David Oberly focuses his legal practice on representing sophisticated clients in a wide assortment of complex cybersecurity and data privacy matters. David’s clients range from startups to Fortune 500 companies across a broad range of industries, including technology, e-commerce, consumer products, insurance, health care, finance, energy, big data, social media, professional services, and financial institutions.
Data Privacy Regulatory Compliance
As part of his cybersecurity and data privacy practice, David frequently counsels and assists companies of all sizes and in all industries in navigating and achieving compliance with today’s rapidly-evolving data privacy laws and regulations, including the California Consumer Privacy Act (“CCPA”), General Data Protection Regulation (“GDPR”), New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation, Gramm-Leach-Bliley Act (“GLBA”), Health Insurance Portability and Accountability Act (“HIPAA”), and Health Information Technology for Economic and Clinical Health Act (“HITECH”), among others. Importantly, David possesses a comprehensive understanding of the legal landscape as it applies to data privacy laws and regulations both in the United States and internationally, including those relating to consumer data privacy, data security, behavioral advertising, data breach notification, and incident response. David utilizes this knowledge to assist clients in developing and implementing robust and comprehensive data privacy and information security programs and policies that provide for full compliance with today’s increasingly complex web of federal and state laws, self-regulatory rules, and industry best practices. In addition, David also assists clients in conducting privacy audits and assessments of data privacy regulatory compliance procedures and practices to help identify and eliminate potential areas of liability relating to regulatory compliance, and to ensure that companies are in full compliance with today’s range of privacy laws and regulations.
Data Privacy Counseling & Advising
David also counsels and advises clients seeking to assess and manage potential liability exposure and risks on a broad range of data privacy issues, including cybersecurity risk management, consumer and employment privacy, incident response planning and preparedness, and vendor management. In doing so, David focuses on assisting clients in understanding how to manage data security from a legal, technical, and reputational standpoint. In particular, David assists clients in the assessment, development, and revision of cybersecurity and data privacy policies and procedures to safeguard data and minimize the risk of potential data compromise events. David also assists clients in due diligence and support during initial public offerings (“IPOs”), mergers and acquisitions (“M&A”), and other corporate transactions to identify risks, assess the adequacy of controls, and draft appropriate documentation for contractual agreements and securities filings. In addition, David advises on incident response and crisis management following data breaches, including: post-incident forensic and regulatory investigations; notifications to impacted individuals and data protection regulators; interacting with law enforcement, intelligence communities, and privacy regulators; and implementing post-incident remediation plans. David is also adept at counseling companies on data privacy issues relating to their products and services, including proper responses to subpoenas and other requests for disclosure of user information and content.
Litigation, Investigations & Enforcement Actions
In addition, David also assists and represents clients in litigation, investigations, and enforcement actions relating to cybersecurity and data breach incidents. As a trial attorney, David is retained frequently to litigate high exposure and high profile cases, and has developed a reputation for achieving superior results against challenging odds. David has substantial expertise in a broad array of privacy and data security litigation matters across many industries, and is skilled in defending clients in a wide range of adversarial actions arising from data breaches and other privacy incidents, including class actions brought under state consumer and privacy laws, actions against responsible vendors, securities class actions or derivative actions, and payment card actions brought by banks against merchants and other plays in the payment stream. David also assists in evaluating potential claims, assessing liability risks, and providing advice on appropriate responses to regulatory activities. In addition, David is also skilled in handling investigations covering every major type of cyber incident, including network intrusions, identity theft, ransomware, and internet-facilitated fraud. David also has expertise in responding to non-malicious cyber events, including lost devices, operational errors, and inadvertent electronic transmissions. Moreover, David also represents clients with respect to government and regulatory inquiries, investigations, and enforcement actions brought by the Federal Trade Commission (“FTC”), Securities and Exchange Commission (“SEC”), Consumer Financial Protection Bureau (“CFPB”), U.S. Department of Health and Human Services (“HHS”), and state Attorneys General.
In addition to his day-to-day practice, David is also one of the top legal thought leaders in the area of cybersecurity and data privacy. Since 2015, David has published just under 100 articles in distinguished local and national legal publications, including Law360, Legaltech News, LexisNexis Privacy & Cybersecurity Law Report, SHRM, and Ohio Lawyer. Beyond his article publishing efforts, David also presents regularly to clients, industry groups, and his peers on a range of cybersecurity- and data privacy-related topics.
Outside the Firm
David has strong roots and ties to Ohio. David attended the University of Cincinnati on a baseball scholarship, where he graduated cum laude from the Carl E. Linder College of Business with a degree in finance and international business. As a varsity athlete at UC, David received multiple academic honors and accolades, including the UC Topcat Scholar Athlete Award (the university’s highest academic distinction awarded to varsity student athletes), as well as the Conference USA Commissioner's Academic Honor Roll. David attended law school at the Indiana University (Bloomington) Maurer School of Law on a full-tuition, merit-based academic scholarship.