Skip to Content

With in-depth knowledge of the many privacy laws affecting multiple sectors of the economy, including retail and franchise operations, financial services, higher education and emerging technologies, C-suite executives, chief information security officers and general counsel rely on David to help them navigate the challenges of protecting companies’ data assets in the digital landscape.

David Katz’s practice encompasses privacy law and compliance, data security, data management and data governance, vendor management, corporate governance, crisis management, regulatory compliance and ethics. He works closely with clients, counseling on the development, management, and oversight of privacy and compliance programs and vendor management programs. David also helps clients develop internal policies and compliance procedures, employee and consumer education strategies, implementation of auditing and monitoring controls, reviews of disciplinary and enforcement activities, and risk assessments. David also has experience in drafting consumer-facing privacy and mobile application privacy policies and complex data sharing and data protection agreements between corporate entities.

When clients encounter a cybersecurity threat, David responds rapidly and helps companies work to assess, contain and mitigate the incident, comply with their legal and compliance obligations, manage the legal and regulatory response, reestablish normal operations and resume business as usual as soon as possible. David is an experienced, reliable and knowledgeable presence who assists companies impacted by a data incident at all stages of an incident, from investigation, notification, remediation and litigation to regulatory inquiries. Clients value his judgment and experience in crisis communication and crisis management relating to cybersecurity threats and incident response and recovery.

As part of his data protection practice, David also provides privacy and security due diligence reviews for companies in the midst of mergers and acquisitions and advice concerning the legal and regulatory considerations for transactions involving the processing of data in such contexts. He regularly advises early stage technology companies on go-to-market strategies in consideration of their technology, data management and legal compliance strategies and planning.

In addition to his work with clients in the areas of cybersecurity, technology, data protection and privacy, David is a prolific author and in-demand speaker on these topics. His thought leadership in this area has reached audiences nationally and globally.

Prior to entering private practice, David served as senior legal counsel and privacy manager in the corporate law department, advising Aaron’s, Inc., a Fortune 1000 publicly traded company. He also served as a Senior Assistant District Attorney for the Office of the District Attorney for Fulton County, and as a Senior Assistant State’s Attorney – Firearms Enforcement Violence Enforcement (F.I.V.E.) Division in the Office of the State’s Attorney for Baltimore City and as Assistant State’s Attorney in the Narcotics Division and District Court Division. David also served his country as Captain in the Judge Advocate General Corps in the United States Army Reserves.

