Alumni Login

| Subscribe | Print

Services

Professionals

About Us

Offices

News/Resources

Diversity

Pro Bono

Careers

Alumni

Services
Services

Advertising, Marketing and Digital Media

Antitrust and Competition

Business and Corporate

Cartel and Government Antitrust Investigations Task Force

Class Action Defense

Commercial Litigation

Compliance

Corporate Governance

COVID-19 Compliance

Digital Assets and Data Management

Employee Benefits and Executive Compensation

Environmental

ERISA Litigation

Federal Policy

Foreign Corrupt Practices Act (FCPA)

Global Capabilities

Healthcare

Intellectual Property

International Trade and National Security

Investment Funds

Labor and Employment

Litigation

Mergers and Acquisitions

Noncompete and Trade Secrets

OSHA Defense

Private Equity

Private Wealth

Real Estate

Restructuring and Bankruptcy

Securities and Governance Litigation

Securities Offerings and Compliance

Tax

White Collar, Investigations and Securities Enforcement and Litigation

View More...
Industries

Aerospace and Defense

Communications Industry

Construction Industry

Distribution and Franchise

Energy Industry

Financial Services Industry

Healthcare Industry

Hospitality Industry

Life Sciences

Software

Sports and Entertainment

Technology in Manufacturing

View More...
Emerging Issues

Artificial Intelligence (AI)

Blockchain Technologies and Digital Assets

Business Restructuring Response Team

Coronavirus (COVID-19) Resource Center

Digital Assets Executive Order Resource Center

IncuBaker – Emerging Technologies

Internet of Things (IoT)

Post-Roe Resource Center

The Biden Administration:
Policy and Regulatory Insights

U.S. Consumer Privacy

Ukraine-Russia Conflict Resource Center

View More...
Professionals

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
About Us
Offices

Atlanta

Chicago

Cincinnati

Cleveland

Columbus

Costa Mesa

Dallas

Denver

Houston

Los Angeles

New York

Orlando

Philadelphia

San Francisco

Seattle

Washington, D.C.

Wilmington
Resources
- Overview
- News
- Press Releases
- Alerts
- Articles
- Events
- Podcasts
- Videos
- Blogs
- Subscribe
- Media Contacts
Diversity
Pro Bono
Careers

Laterals

For experienced attorneys looking to build their practice through challenging and innovative work in a leading firm...

View More...

Law Students

Summer associates are welcome to attend all in-house training programs, which may include litigation luncheon series...

View More...

Other Professionals

Because our lawyers, and in many cases our clients, rely on BakerHostetler staff members for support...

View More...
Alumni

David Sherman

He | Him | His

Partner

Philadelphia

T +1.215.564.8380

F +1.215.568.3439

dsherman@bakerlaw.com

Download Vcard LinkedIn

Overview

David Sherman helps clients anticipate, understand and proactively mitigate cyber risk. He leverages insights developed from hundreds of security incidents to deliver pragmatic, risk-informed legal counsel to key stakeholders across an organization. David is sought after for his creative, reasonable and clear approach to incident response preparedness; his ability to enhance an organization's enterprise security posture; and his skill in crafting security assessments and policies tailored to an organization's legal and business objectives.

As a member of the firm's Digital Assets and Data Management group, David works closely with clients to proactively assess and mitigate cyber risk, facilitate incident response preparedness and develop privacy and information security policies that comply with state, federal and international privacy and cybersecurity laws, including the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). He also works with clients to enhance enterprise security posture and manage responses to any digital crisis that may be present.

David also has substantial experience drafting and negotiating service provider agreements on behalf of customers and vendors and analyzing clients' existing agreements to evaluate and optimize contractual allocation of risks, rights and obligations in the event of a security incident.

If a security incident occurs, David draws upon his experience counseling hundreds of clients through incident response investigations, often in partnership with digital forensic investigation firms, to identify and contain the incident; remediate any impact upon operations; develop sufficient information to implement a tailored crisis communications strategy; perform a comprehensive evaluation of notification obligations under applicable state, federal and international laws; facilitate required notification to consumers and/or regulatory authorities; and respond to any regulatory inquiries.

Utilizing his broad knowledge of data privacy and cybersecurity, David is able to counsel and aide clients across a variety of industries on their distinct, complex digital security matters.

Select Experience

Advisory and Assessment Services

Negotiates and drafts vendor and service provider agreements to mitigate potential exposure arising from a data security incident by clearly defining a client’s relationship with the service provider; requiring the service provider to adhere to delineated information security practices molded to the specific service offering; setting forth expectations as to when, how and under what circumstances a service provider must report a potential or suspected data security incident, and preserving the client’s right to conduct an independent forensic investigation; incorporating optimal indemnification and limitation of liability language to shift liability and defense exposure to the service provider; leveraging a service provider’s insurance coverage; incorporating warranties that hold the service provider accountable for rendering services in accordance with the agreement and applicable law; applying a favorable choice of law provision governing disputes under the contract; and avoiding potential pitfalls such as waivers of subrogation that may preclude clients or their insurers from recovering damages attributable to a service provider’s conduct.
Counsels clients on regulatory compliance, including compliance with Payment Card Industry Data Security Standards (PCI-DSS), NYS Department of Financial Services regulations, the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). Compliance counseling services often involve guidance on data mapping, data transfer mechanisms, data subject request response and procedures, data protection impact assessments/privacy impact assessments, recordkeeping, the appointment of privacy officers and representatives, and employee training.

