David J. Oberly

Biometric Privacy Counseling

• Serve as day-to-day biometric privacy and data privacy counsel for a national online eyewear retailer client.
• Serve as day-to-day biometric privacy counsel for a national financial institution client.
• Provide ongoing advice and guidance concerning biometric privacy-related risks to a range of corporate entities, including security service firms, financial institutions and retailers.
• Advised numerous clients with California operations on applicable biometric privacy compliance obligations, including California-specific compliance requirements.
• Developed an enterprise-wide biometric privacy compliance program for a national online eyewear retailer client in connection with the rollout of an online virtual try-on tool on a client website.
• Developed an enterprise-wide biometric privacy compliance program for a national financial institution client in connection with the rollout of a voice biometrics system for use in customer service call centers.

Product Counseling

• Completed comprehensive evaluation of a professional NFL franchise client’s software technology utilizing facial recognition; advised the client on biometric privacy risks and obligations, as well as compliance solutions, in advance of software implementation.
• Completed comprehensive evaluation of a client’s software technology utilizing facial recognition to capture facial characteristic data for the purpose of analyzing store patron demographics and mood; advised the client on biometric privacy risks and obligations, as well as compliance solutions, in advance of software launch.
• Scoped legal risks/obligations and advised on other potential privacy and biometric privacy implications pertaining to a financial institution client’s rollout of a call center voice biometrics service in advance of service launch.
• Scoped legal risks/obligations and advised on other potential privacy and biometric privacy implications in connection with an online eyewear retailer’s rollout of an online virtual eyewear try-on tool in advance of product launch.
• Advised an overseas consumer electronics manufacturer on compliance with US wiretap/two-party consent laws and associated data use restrictions in connection with the client’s anticipated rollout of a real-time mobile translation service for use during audio and video phone calls.

Privacy, Security and Data Protection Counseling

• Provide ongoing privacy counseling services to the world’s largest eyewear retailer concerning federal and state wiretap act-related liability exposure risks; assisted the retailer in the implementation of risk mitigation measures.
• Advised a national online eyewear retail client on wiretap act liability risk mitigation measures; drafted a privacy policy and an online/mobile notice and consent language to address wiretap act compliance and associated liability exposure.
• Advised a national online eyewear retailer on a range of complex issues pertaining to the Federal Trade Commission (FTC) Contact Lens Rule.
• Advised an innovative printer technology manufacturer client on satisfying legal obligations in connection with California and Oregon connected devices/Internet of Things (IoT) security laws.
• Advised the world’s leading provider of rehearsal and recording facilities for artists on compliance with US wiretap/two-party consent laws, as well as strategies for providing notice and obtaining consent from customers in connection with recording of customers’ music sessions.
• Advised a women’s apparel retailer on potential CAN-SPAM Act liability issues relating to various email marketing campaigns and maintenance of marketing mailing lists.
• Advised one of the world’s largest soft drink manufacturers on compliance with New York SHIELD Act security and data protection requirements; developed a security and data protection action plan to ensure ongoing, continued compliance with the SHIELD Act.
• Advised numerous clients on a range of privacy-related issues relating to the COVID-19 pandemic, including compliance with privacy laws pertaining to COVID-19 temperature screening programs, health screening programs, and disclosure of positive employee/visitor test results.
• Advised one of the largest US non-profit organizations on the scope of permissible data sharing with domestic and foreign third parties; prepared a vendor data sharing agreement to mitigate liability risk.
• Advised a client on applicable COPPA compliance obligations in connection with the client’s children’s app; assisted in the implementation of mechanisms for securing parental consent through an email registration process; drafted a children’s privacy notice for use by the client.
• Regularly advise clients on responding to security and data compromise incidents involving phishing, malware, inadvertent data disclosures, social media account takeovers, network intrusions and ransomware attacks, including addressing notification obligations and regulatory inquiries/investigations.

Privacy Policies and Procedures

• Developed a HIPAA compliance program for a prominent, national environmental organization, including preparation of required policies, procedures and related privacy documents.
• Drafted enterprise-wide privacy and information security policies and procedures for a national security firm client.
• Drafted comprehensive guidance materials and template forms for employers’ COVID-19 employee temperature screening and health screening programs.
• Drafted an NYDFS Part 500 Cybersecurity Regulation-compliant Cybersecurity Policy and Security Incident Response Plan for a financial institution client; advised the client on recommended practices and controls for satisfying a range of NYDFS Cybersecurity Regulation compliance obligations.
• Regularly assist a range of clients in a diverse set of industries in proactively managing risk by developing and implementing global privacy compliance and information governance programs, including drafting enterprise-wide privacy, security and data protection policies.
• Regularly draft a range of online privacy documents, including privacy policies/statements; online terms of use containing consumer arbitration provisions, class action waivers and related clickwrap agreements; consumer privacy, financial incentive and children’s privacy notices; wiretap act-related notice and consent banner language; and cookie banner language.

Biometric Privacy Class Action Defense

• Obtained voluntary dismissal of a national online eyewear retailer client in a putative BIPA class action involving the client’s virtual eyewear try-on tool within 48 hours of being retained to defend the matter.
• Obtained voluntary dismissal of a national online eyewear retailer client in a second putative BIPA class action involving the client’s virtual eyewear try-on tool prior to service being attempted by opposing counsel.
• Obtained voluntary dismissal of an international cosmetics company client in a putative BIPA class action involving the client’s virtual cosmetics try-on tool through utilization of a persuasive dismissal demand letter educating opposing counsel on the applicability of arbitration defense available to the client – prompting opposing counsel to dismiss the action in its entirety without the need to engage in motion practice.
• Obtained dispositive dismissal of a national party store chain client in a putative BIPA class action involving allegations of improper collection/possession of employee fingerprints through the use of a biometric timeclock.
• Facilitated a nuisance value settlement on behalf of a national food producer client in a putative BIPA class action involving allegations of improper collection/possession/disclosure of employee fingerprints through the use of a biometric timeclock through utilization of early dispositive motion practice.
• Facilitated a nuisance value settlement on behalf of the eighth-largest retailer in the US in a putative BIPA class action relating to purported collection/possession of scans of facial geometry through the client’s virtual cosmetics try-on tool.

Privacy and Consumer Protection Class Action Defense

• Obtained dismissal with prejudice of a multinational eyewear brand client in a putative Florida Security of Communications Act (FSCA) class action involving allegations of unlawful interception of private electronic communications through the use of session replay software. The first FSCA lawsuit in the nation to be dismissed with prejudice on Rule 12(b)(6) motion to dismiss.
• Obtained summary judgment on behalf of a national banking association in a putative FCRA class action involving allegations of inaccurate credit reporting.
• Obtained dispositive dismissal with prejudice – prior to expiration of a responsive pleading deadline – on behalf of a national banking association in a putative consumer protection class action involving alleged improper overdraft fee practices through utilization of a Rule 11 letter.
• Facilitated a nuisance value settlement on behalf of a national timeshare management software and financial services client in a putative TCPA class action through utilization of an aggressive litigation strategy and dispositive motion practice.
• Obtained dispositive dismissal prior to expiration of a responsive pleading deadline on behalf of a national home storage/organization specialty retailer in a putative consumer class action involving alleged improper return/refund practices through utilization of a Rule 11 letter.