David M. Brown

Associate

Philadelphia
T +1.215.564.2862
F +1.215.568.3439

Overview

David Brown is a member of the firm’s Chambers USA-ranked privacy and data protection team. David counsels companies on a range of privacy and data security issues across federal and state laws, providing companies with practical solutions that minimize regulatory and litigation risk. Specifically, he has experience counseling clients on the Gramm-Leach-Bliley Act, HIPAA, FERPA, PCI-DSS, the FTC Act, state data protection laws and the European Union’s General Data Protection Regulation (GDPR).

When data security incidents occur, David regularly works with clients to develop strategies for evaluating what happened, containing and remediating incidents, assessing regulatory reporting requirements and effectively communicating about the incident — with a particular focus on protecting clients’ reputations and minimizing regulatory and litigation risks. He has handled hundreds of data security incidents for entities of all sizes, including merchants, financial institutions, healthcare providers and educational institutions.

Select Experience

  • Represented global hospitality company in a payment card security incident involving properties all over the world, including all aspects of the internal forensic investigation, payment card industry forensic investigation, communications strategy, and notifying and responding to state and international regulators.
  • Advised a global confectionery producer on the collection and processing of employee information and global data transfer management.
  • Advised a publicly traded manufacturer on developing incident response plans, negotiating agreements with incident response vendors, conducting tabletop exercises and responding to data security incidents.
More »

Experience

  • Represented global hospitality company in a payment card security incident involving properties all over the world, including all aspects of the internal forensic investigation, payment card industry forensic investigation, communications strategy, and notifying and responding to state and international regulators.
  • Advised a global confectionery producer on the collection and processing of employee information and global data transfer management.
  • Advised a publicly traded manufacturer on developing incident response plans, negotiating agreements with incident response vendors, conducting tabletop exercises and responding to data security incidents.
  • Coordinates all aspects of data security incident response, conducting initial breach intake, vetting and selecting vendors (forensics, PR and notification), drafting notification materials (individual notification, talking points, frequently asked questions, media statements and regulatory notification), supervising and directing forensic investigations, and assisting clients with mitigation activities.
  • Develops information security schedules for managed service provider agreements, along with negotiation guidance for use by in-house counsel.
  • Regularly advises clients in responding to regulatory inquiries and civil investigative demands (CIDs) from state attorneys general and the U.S. Health and Human Services Office for Civil Rights (OCR). Coordinates and participates in clients’ internal investigations, document and policy reviews, and prepares formal responses to regulatory inquiries.

Recognitions and Memberships

Memberships

  • American Bar Association

Community

  • SeniorLAW Center: Board of Directors

Prior Positions

  • Law Clerk for the Honorable Robert L. Vining, U.S. District Court for the Northern District of Georgia (2012 to 2013)
  • U.S. Attorney’s Office for the Eastern District of New York: AUSA Intern (2012)
  • Judicial Intern for the Honorable Joel H. Slomsky, U.S. District Court for the Eastern District of Pennsylvania (2011)

Admissions

  • U.S. Court of Appeals, Second Circuit
  • U.S. District Court, Eastern District of Pennsylvania
  • U.S. District Court, Eastern District of New York
  • U.S. District Court, District of New Jersey
  • Pennsylvania
  • New York
  • New Jersey

Education

  • J.D., New York Law School, 2012; magna cum laude; New York Law School Law Review, Executive Editor
  • M.C.R.P., University of Cincinnati, 2009
  • B.A., Public Policy, Cleveland State University, 2007, summa cum laude

Blog

In The Blogs

Previous Next
Data Privacy Monitor
New Guidance on GDPR Data Processing Contracts Published by the UK ICO
By David M. Brown
December 14, 2018
The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously...
Read More ->
Data Privacy Monitor
Cookies and Consent Under the EU GDPR
By David M. Brown
November 29, 2018
According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining consent under...
Read More ->
Data Privacy Monitor
EU-U.S. Privacy Shield Framework Joint Annual Review 2.0
By David M. Brown
October 30, 2018
As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the...
Read More ->
Data Privacy Monitor
Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements
By David M. Brown
May 31, 2018
Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into...
Read More ->
Data Privacy Monitor
A New Tax Season, but the Same W-2 Spear Phishing Scam
By David M. Brown
January 22, 2018
According to the IRS, the IRS saw the number of businesses, public schools, universities, tribal governments and nonprofits victimized by W-2 scams increase to 200 in 2017 from 50 in 2016. Those 200 victims translated into several hundred...
Read More ->