Incident Response

Coordinated incident response services for clients of all market sizes and across multiple business sectors including financial services, retail, manufacturing, healthcare, hospitality, municipal government, energy and construction.

Advisory and Assessment Services

Negotiates and drafts vendor and service provider agreements to mitigate potential exposure arising from a data security incident by clearly defining a client’s relationship with the service provider; requiring the service provider to adhere to delineated information security practices molded to the specific service offering; setting forth expectations as to when, how and under what circumstances a service provider must report a potential or suspected data security incident, and preserving the client’s right to conduct an independent forensic investigation; incorporating optimal indemnification and limitation of liability language to shift liability and defense exposure to the service provider; leveraging a service provider’s insurance coverage; incorporating warranties that hold the service provider accountable for rendering services in accordance with the agreement and applicable law; applying a favorable choice of law provision governing disputes under the contract; and avoiding potential pitfalls such as waivers of subrogation that may preclude clients or their insurers from recovering damages attributable to a service provider’s conduct.
Counsels clients on regulatory compliance, including compliance with Payment Card Industry Data Security Standards (PCI-DSS), NYS Department of Financial Services regulations, the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). Compliance counseling services often involve guidance on data mapping, data transfer mechanisms, data subject request response and procedures, data protection impact assessments/privacy impact assessments, recordkeeping, the appointment of privacy officers and representatives, and employee training.
Helps clients prepare incident response plans, including "table top" exercises practicing breach response procedures, and training key personnel in all aspects of cyber risk management and response.
Develops and implements website, app and other privacy policies, terms of service, terms of use, and ancillary policies that address appropriate data collection, use, sharing and marketing practices.
Manages technical investigations and security assessments, including technical findings and prioritized recommendations, mapped to security standards that include appropriate NIST Special Publications, ISO27001/ 27002.
Offers transactional counseling, including compliance assessment during due diligence

Incident Response

Coordinated incident response services for clients of all market sizes and across multiple business sectors including financial services, retail, manufacturing, healthcare, hospitality, municipal government, energy and construction.
Provides breach risk assessment and regulatory reporting, including response to enforcement actions.
Provides PCI Account Data Compromise assessment response and appeal for all major card brands.

Recognitions and Memberships

Recognitions

Certified Information Privacy Professional (CIPP/US)

Memberships

International Association of Privacy Professionals (IAPP)

News

10/20/2022
David Sherman Takes Center Stage During CrowdStrike Cybersecurity Webinar
7/7/2022
David Sherman a Featured Speaker for Cyberthreats Discussion
6/2/2022
David Sherman on Panel at NetDiligence Summit
5/3/2022
David Sherman Speaks on Panel at ACC Conference
4/6/2022
Jeewon Serrato and David Sherman Speak at Global Privacy Summit
10/14/2021
David Sherman Speaks on Cyber Risk during Work From Home Era
5/10/2021
David Sherman Discusses Cybersecurity at University of North Carolina GC Event
3/16/2021
Sara Goldstein, David Sherman Discuss European Privacy Concerns

Publications

Articles

7/20/2021
David Sherman Article Provides Overview of Cyber Risks in ARM Industry

Community

Hamilton Alumni Recruitment Team: Alumni Admission Volunteer

Overview
Experience
Recognitions and Memberships
News
Publications
Podcasts
Videos
Blog Posts
Events
Community
Pro Bono

Services

Prior Positions

Kings County District Attorneys Office: Legal Intern
NYSE, Office of the General Counsel: Legal Intern
U.S. Commodity Futures Trading Commission: Legal Intern
U.S. Attorneys Office, Eastern District of New York, Criminal Division: Legal Intern
The Honorable Timothy S. Driscoll, Supreme Court of the State of New York: Judicial Intern
Suffolk County Attorneys Office, General Litigation Bureau: Intern

Admissions

U.S. District Court, Southern District of New York
U.S. District Court, Eastern District of New York
U.S. District Court, Eastern District of Pennsylvania
New York
Pennsylvania

Education

J.D., Brooklyn Law School, 2010; CALI Award for Excellence in Legal Writing
B.A., Hamilton College, 2007

David Sherman

Partner

Overview

Select Experience

Advisory and Assessment Services

Incident Response

Experience

Advisory and Assessment Services

Incident Response

Recognitions and Memberships

Recognitions

Memberships

News

News

Publications

Articles

Community

Services

Prior Positions

Admissions

Education

Services

Find Professionals

Offices

About Us

Careers

Firm Diversity