David Oberly is a senior associate in the Data Privacy, Cybersecurity & Digital Assets Practice. David focuses his practice on providing sophisticated advice and guidance to corporate clients on a broad assortment of biometric privacy, data privacy and security/data protection matters. David’s clients range from startups to Fortune 50 companies and extend across myriad industries, including advertising, media, retail, consumer products, technology, e-commerce, financial services, social media and healthcare.
Outside of his day-to-day practice, David is the founder and chair of the Cincinnati Bar Association’s Cybersecurity & Data Privacy Practice Group, as well as a vice chair of the American Bar Association’s Cybersecurity & Data Privacy Committee.
Biometric Privacy Compliance and Risk Management Counseling
As a recognized thought leader in the biometric privacy space, David focuses a large portion of his practice on serving as the go-to expert for companies that utilize biometrics in their operations – counseling clients on the full range of legal and regulatory compliance obligations applicable today, as well as on managing potential legal exposure and liability risks. Using his subject matter expertise in biometrics, David provides guidance across the spectrum of varying biometric privacy issues that arise when leveraging biometrics in commercial operations today, helping companies navigate the ever-evolving biometric privacy legal landscape to ensure compliance and mitigate risk.
David also regularly develops tailored, organization-wide biometric privacy programs in connection with all types of biometric technologies to ensure continued, ongoing compliance with both current and anticipated legal requirements – allowing clients to always stay a step ahead of today’s ever-expanding web of biometric privacy regulation.
Privacy, Security and Data Protection Compliance and Risk Management Counseling
In addition, David serves as the trusted privacy advisor to a wide variety of companies, providing compliance and risk management guidance on a broad assortment of privacy, security and data protection issues that businesses face in today’s highly digital world.
In particular, David frequently works with clients in providing advice and guidance on compliance with today’s new consumer privacy laws, including the CCPA, CPRA, CDPA and CPA, as well as a range of other state and federal data privacy and protection laws, such as the New York SHIELD Act, NYDFS Part 500 Cybersecurity Regulation, Florida Security of Communications Act (FSCA), GLBA, HIPAA and FCRA, among others.
David also works with clients in operationalizing compliance through the design, development and implementation of organization-wide privacy and information security compliance programs that provide for full compliance with today’s increasingly complex web of state and federal laws, self-regulatory rules and industry best practices – with particularly extensive experience in building out programs focused on satisfying the CCPA and similar consumer privacy statutes. David conducts privacy audits and assessments of clients’ compliance procedures and practices to help identify and eliminate potential areas of privacy-related legal risk.
Another significant portion of David’s practice involves product counseling – providing guidance to help clients bring new products and services to the market. As product counsel, David works closely with clients’ business and legal teams in the design, development and launch of new data-driven products and services. David also continues his work with clients post-launch, providing ongoing guidance on new legal requirements and related developments to ensure continued legal compliance and risk management for the duration of the product life cycle.
Security Incident Response
David has deep experience in security incident response matters – both in terms of assisting clients in incident response and crisis management following data breach events and in counseling clients on concerns regarding potential security incidents. David’s expertise extends to a wide range of security incidents, including cloud data breaches, malware credit card breaches, employee phishing breaches, social media account takeover events, ransomware and inadvertent data disclosure events. David is also experienced in handling all aspects of the incident response process, including post-incident forensic and regulatory investigations, notifications to impacted individuals and privacy regulators, interacting with law enforcement and regulators, and implementing post-incident remediation plans.
Biometric Privacy, Privacy and Consumer Protection Class Action Defense
David also possesses a wealth of experience in defending and litigating high-stakes, high-exposure biometric privacy class actions, particularly those brought under the Illinois Biometric Information Privacy Act (BIPA), as well as deep experience in defending other types of privacy and consumer protection class litigation.
David is one of the top legal thought leaders in the areas of biometric privacy, data privacy and security/data protection. He has published nearly 200 articles in distinguished legal publications – including Bloomberg Law, Law360, Legaltech News and Pratt’s Privacy & Cybersecurity Law Report – in the last three years alone. As a result of his prolific publishing activities, David was recognized in JD Supra’s 2021 Readers Choice Awards as a top author in the US in the area of cybersecurity.
Biometric Privacy Counseling
Privacy, Security and Data Protection Counseling
Privacy Policies and Procedures
Biometric Privacy Class Action Defense
Privacy and Consumer Protection Class Action Defense