Publications

  • SEC Releases New Guidance on Cybersecurity Disclosures and Controls, ALM’s Cybersecurity Law & Strategy - Author (April 3, 2018)
  • SEC cybersecurity guidance: What CCOs should know, Compliance Reporter - Author (March 6, 2018)
  • Make Data Due Diligence a Priority in Merger & Acquisitions, Association of Corporate Counsel Georgia - Author (September 21, 2017)
  • Balancing Innovation and Compliance: The Regulatory Tortoise and the Technology Hare, Corporate Compliance Insights - Author (September 12, 2017)
  • Third-Party Cybersecurity Strategies Critical to Preparedness, American Lawyer Media’s Cybersecurity Law & Strategy - Co-Author (August 2017)
  • Key Privacy and Security Issues for Franchisors, The Franchise Handbook - Co-Author (May 31, 2017)
  • The Feds: Who is Accountable for Managing Cybersecurity Risks? - Author (May 15, 2017)
  • What You Need to Know to Get Started with Privacy Shield Certification - Author (March 1, 2017) Guidelines for Cybersecurity Will Impact Banks, Insurers, Daily Report - Co-Author (January 2017)
  • Developing Effective Data Governance for the Internet of Things, Today’s General Counsel (November 2016)
  • Practice Fusion's Missteps Provide Guidance for Governance of Online Health Info, Bloomberg BNA - Co-Author (August 17, 2016)
  • Safeguarding Your Financial Institution Against Cyber Breaches, ABA Banking Journal - Author (January 2016)
  • New Year's Resolution for GCs in 2016: Establishing a Data Governance Committee - Author (January 2016)
  • Data Security and Vendor Agreements: The Chain is Only as Strong as the Weakest Link, Association of Corporate Counsel - Co-Author (November 24, 2015)
  • Cybersecurity Liability: The Critical Questions, HOTELSMag.com (October 16, 2015)
  • 10 Best Practices to Protect Student Records, CSO Online - Author (July 2015)
  • Best Practices for Credit Unions That Outsource Technology, Credit Union Business - Author (February 20, 2015)
  • 5 Crucial Mobile Due Diligence Questions, Credit Union Times - Author (December 29, 2014)
  • Outsourcing the Branch: Community Banks and Mobile Banking Vendors - Co-Author (December 17, 2014)
  • Best Practice Considerations for Financial Institutions Outsourcing Technology Services based upon the Financial Institution Examination Council's Information Technology Examination Handbook - Author (December 11, 2014)
  • Ninth Circuit Clarifies Notice Requirements for Browse-Wrap Agreements (August 2014)
  • FTC's Wyndham Ruling Raises Data Security and Privacy Issues for Franchisors, Law Journal Newsletters Franchising Business & Law Alert - Co-Author (July 2014)
  • Better Call the Data Governance Committee, Corporate Counsel - Co-Author (May 6, 2014)
  • Federal Privacy Legislation On The Horizon, Law360 - Co-Author (April 25, 2014)
  • FTC Secures an Early Victory in Its Battle for Data Privacy Authority - Co-Author (2014)
  • 20 Keys to Understanding and Establishing Communications Protocols for Risk Assessments, Inside Counsel - Author (March 31, 2014)
  • The GC's Role in Ensuring Compliance in the Payment Card Processing Environment, Inside Counsel - Author (March 10, 2014)
  • Effective Vendor Management for Data Governance and Security Control, Inside Counsel - Author (February 25, 2014)
  • Communications with Boards of Directors Regarding Privacy and Information Security Governance, Inside Counsel, Author (February 10, 2014)
  • IT Leaders: Game-Changers for Governance, Security, Baseline - Author (February 5, 2014)
  • Establishing a Data Governance Committee as Part of 2014 Strategic Priorities, Inside Counsel - Author (January 27, 2014)
  • Social Media: A Brave New World of Engagement Exploring the Emerging Risk, Legal and Regulatory Issues in Social Media - Co-Author (January 2014)
  • Law Department Leadership, Growing the IT Relationship and Data Risk Management As 2014 Priorities, Inside Counsel - Author (January 13, 2014)
  • The High Cost of Being Unprepared - Author (September 2013)
  • Shopping, mobile trends drive banks to P2P, Atlanta Business Chronicle - Author (September 2013)
  • Top Ten Key Privacy and Security Due Diligence Requests for Mergers and Acquisitions - Author (July 23, 2013)
  • Contracting in a World of Data Breaches and Insecurity: Managing Third-Party Vendor Engagements, LexisNexis - Author (May 2013)

