David Oberly focuses his legal practice on representing sophisticated clients in a wide assortment of complex cybersecurity and data privacy matters, as well as Telephone Consumer Privacy Act (“TCPA”) matters. David’s clients range from startups to Fortune 500 companies across a broad range of industries, including technology, e-commerce, consumer products, insurance, health care, finance, energy, big data, social media, professional services, and financial institutions.
Data Privacy Regulatory Compliance
As part of his cybersecurity and data privacy practice, David frequently counsels and assists companies of all sizes and in all industries in navigating and achieving compliance with today’s rapidly-evolving data privacy laws and regulations, including the California Consumer Privacy Act (“CCPA”), General Data Protection Regulation (“GDPR”), Illinois Biometric Information Privacy Act (“BIPA”), New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation, Gramm-Leach-Bliley Act (“GLBA”), Health Insurance Portability and Accountability Act (“HIPAA”), and Health Information Technology for Economic and Clinical Health Act (“HITECH”), among others. Importantly, David possesses a comprehensive understanding of the legal landscape as it applies to data privacy laws and regulations both in the United States and internationally, including those relating to consumer data privacy, biometric data privacy, data security, behavioral advertising, data breach notification, and incident response. David utilizes this knowledge to assist clients in developing and implementing robust and comprehensive data privacy and information security programs and policies that provide for full compliance with today’s increasingly complex web of federal and state laws, self-regulatory rules, and industry best practices. In addition, David also assists clients in conducting privacy audits and assessments of data privacy regulatory compliance procedures and practices to help identify and eliminate potential areas of liability relating to regulatory compliance, and to ensure that companies are in full compliance with today’s range of privacy laws and regulations.
Data Privacy Counseling & Advising
David also counsels and advises clients seeking to assess and manage potential liability exposure and risks on a broad range of data privacy issues, including cybersecurity risk management, biometric data privacy compliance, consumer and employment privacy, incident response planning and preparedness, and vendor management. In doing so, David focuses on assisting clients in understanding how to manage data security from a legal, technical, and reputational standpoint. In particular, David assists clients in the assessment, development, and revision of cybersecurity and data privacy policies and procedures to safeguard data and minimize the risk of potential data compromise events. David also assists clients in due diligence and support during initial public offerings (“IPOs”), mergers and acquisitions (“M&A”), and other corporate transactions to identify risks, assess the adequacy of controls, and draft appropriate documentation for contractual agreements and securities filings. In addition, David advises on incident response and crisis management following data breaches, including: post-incident forensic and regulatory investigations; notifications to impacted individuals and data protection regulators; interacting with law enforcement, intelligence communities, and privacy regulators; and implementing post-incident remediation plans. David is also adept at counseling companies on data privacy issues relating to their products and services, including proper responses to subpoenas and other requests for disclosure of user information and content.
Data Privacy Litigation, Investigations & Enforcement Actions
In addition, David also assists and represents clients in litigation, investigations, and enforcement actions relating to cybersecurity and data breach incidents. As a trial attorney, David is retained frequently to litigate high exposure and high profile cases, and has developed a reputation for achieving superior results against challenging odds. David has substantial expertise in a broad array of privacy and data security litigation matters across many industries, and is skilled in defending clients in a wide range of adversarial actions arising from data breaches and other privacy incidents, including class actions brought under state consumer and privacy laws, actions brought under state biometric privacy laws, actions against responsible vendors, securities class actions or derivative actions, and payment card actions brought by banks against merchants and other plays in the payment stream. David also assists in evaluating potential claims, assessing liability risks, and providing advice on appropriate responses to regulatory activities. In addition, David is also skilled in handling investigations covering every major type of cyber incident, including network intrusions, identity theft, ransomware, and internet-facilitated fraud. David also has expertise in responding to non-malicious cyber events, including lost devices, operational errors, and inadvertent electronic transmissions. Moreover, David also represents clients with respect to government and regulatory inquiries, investigations, and enforcement actions brought by the Federal Trade Commission (“FTC”), Securities and Exchange Commission (“SEC”), Consumer Financial Protection Bureau (“CFPB”), U.S. Department of Health and Human Services (“HHS”), and state attorneys general.
TCPA Litigation Defense & Compliance Counseling
David also focuses his practice on defending high-stakes, high-exposure consumer class actions brought under the Telephone Consumer Privacy Act. David regularly defends clients across a range of different industries in TCPA litigation in federal and state courts across the country, as well as in regulatory matters before the Federal Communications Commission (“FCC”) and state regulatory agencies. In doing so, David utilizes his in-depth knowledge of the most significant and complex issues that arise in all types of TCPA litigation—including telemarketing, fax, and text messaging lawsuits—to aggressively defend clients and posture cases for dispositive dismissals or favorable settlements. In addition, David also counsels and advises clients on TCPA compliance and regulatory matters. In particular, David advises and assists clients with implementing tailored, comprehensive TCPA risk mitigation strategies and practices, developing TCPA-specific corporate policies and procedures, and designing and implementing TCPA-compliant marketing strategies and campaigns.
In addition to his day-to-day practice, David is also one of the top legal thought leaders in the area of cybersecurity and data privacy. Since 2015, David has published over 100 articles in distinguished local and national legal publications, including Law360, Legaltech News, LexisNexis Privacy & Cybersecurity Law Report, SHRM, and Ohio Lawyer. Beyond his article-publishing efforts, David also presents regularly to clients, industry groups, and his peers on a range of cybersecurity-, data privacy-, and TCPA-related topics.
Outside the Firm
David attended the University of Cincinnati on a baseball scholarship, where he graduated cum laude from the Carl E. Linder College of Business with a degree in finance and international business. As a varsity athlete at UC, David received multiple academic honors and accolades, including the UC Topcat Scholar Athlete Award (the university’s highest academic distinction awarded to varsity student athletes), as well as the Conference USA Commissioner's Academic Honor Roll. David attended law school at the Indiana University (Bloomington) Maurer School of Law on a full-tuition, merit-based academic scholarship.