David F. Katz
Shareholder
David F. Katz
Shareholder
PRACTICE AREAS
Privacy, Cyber Security, Data Management, Cyber Incident Response and Investigations, Technology Transactions, E-Commerce, Software Licensing and Distribution, Financial Regulatory and Technology, Corporate and Business Transactions, Criminal Defense
EDUCATION
The University of Baltimore School of Law, J.D. 1999
The University of Georgia, B.A. 1996
BIOGRAPHY
Mr. Katz serves as counselor and advisor to the C-Suite and General Counsel for both public and private companies. Mr. Katz previously served as senior legal counsel in the corporate law department advising a fortune 1000 publicly traded company in Atlanta, as a Baltimore City prosecutor and as a Judge Advocate in the United States Army Reserve. He speaks and writes on matters relating to technology, privacy and data security. His tweets can be followed on twitter @KatzFDavid and his posts at David F. Katz | LinkedIn.
SERVICES AND OFFERINGS
We provide practical advice on all aspects of privacy, data management, cyber risk and liability, incident response and data breach, and data management. Our services include:
Risk Management and Compliance
- Evaluating compliance with all U.S. federal and state privacy and information management requirements, including the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Children’s Online Privacy Protection Act (COPPA), Fair Credit Reporting Act (FCRA), Fair and Accurate Credit Transactions Act of 2003 (FACTA), Driver’s Privacy Protection Act (DPPA), California Consumer Privacy Act (CCPA), state laws regulating the collection of Biometric Data, Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM), state and federal security breach notification laws, the Payment Card Industry Data Security Standard (PCI DSS), global requirements under the European Union’s General Data Protection Regulation (GDPR), and other federal and state requirements.
- Designing privacy programs, including advising on organizational structure, policies, and practices, to help manage data in accordance with U.S. and global privacy laws, educate boards of directors and senior management on legal compliance issues, and provide employee privacy awareness training.
Commercial and Corporate Transactions
- Evaluating, drafting, and negotiating third-party vendor software, infrastructure support, managed services, technology licensing agreements, information use agreements, and data sharing agreements to mitigate risk.
- Evaluating, drafting, and negotiating privacy and cybersecurity provisions and drafting consumer facing privacy policies and terms of service for web-based or mobile applications.
- Performing privacy and security-based due diligence to assess risks in mergers and acquisitions. We negotiate representation and warranties specific to technology and data management, and advise on data integration/deletion post-closing.
- Handling all aspects of vendor engagement, information security due diligence and contract review work for financial institutions.
- Providing go-to-market advice and risk analysis related to data security, plus advising on data management in the formation of new service offerings and technology platforms for large and small companies including early stage and pre-seed companies.
Investigations and Dispute Resolution
- Providing advocacy in response to allegations of misuse of data and representing clients in state and federal investigations, including actions and requests for information from state attorneys general and the Federal Trade Commission.
- Counseling clients in online defamation and violation of social media terms of service issues and litigation.
Cyber Advisory and Risk Services
- Advising on appropriate cyber insurance coverage solutions based upon a client’s exposure, from reviewing existing policy language and referrals to brokers and carriers with specialty coverage to handling post-breach cyber coverage analysis recovery under policies and related coverage litigation.
- Advising on cybersecurity consultant retention under the attorney-client privilege and ensuring litigation readiness for clients, including conducting risk assessments and data security audits, as well as counseling clients on practices to help mitigate data, business, and litigation risks.
Integrated Incident Response Preparedness
- Developing incident response plans and conducting tabletop cyber-attack simulation exercises.
- Counseling on time-sensitive incident response measures, including breach containment, incident investigations and disclosures, consumer notifications, law enforcement and government relations communications, data and evidence preservation, regulatory reporting and litigation, and discovery readiness.
REPRESENTATIVE EXPERIENCE
- Advising a financial institution and payment processing vendor through all stages of a cyber security incident involving the loss of sensitive customer data, including incident analysis and breach containment, incident disclosure, loss mitigation and remediation customized to meet each client’s specific business and industry requirements.
- Counseling of a school board on incident response, ransomware attacks, and recovery efforts.
- Counseling multiple franchise systems through incident analysis, breach response, and a state consumer protection regulatory inquiry and payment card brand investigation.
- Advised global software provider on the European Union’s General Data Protection Regulation.
- Counseled a large construction company in developing a company-wide document retention policy, including drafting an electronic resources policy and various training documents for effective onsite implementation.
- Advising multiple financial institutions on the development of incident response plans and the safeguarding of sensitive information, as required under federal regulations and banking regulatory guidelines.
- Counseling an international construction company and hotel portfolio management company through a breach investigation, response, and notification involving the theft of employee W-2 tax information obtained as a result of phishing scheme.
- Providing legal advice to high-level executives and department managers of major retail companies regarding consumer law, consumer protections issues, and collections practices, assuring compliance and helping these companies avoid detrimental risks.
- Conducted an analysis of a newly designed piece of equipment that was designed to report back end-user data through internet connected devices installed in the water crafts for a global marine engine, pleasure craft, and water sports equipment manufacturer.
- Counseling multiple clients regarding emerging and new digital offerings, e.g., cloud, software, interactive, analytics and mobility.
- Counseling clients on the development of data retention, deletion policies, and adoption of data governance models and standards.
- Advising numerous companies, in public and private mergers and acquisitions, the assessment of global privacy and data security risks and deal structuring.
- Performing privacy and security due diligence for both buy- and sell-side deals for multiple corporate clients, including private equity and venture capital funds.
- Drafting and revising vendor contracts for a national retailer, with particular attention to vendor contract due diligence, ongoing assessments, audits and testing, insurance requirements, security requirements and procedures, and indemnification.
- Reviewing the Twitter, Facebook, and other social media interfaces for many businesses, including providing disclaimers, acceptable use, privacy, and advertising limitations.
- Coordinating breach and incident response in connection with state breach notice and personal information and privacy laws, including notification, mitigation, regulatory response, and litigation.