Events/Speaking Engagements

  • It's Not If...It's When: Understanding Cyber Threats and Preparing Your Business - Speaker (December 2018)
  • Active Cyber Defense Challenge - Speaker (Tuesday, November 13, 2018)
  • Data Use and Privacy in Financial Services - Speaker (August 17, 2018)
  • Deals and Data: Navigating Transactions Involving Data in the Current Legal Landscape - Speaker (August 1, 2018)
  • ISACA Atlanta Chapter - Speaker (June 29, 2018)
  • FinTech South 2018 - Program Co-chair (May 7-8, 2018)
  • Advanced Topics in Franchising and Distribution: Crisis Mitigation and Management - Panelist (March 16, 2018)
  • Unwrapping the EU’s General Data Protection Regulation - Panelist (February 21, 2018)
  • Adapting Client Service to a Changing Regulatory Environment - Speaker (November 8, 2017)
  • Blockchain Nation: Today's Bubble or Transformational Technology - Panelist (June 23, 2017)
  • Planning for Change: Industry, Economy, Technology, Financial Planning Association of Georgia's Regional Symposium - Presenter (May 24, 2017)
  • Data Privacy and Cybersecurity, South Carolina Risk Management Seminar 2017 - Speaker (May 18, 2017)
  • Regulatory Issues for Financial Institutions - Speaker (May 18, 2017)
  • Consumer Data at DIG SOUTH Innovation Conference - Co-Presenter (April 25, 2017)
  • Consumer Data Deep Dive: The Legal and Regulatory Requirements for the Collection, Processing, Sale, Transfer, and Use of Consumer Data in the US and How It Impacts Your Business, DIG SOUTH Innovation Conference (April 2017)
  • Cyber Security Best Practices: Prepare, Contain, Respond, Frazier & Deeter's CPE Event - Panelist (December 9, 2016)
  • Sixth Annual Next Generation Manufacturing Signature Event - Panelist (September 22, 2016)
  • Georgia Society of CPA/RMA Cybersecurity Panel - Panelist (September 20, 2016)
  • Cyber Security, Midtown Business Radio - Speaker (May 12, 2016)
  • Protecting Guest and Employee Data, Hospitality Security Bootcamp (January 26, 2016)
  • Student Data Privacy and Your Software Terms of Service, LearnLaunch Across Boundaries Conference: Harvard Business School (January 22, 2016)
  • Continuing Legal Education Information Lifecycle Governance: Proactive Perspectives (January 21, 2016)
  • A Treasure Trove of Evidence but X Doesn't Mark the Spot: Identifying and Collecting Valuable Evidence Created by Smart Devices and Big Data to Bolster Your Defenses - Speaker (October 2015)
  • E-discovery and the use of the technology section State Bar of Georgia (October 2015)
  • Privacy Implications for Smart Devices and Social Media in the Workplace, LexisNexis - Co-Presenter (June 2015)
  • Protecting Student Data While Promoting Learning and Innovation in the Education Technology Sector, Boston Education Technology (May 2015)
  • ACC South Carolina Midyear Meeting (May 1, 2015)
  • Cybersecurity in the Financial Institution: Establishing Compliance in 2015, Association of Corporate Counsel-- Charlotte (February 25, 2015)
  • Cybersecurity for ACC Charlotte - Presenter (February 25, 2015)
  • Privacy: Consumer Law in the Digital Age, South Carolina Bar's Consumer Law Section Convention Seminar (January 22, 2015)
  • 2014 Cyber Risk Management Boot Camp (October 7, 2014)
  • Cybersecurity & Electronic Information Management: Improving E-Readiness and Reducing Risk, Association of Corporate Counsel CLO Roundtable - Co-Presenter (September 30, 2014)
  • Privacy and Data Security, Risk & Insurance Management Society, Atlanta Chapter - Speaker (September 18, 2014)
  • Mobile Payments, 2014 Financial Services Conference (May 21, 2014)
  • Critical Issues in Risk Management - Reputational, Cyber, Technology and Country Risk, 5th Annual Citadel Directors' Institute (May 2, 2014)
  • Cyber Wise: Understanding Legal and Regulatory Obligations and Preparing Institutional Readiness Plans, New England Board of Higher Education (April 28, 2014)
  • Managing Privacy and Data Security Risks in the Emerging Payments Market, Both in the U.S. and Abroad, American Conference Institute's 7th National Forum on Balancing Innovation with Consumer Protection in Emerging Payment Systems - Speaker (March 25, 2014)
  • The Technology Underlying Emerging Payment Systems: Practical, Legal, and Regulatory Considerations for Attorneys and Compliance Professionals, American Conference Institute's 7th National Forum on Balancing Innovation with Consumer Protection in Emerging Payment Systems (March 24, 2014)
  • Mitigating the Existential Data Breach - Best Practices, LexisNexis - Panelist (March 12, 2014)
  • ALM's 2014 LegalTech Conference - Speaker (February 4, 2014)
  • Responding to Data Breach Incidents, eDiscovery Super Sessions: ALM's 2014 LegalTech Conference - Panelist (January 28, 2014)
  • BDO's 2013 Year-End Business, Accounting, and Tax Update, Preparing and Dealing with White Collar Crime Litigation Support (December 3, 2013)
  • How Compliance Works with HR, Security & Other Teams, Society of Corporate Compliance & Ethic's Southeast Regional Conference in Atlanta (November 1, 2013)
  • Preparing Your Company for a Privacy Rebellion, LexisNexis - Moderator and Panelist (September 2013)
  • Global Movement of Ideas: Social Media, Cable News & Changing World Politics, World Affairs Council of Atlanta's Young Leaders Briefing - Moderator (September 2013)
  • Recent Developments in Privacy Law, Association of Corporate Counsel Chapter Meeting on Strategies and Readiness for Emerging Business Mode - Panelist (July 30, 2013)
  • Contracting in a World of Data Breaches and Insecurity: Managing Third-Party Vendor Engagements, LexisNexis Webinar - Moderator and Panelist (July 2013)
  • Technology Trends and Best Practices to Enhance the In-House Law Department, ACC value challenge, Atlanta, Ga. (April 2013)
  • Privacy and Data Security Trends, Concerns and Best Practices: A Corporate Counsel Roundtable, Shook Hardy and Bacon's Corporate Counsel Institute, Kansas City, Missouri (February 1, 2013)
  • Risk Assurance Practice Group Meeting, PricewaterhouseCoopers - Keynote (August 2012)
  • Litigation Readiness for Companies Without A Lot of Litigation, Association of Corporate Counsel Annual Convention - Panelist (2010)
  • Commencement Speaker, Atlanta Police Academy Cadet Graduation (May 2006)

