Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

ADventures in Law

Negative Option Rule No More: How To Comply in the Wake of the Eighth Circuit’s Decision

DOJ Antitrust Division Announces Creation of First-Ever Whistleblower Rewards Program

Antitrust Advocate

State-Level Merger Scrutiny Grows: Washington, Colorado Lead Expansion of State Premerger Notification Laws

BakerHostetler Team Advises BKV in Joint Venture with Copenhagen Infrastructure Partners

As a member of the firm's Digital Assets and Data Management group, David works closely with clients to proactively assess and mitigate cyber risk, facilitate incident response preparedness&nbsp;and develop privacy and information security policies that comply with state, federal and international privacy and cybersecurity laws, including the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). He also works with clients to&nbsp;enhance enterprise security posture&nbsp;and manage responses to any digital crisis that may be present.

David also has substantial&nbsp;experience drafting and negotiating service provider agreements on behalf of customers and vendors and analyzing clients' existing agreements to evaluate and optimize contractual allocation of risks, rights and obligations in the event of a security incident.

If a security incident occurs, David draws upon his experience counseling hundreds of clients through incident response investigations, often in partnership with digital forensic investigation firms, to identify and contain the incident;&nbsp;remediate any impact upon operations;&nbsp;develop sufficient information to implement a tailored crisis communications strategy;&nbsp;perform a comprehensive evaluation of notification obligations under applicable state,&nbsp;federal and international laws;&nbsp;facilitate required notification to consumers and/or regulatory authorities; and respond to any regulatory inquiries.

Utilizing his broad knowledge of data privacy and cybersecurity, David is able to counsel and aide clients across a variety of industries on their distinct, complex digital security matters.

core/freeform

J.D., Brooklyn Law School, 2010, 

B.A., Hamilton College, 2007

<ul>
<li>Certified Information Privacy Professional (CIPP/US)</li>
</ul>


Philadelphia

David Sherman Participates in Inaugural MOXFIVE Cyber Roundtable

David Sherman, Nichole Sterling Present at NYCBA 16-Hour Bridge-the-Gap

David Sherman Takes Part on Panel at FS-ISAC Washington, DC, Member Forum

Webinar: The Privacy Strategist – Demystifying Cybersecurity Concepts for Privacy Lawyers

David Sherman Guests on WTW Webinar About Cybersecurity for Technology Companies

David Sherman, Nichole Sterling Present “Data Defense for Legal Minds” Webinar

David Sherman Speaks at Cyber Risk & Data Privacy Virtual Summit

David Sherman, Nichole Sterling Present at 16-Hour Bridge-The-Gap

Cybersecurity, Privacy and Data Protection (Ethics): Essentials for Lawyers

Cybersecurity, Privacy and Data Protection (Ethics) – Essentials for Lawyers

David Sherman and Ed McAndrew Address Cyber Incident Response at Tech Institute

Federal Prosecutors to Assess Procedures Around Use of Personal Devices and Messaging Applications When Evaluating Corporate Compliance Programs 

David Sherman Addresses Trending Cybersecurity Threats at Compliance Summit

David Sherman Takes Center Stage During CrowdStrike Cybersecurity Webinar

David Sherman a Featured Speaker for Cyberthreats Discussion

David Sherman on Panel at NetDiligence Summit

David Sherman Speaks on Panel at ACC Conference

Jeewon Serrato and David Sherman Speak at Global Privacy Summit

David Sherman Speaks on Cyber Risk during Work From Home Era

David Sherman Article Provides Overview of Cyber Risks in ARM Industry

Digital Assets and Data Management

Privacy Governance and Technology Transactions

Digital Risk Advisory and Cybersecurity

<h5>Advisory and Assessment Services</h5>
<ul>
<li>Negotiates and drafts vendor and service provider agreements to mitigate potential exposure arising from a data security incident by clearly defining a client’s relationship with the service provider; requiring the service provider to adhere to delineated information security practices molded to the specific service offering; setting forth expectations as to when, how and under what circumstances a service provider must report a potential or suspected data security incident, and preserving the client’s right to conduct an independent forensic investigation; incorporating optimal indemnification and limitation of liability language to shift liability and defense exposure to the service provider; leveraging a service provider’s insurance coverage; incorporating warranties that hold the service provider accountable for rendering services in accordance with the agreement and applicable law; applying a favorable choice of law provision governing disputes under the contract; and avoiding potential pitfalls such as waivers of subrogation that may preclude clients or their insurers from recovering damages attributable to a service provider’s conduct.</li>
<li>Counsels clients on regulatory compliance, including compliance with Payment Card Industry Data Security Standards (PCI-DSS), NYS Department of Financial Services regulations, the California Consumer Privacy Act (CCPA) and E.U. General Data Protection Regulation (GDPR). Compliance counseling services often involve guidance on data mapping, data transfer mechanisms, data subject request response and procedures, data protection impact assessments/privacy impact assessments, recordkeeping, the appointment of privacy officers and representatives, and employee training.</li>
<li>Helps clients prepare incident response plans, including &#8220;table top&#8221; exercises practicing breach response procedures, and training key personnel in all aspects of cyber risk management and response.</li>
<li>Develops and implements website, app and other privacy policies, terms of service, terms of use, and ancillary policies that address appropriate data collection, use, sharing and marketing practices.</li>
<li>Manages technical investigations and security assessments, including technical findings and prioritized recommendations, mapped to security standards that include appropriate NIST Special Publications, ISO27001/ 27002.</li>
<li>Offers transactional counseling, including compliance assessment during due diligence.</li>
</ul>
<h5>Incident Response</h5>
<ul>
<li>Coordinated incident response services for clients of all market sizes and across multiple business sectors including financial services, retail, manufacturing, healthcare, hospitality, municipal government, energy and construction.</li>
<li>Provides breach risk assessment and regulatory reporting, including response to enforcement actions.</li>
<li>Provides PCI Account Data Compromise assessment response and appeal for all major card brands.</li>
</ul>


David Sherman

David Sherman

Experience

Recognitions and Memberships

Insights and News

Prior Positions

Credentials

Community and Pro Bono

Areas of Focus

Services

Featured Insights