Overview
David has a business law practice with particular focus on privacy, cybersecurity, and technology law. David is the National Co-Leader of the firm’s Privacy & Cybersecurity practice and serves as breach coach and counsel in cyber incident response for clients across Canada. David regularly advises clients on responding to data breaches, cybersecurity matters, data governance, and data protection/privacy risks in M&A and other commercial transactions. He has a strong background in the Life Sciences/Biotech and Technology sectors and has hands-on experience in the US, Europe, and other cross-border settings. Prior to joining Miller Thomson, David spent seven years as Senior Compliance Counsel at a large multi-national medical device and life sciences business. David is also the editor of the firm’s Cybersecurity Blog.
David has helped Canadian and foreign-based clients in the private and non-profits sectors respond to a full range of cybersecurity and data breach incidents, including managing cross-border privacy and notification aspects of complex breaches. Over the past 18 months, David has advised and/or acted as breach counsel in the matters including the below:
- Response to and remediation of ransomware attacks as well as related extortion for data theft
- Business email compromise (BEC) and financial fraud
- Hacking and phishing attacks by external bad actors
- Data breach impacting sector-specific requirements
- Employee data and personal information theft
- Lost and stolen laptops and other mobile devices
- Vendor and service provider breaches
- Advising vendors/data processors
David has also assisted clients in responding to complaints made to Privacy Commissioners and with freedom of information requests.
In his work as privacy counsel, David provides strategic advice in M&A and other commercial transactions, promotional activities and compliant design of systems. As breach coach, he also advises on the privacy aspects of data breaches and cyber incidents. He was involved in compliance projects to prepare for the European General Data Protection Regulation (GDPR) and has years of experience in cross-border matters and in privacy/data protection law from a European Union and Nordic perspective. David has worked on comprehensive audits, policies & procedures, strategic training programs as well as transactional documentation, advising clients on Canadian federal and provincial legislation.
As a commercial lawyer, David assists clients in negotiating a variety of technology and related agreements, including SaaS, NDAs, service provider arrangements, data sharing, and research collaboration agreements. David also acts as de facto General Counsel for a number of technology-focused businesses and organizations, including those in the medical device sector.
David helps clients navigate, manage and mitigate risk related to complex regulatory requirements including anti-bribery, healthcare laws/industry standards, anti-trust, and trade controls but also risks posed by enforcement, cyber security threats, litigation, new business models and M&A activity.
Professional achievements & leadership
- The Canadian Legal Lexpert Directory, Data Protection & Privacy, 2023
- Appointed to Canadian Advisory Board, International Association of Privacy Professionals, 2021-2022
- TMT – Canada, Lexology Legal Influencer Q3 2020
Thought leadership
- Presenter, “Annual Update: Privacy and Cybersecurity Law and Practice,” Osgoode Hall Law School, January 27, 2023
- Co-author, “Canadian Privacy Law 2.0: Artificial Intelligence (AI) and Bill C-11, The Consumer Privacy Protection Act“, Electronic Healthcare Law Review, Volume 10, Number 3, February, 2021
- Presenter, “I think I’ve been Hacked,” Innovation Place, April 28, 2020
- Presenter, “Cross-border Data Management in the Healthcare sector,” Osgoode’s Certificate in Privacy Law in Healthcare, February 10, 2020
- Presenter, “No Longer Science Fiction: Artificial Intelligence and Machine Learning: AI in Practice, Legal,” CBA mid-winter meeting, January 30, 2020
- Author, “Cybersecurity Risks in Medical Devices – Health Canada Adopts Guidance Document,” CPLR Vol 16, 2019
- Editor, MT Cybersecurity Blog
- Guest Lecture, “Privacy Considerations for Developers – University of Saskatchewan,” CMPT 408.3: Ethics & Computer Science, January 13 & 15, 2019
- Presenter, “Compliance – an overview from an in-house counsel perspective,” CPD Program Law Society of Saskatchewan, February 7, 2017
- Presenter, “Developing a Gift & Entertainment Policy,” C-5 2nd Annual Forum on Anti-Corruption, Copenhagen, November 30, 2015
- Presenter, “The Future of Privacy by Design,” DG Connect, European Commission, Brussels, Belgium, October 3, 2014
- Presenter, “Engaging all Levels of the Organization,” Informa Compliance Conference, Stockholm, Sweden, January 28-29, 2014
- Presenter, “Information Governance – Regulation & Legal Requirements,” Big Information Seminar, Canadian Embassy, Stockholm, Sweden, January 15, 2014
- Author, “Privacy by Design: Nice to have or a necessary part of data protection law?,” JIPITEC, Vol.4, 2013
- Author, “Regulating the Cloud: A comparative analysis of the Canadian and European current and proposed data protection Frameworks,” CJLT 1 Vol 10, 2012
Community involvement
- Law Society, CPD Planning Committee
- Saskatchewan Environmental Society, Volunteer
- Office of Innovation Health (Saskatchewan), Member
- CBA Saskatchewan Privacy & Access North, Vice-Chair
Professional memberships
- Member, Law Society of Saskatchewan
- Member, Law Society of Alberta
- Member, Canadian Bar Association
Languages spoken
- English
- Swedish
- German
Bar admissions & education
- Alberta, 2008
- Saskatchewan, 2016
- Masters of Laws (Law & IT), Stockholm University, 2011
- J.D., University of Saskatchewan, 2007
- B.Comm., University of Saskatchewan, 2002