In the Media

  • Inside: Law department leadership, growing the IT relationship and data risk management as 2014 priorities, Inside Counsel, January 13, 2014
  • Inside: Establishing a Data Governance Committee as Part of 2014 Strategic Priorities, Inside Counsel, January 27, 2014
  • IT Leaders: Game-Changers for Governance, Security, Baseline, February 5, 2014
  • Inside: Communications with boards of directors regarding privacy and information security governance, Inside Counsel, February 10, 2014
  • Inside: Effective vendor management for data governance and security control, Inside Counsel, February 24, 2014
  • Inside: The GC’s role in ensuring compliance in the payment card processing environment, Inside Counsel, March 10, 2014
  • 20 keys to understanding and establishing communications protocols for risk assessments, Inside Counsel, March 31, 2014
  • FTC's Wyndham Ruling Raises Data Security and Privacy Issues for Franchisors, Law Journal Newsletters, July 1, 2014
  • 5 Crucial Mobile Due Diligence Questions, Credit Union Times, December 29, 2014
  • 10 best practices to protect student records, CSO, July 16, 2015
  • Cybersecurity liability: The critical questions, Hotels, October 16, 2015
  • Practice Fusion’s Missteps Provide Guidance for Governance of Online Health Info, Bloomberg Law, August 16, 2016
  • Developing Effective Data Governance For The Internet of Things, Today’s General Counsel, November 28, 2016
  • Guidelines for Cybersecurity Will Impact Banks, Insurers, Law.com, December 27, 2016
  • SEC cybersecurity guidance: What CCOs should know, Fund Intelligence, March 6, 2018
  • SEC Releases New Guidance on Cybersecurity Disclosures and Controls, Law Journal Newsletters, April 3, 2018
Helping clients through an extremely difficult time in their business, earning their trust through their darkest hours and seeing them through to the other side successfully through the diligent exercise of tremendous care is incredibly satisfying work as an attorney. Finding solutions to challenging problems while never losing sight of the clients’ business objectives and culture creates value that we bring to our clients as business-minded lawyers and true partners in all of our client relationships.

