David has a business law practice with particular focus on privacy, cybersecurity, and technology law. David is the National Co-Leader of the firm’s Privacy & Cybersecurity practice and serves as breach coach and counsel in cyber incident response for clients across Canada. David regularly advises clients on responding to data breaches, cybersecurity matters, data governance, and data protection/privacy risks in M&A and other commercial transactions. He has a strong background in the Life Sciences/Biotech and Technology sectors and has hands-on experience in the US, Europe, and other cross-border settings. Prior to joining Miller Thomson, David spent seven years as Senior Compliance Counsel at a large multi-national medical device and life sciences business. David is also the editor of the firm’s Cybersecurity Blog.

David has helped Canadian and foreign-based clients in the private and non-profits sectors respond to a full range of cybersecurity and data breach incidents, including managing cross-border privacy and notification aspects of complex breaches. Over the past 18 months, David has advised and/or acted as breach counsel in the matters including the below:

  • Response to and remediation of ransomware attacks as well as related extortion for data theft
  • Business email compromise (BEC) and financial fraud
  • Hacking and phishing attacks by external bad actors
  • Data breach impacting sector-specific requirements
  • Employee data and personal information theft
  • Lost and stolen laptops and other mobile devices
  • Vendor and service provider breaches
  • Advising vendors/data processors

David has also assisted clients in responding to complaints made to Privacy Commissioners and with freedom of information requests.

In his work as privacy counsel, David provides strategic advice in M&A and other commercial transactions, promotional activities and compliant design of systems. As breach coach, he also advises on the privacy aspects of data breaches and cyber incidents. He was involved in compliance projects to prepare for the European General Data Protection Regulation (GDPR) and has years of experience in cross-border matters and in privacy/data protection law from a European Union and Nordic perspective. David has worked on comprehensive audits, policies & procedures, strategic training programs as well as transactional documentation, advising clients on Canadian federal and provincial legislation.

As a commercial lawyer, David assists clients in negotiating a variety of technology and related agreements, including SaaS, NDAs, service provider arrangements, data sharing, and research collaboration agreements. David also acts as de facto General Counsel for a number of technology-focused businesses and organizations, including those in the medical device sector.

David helps clients navigate, manage and mitigate risk related to complex regulatory requirements including anti-bribery, healthcare laws/industry standards, anti-trust, and trade controls but also risks posed by enforcement, cyber security threats, litigation, new business models and M&A activity.