• Print
  • |
  • |
  • PDF

Contact David

2801 Alaskan Way, Suite 300
Seattle, WA 98121
T: 206.777.7424

David Rice


David Rice provides strategic advice to clients on data privacy and security, data breaches, technology transactions, and cloud services and infrastructure. David was a pioneer in understanding the legal aspects of collecting, managing, storing, and protecting data. He has over twenty years of experience working with clients on data privacy and security matters.

A significant part of David’s practice includes providing privacy compliance advice, data security audits, handling numerous data incidents, conducting employee cybersecurity training, and managing vendor contracting involving data security. David develops customized policies and procedures for clients to prepare them to respond to data breaches and to implement data security and privacy best practices. His clients have included global internet and communications companies, government entities, software companies, video game companies, educational institutions, banks, energy companies, and utilities.

David has negotiated hundreds of complex vendor contracts, including agreements involving cloud services, data centers, networking, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), databases, colocation, cloud SaaS, content delivery networks, dark fiber, IP transit, communications services and equipment, wireless networks, equipment leases, device trials, HIPAA, and spectrum leases. In addition, David advises online clients regarding social networking issues, online retail sales, terms and conditions, the Internet of Things (IoT), privacy policies, and mobile marketing. Transactions have involved services in 35 different countries in North America, South America, Africa, Europe, and Asia.

David also negotiates a wide range of intellectual property-related contracts, including software development agreements, end user licensing agreements, and trademark licensing agreements. He speaks regularly at conferences and at companies regarding emerging data security and privacy issues.

David is CIPP-US certified by the International Association of Privacy Professionals.

Representative Experience

  • Assisted numerous clients with GDPR compliance, adapted marketing and sales strategies at several companies to meet GDPR requirements, negotiated agreements involving data subject to GDPR, handled privacy impact assessments, prepared privacy policies and handled related work. Handled the GDPR vendor data processing agreement implementation for a Fortune 1000 company, among many others.
  • Advised on GDPR-related data security incidents for several clients, including on notifications to data protection authorities in numerous EU countries.
  • Advised clients regarding the CCPA, including assistance with compliance and vendor management. Developed CCPA policies and provided training. Handled CCPA contract revisions for vendor agreements.
  • Worked with a global internet company to develop and implement responses to Edward Snowden revelations regarding government monitoring of internet traffic.
  • Advised a major government entity with homeland security issues regarding its data breach response program and information security issues. Trained in-house legal and IT staff on data security issues and participated in a simulated data breach exercise.
  • Assisted a major global diversified manufacturing and marketing company that experienced a data breach of social security numbers and other sensitive employee data.
  • Worked with a nonprofit to respond to a hacker intrusion into its human resources database. Sensitive information was stolen and used for identity theft. Help draft the data-breach response notice and developed a press release regarding the response.
  • Helped a fast food franchise manage a data breach caused by an IT software vendor that had conducted maintenance on their system and had inadvertently taken down the system security.
  • Performed a data security audit for an educational institution, which resulted in the discovery that there were different practices for handling data between departments. Advised the institution on harmonizing practices across divisions. Revised policies following the incident.
  • Trained legal and IT staff at major utilities and a government transportation entity regarding data security.
  • Advised a regional bank on compliance with FFIEC data security standards and on preparation for regulatory audits.
  • Advised clients on compliance with the Telephone Consumer Protection Act (TCPA).
  • Regularly presents on topics related to data security and data privacy, including in-house trainings to assist companies in following the best practices for preventing unauthorized access to data.
  • Advised one of the largest global internet companies on domestic and international internet backbone issues, data centers, and content delivery networks, almost all of which had data security implications. Advised in-house legal, engineers and multiple other corporate channels.
  • Personally negotiated hundreds of complex vendor contracts involving technology issues, including agreements involving cloud and SaaS, data centers, networking, colocation, dark fiber, IP transit, communications services and equipment, wireless networks, equipment leases, device trials, spectrum leases, cell tower leases, and many other issues.
  • Negotiated the sale of a major data center for a Fortune 500 company.
  • Managed a team of ten attorneys and a paralegal in handling technology transactions.
  • Advised online clients regarding social networking issues, retail sales, terms and conditions, privacy policies, and mobile marketing.
  • Negotiated a wide range of intellectual property-related contracts, including software development agreements, end user licensing agreements and trademark licensing agreements. Assisted clients with Digital Millennium Copyright Act issues, including takedown notices and interaction with internet service providers and law enforcement.