David Sherman helps clients anticipate, understand and proactively mitigate cyber risk. He leverages insights developed from hundreds of security incidents to deliver pragmatic, risk-informed legal counsel to key stakeholders across an organization. David is sought after for his creative, reasonable and clear approach to incident response preparedness; his ability to enhance an organization's enterprise security posture; and his skill in crafting security assessments and policies tailored to an organization's legal and business objectives.
As a member of the firm's Digital Assets and Data Management group, David works closely with clients to proactively assess and mitigate cyber risk, facilitate incident response preparedness and develop privacy and information security policies that comply with state, federal and international privacy and cybersecurity laws, including the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). He also works with clients to enhance enterprise security posture and manage responses to any digital crisis that may be present.
David also has substantial experience drafting and negotiating service provider agreements on behalf of customers and vendors and analyzing clients' existing agreements to evaluate and optimize contractual allocation of risks, rights and obligations in the event of a security incident.
If a security incident occurs, David draws upon his experience counseling hundreds of clients through incident response investigations, often in partnership with digital forensic investigation firms, to identify and contain the incident; remediate any impact upon operations; develop sufficient information to implement a tailored crisis communications strategy; perform a comprehensive evaluation of notification obligations under applicable state, federal and international laws; facilitate required notification to consumers and/or regulatory authorities; and respond to any regulatory inquiries.
Utilizing his broad knowledge of data privacy and cybersecurity, David is able to counsel and aide clients across a variety of industries on their distinct, complex digital security matters.