David P. Saunders (CIPP/US, CIPM) is an experienced litigator who focuses his practice on privacy and cybersecurity matters. David helps clients mitigate and manage risks related to data privacy and cybersecurity, from counseling on compliance with privacy regulations and managing data incident responses, to navigating regulatory investigations and handling biometric and other privacy-related litigation.
David works collaboratively with a diverse range of clients, from small business and pro bono clients to multinational Fortune 100 companies, understanding and advising on their data practices to provide guidance on the myriad issues that arise in today’s digital world.
Additionally, David has experience conducting risk assessments, developing privacy programs, drafting privacy policies, performing due diligence for corporate transactions, negotiating vendor agreements and working with clients through data incident response. He regularly counsels on HIPAA, HITECH, GLBA, CCPA and state law privacy obligations, including engaging with key rulemakers at the state level to advance clients’ interests. He has litigated and helped resolve matters related to data privacy and cybersecurity issues, including navigating potential and actual regulatory investigations.
David has successfully worked with a number of state attorney general’s offices and federal regulators, and advocated on behalf of clients in the telecommunications, consulting and financial services sectors whether in response to routine inquiries or in response to reported data incidents. This work has included collaborating with clients to provide testimony and comment on existing and planned data privacy legislation at the state and federal levels and respond to investigations and inquiries by state AGs and federal regulators.
David maintains an active pro bono practice, having represented inmates in various actions in state and federal courts, and providing privacy program development, counseling and training to non-profits.