David has a business law practice with particular focus on compliance, privacy, and cybersecurity. David is a Key Contact for Miller Thomson’s cybersecurity practice and is the editor of the firm’s Cybersecurity Blog. He has a strong background in the Life Sciences, Health, Biotech, and technology sectors and has hands-on experience in the US, Europe, and other cross-border settings. Prior to joining Miller Thomson, David spent seven years as Senior Compliance Counsel at a large multi-national medical device and life sciences business.
In his work as privacy counsel, David provides strategic advice on use of technology, promotional activities and compliant design of systems. David advises clients on issues relating to data breaches and cyber threats and works collaboratively on incident preparedness, response and preventative measures. He was involved in compliance projects to prepare for the European General Data Protection Regulation (GDPR) and has years of experience in cross-border matters and in privacy/data protection law from a European Union and Nordic perspective. David has worked on comprehensive audits, policies & procedures, strategic training programs as well as transactional documentation, advising clients on Canadian federal and provincial legislation.
David helps clients navigate, manage and mitigate risk related to complex regulatory requirements including anti-bribery, healthcare laws/industry standards, anti-trust, and trade controls but also risks posed by enforcement, cyber security threats, litigation, new business models and M&A activity.
David’s goal is to provide practical legal advice that is actionable by organizations. His work in this regard includes:
- Drafting and advice on compliant structure of commercial agreements, promotional activities, and other transactions
- Conducting senior-leader led risk assessments and implementation of targeted governance mechanisms
- Drafting and implementation of codes of conduct and related policies and standard operating procedures
- Managing and conducting internal investigations and responses to audits/inspections and assisting in organizational audit-readiness
- Managing due diligence activities in business acquisitions and implementation of risk mitigation strategies in business integrations.
- Article: Cybersecurity Risks in Medical Devices – Health Canada Adopts Guidance Document, (2019) CPLR Vol 16.
- Editor, MT Cybersecurity Blog
- Article: Privacy by Design: Nice to have or a necessary part of data protection law? (2013) JIPITEC, Vol.4
- Article: Regulating the Cloud: A comparative analysis of the Canadian and European current and proposed data protection Frameworks, (2012) CJLT 1 Vol 10.
- Guest Lecture: Privacy Considerations for Developers – University of Saskatchewan, CMPT 408.3: Ethics & Computer Science (Jan 13 & 15, 2019);
- Presentation: “Compliance – an overview from an in-house counsel perspective” – CPD Program Law Society of Saskatchewan (Feb 7 2017);
- Presentation: “Developing a Gift & Entertainment Policy,” C-5 2nd Annual Forum on Anti-Corruption, Copenhagen (Nov 30 2015);
- Presentation: “The Future of Privacy by Design” – DG Connect, European Commission, Brussels, Belgium (October 3, 2014);
- Presentation: Engaging all Levels of the Organization – Informa Compliance Conference, Stockholm, Sweden (January 28-29, 2014);
- Presentation: “Information Governance – Regulation & Legal Requirements” – Big Information Seminar, Canadian Embassy, Stockholm, Sweden (January 15, 2014);
- Law Society, CPD Planning Committee
- Saskatchewan Environmental Society, Volunteer
- Office of Innovation Health (Saskatchewan), Member
- Member, Law Society of Saskatchewan
- Member, Law Society of Alberta
- Member, Canadian Bar Association
Bar admissions & education
- Alberta, 2008
- Saskatchewan, 2016
- Masters of Laws (Law & IT), Stockholm University, 2011
- J.D., University of Saskatchewan, 2007
- B.Comm., University of Saskatchewan, 2002