Education

  • University of Baltimore School of Law, J.D., 1999
  • University of Georgia, B.A., 1996, Political Science

Bar Admissions

  • Georgia Bar
  • Maryland Bar

Court Admissions

  • United States Supreme Court
  • United States Court of Appeals for the Fourth Circuit

Community Involvement

  • United States Army Reserve, Captain, Judge Advocate General Corps - Honorable Discharge (November 2009)
  • Judge Advocate, 213th Legal Support Organization, Decatur, Georgia (August 2005–November 2007)
  • Trial Counsel, 10th Legal Support Organization, Upper Marlboro, Maryland (June 2001–August 2005)

Professional Affiliations & Memberships

  • National Technology and Security Coalition Advisory Board Member (2019 to date)
  • Cybersecurity Law & Strategy, Editorial Board (2016 to date)
  • Adjunct Faculty Member, Atlanta’s John Marshall Law School, Professor, Business Planning (Spring 2012, Fall 2013)
  • Adjunct Faculty Member, Baltimore City Community College (2002–2004)
  • Technology Association of Georgia, Financial Technology; Information Security; Board of Directors, Steering Committee Member
  • International Association of Privacy Professionals (December 2011)
  • Georgia Bar Association- Franchise Law Section, Member Programming Committee (2009, 2011)
  • The Center for Evidence-Based Cybersecurity Advisory Board, Member 2019-20

Privacy and Security Due Diligence

  • Performed privacy due diligence for multiple major healthcare acquisitions
  • Performed privacy and security rule risk assessment under HIPAA and HITECH for a national skilled nursing care provider
  • Performed privacy and security due diligence for the acquisition of a major digital marketing company
  • Counseled multiple retail organizations in full scale risk assessments and remediations of privacy and security practices
  • Provided legal advice to high level executives and department managers of major retail companies regarding consumer law, consumer protection issues and collections practices, assuring compliance and helping these companies avoid detrimental risk
  • Counseling regarding emerging and new digital offerings (e.g. cloud, software, interactive, analytics, mobility)
  • Represented an international auto manufacturer in the implementation of a global workforce management program in compliance with safe harbor and global data protection
  • Represented an international auto manufacturer in the review and revision of certain data sharing agreements
  • Provided privacy and data security counseling and drafted agreements and policies for a company's roll-out of new E-commerce platform

Data Breach Response

  • Counseled a financial institution through all stages of a data breach incident, including incident analysis and breach containment, incident disclosure (i.e., notification in compliance with all regulatory requirements), loss mitigation, and remediation
  • Counseled a payment processing vendor through all stages of a data breach incident, including incident analysis and breach containment, incident disclosure (i.e., notification in compliance with all regulatory requirements), loss mitigation, and remediation
  • Counseled a major national retailer through a security incident investigation, compliance, risk assessment, and remediation
  • Counseled multiple franchisor companies through a security incident investigation, compliance, risk assessment, and remediation
  • Counseled the domestic subsidiary of a major international company through a security incident investigation
  • Counseled a small accounting firm through a data breach investigation and customer notification
  • Counseled a software as a service (SAAS) provider through a security vulnerability discovery and client notification
  • Counseled multiple E-commerce website companies through security breach investigations
  • Developed Incident Response Plans for large corporations, including identifying stakeholders, establishing communication protocols, drafting policies, identifying and engaging any necessary third party vendors, and developing training documents for employees

Information Management

  • Provided counsel to a large construction company in developing a company-wide document retention policy, including drafting an electronic resources policy and various training documents for effective onsite implementation
  • Provided counsel to a mobile payment processing company in developing a company-wide document retention policy, including drafting an electronic resources policy and various training documents for effective onsite implementation
  • Provided counsel to a nonprofit company in developing a company-wide document retention policy