance including GDPR, CCPA, CDPA, CPA, VCDPA, CTDPA, LGPD, BIPA, CFPB, FTC Act, FCRA, GLBA, HIPAA, FERPA, TCPA, CPA Profiling Rules, NIST AI Risk Management Framework 1.0 (AI RMF), UK Guidance on AI, the EU AI ACT, the Colorado AI Act, sanctions programs, EAR and ITAR export controls, and DOJ rules, including Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.
