David Rice

About David
David Rice has more than 20 years of experience representing clients on data privacy and security issues, technology transactions, and cloud services and infrastructure. He serves as lead outside counsel advising clients on privacy compliance, handles incident response, and conducts employee training.
David’s clients include Fortune 100 and international companies in industries such as internet services, communications, software, cloud services, social media, app development, health care, entertainment, gaming, government, and education. David is known for his national and international experience, helping to close transactions for services in the United States and 35 other countries in North America, South America, Africa, Europe, and Asia.
David advises clients on a wide range of international, federal, and state privacy and security laws, including the California Consumer Privacy Act, California Privacy Rights Act, General Data Protection Regulation, Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Family Educational Rights and Privacy Act, Telephone Consumer Protection Act, FTC Red Flags Rule, and Computer Fraud and Abuse Act.
David has negotiated hundreds of complex information technology contracts with data privacy implications, including agreements involving cloud services, data sales, marketing, analytics, data centers, networking, databases, colocation, SaaS, IoT, content delivery networks, dark fiber, and IP transit.
A leader in the field, David regularly speaks at conferences, trade organizations, and in-house for companies on emerging issues related to data privacy and security.
Representative Experience
-
Privacy and Security Compliance Plus
Lead outside counsel advising clients on international, federal, and state privacy and security laws, including the California Consumer Privacy Act, California Privacy Rights Act, General Data Protection Regulation, Virginia Consumer Data Protection Act, Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Family Educational Rights and Privacy Act, Telephone Consumer Protection Act, FTC Red Flags Rule and Computer Fraud and Abuse Act.
Advised clients involved in internet technology, networking, social media, app development, communications, sports and entertainment, gaming, health care, manufacturing, education, cannabis, and government regarding data processing.
Advised clients regarding buying and selling personal information, marketing and sales strategies, analytics, AI, privacy policies, supply chain privacy and security risks, privacy program maturity, data mapping, online sales and mobile marketing, data privacy and security due diligence in M&A transactions, and TCPA compliance programs.
Advised clients regarding data subject access requests and handled responses and related disputes.
Drafted privacy policies and assisted clients with related implementation issues.
Developed privacy program for social media platform, including strategies regarding content moderation and data monetization.
Advised state port authority on its information security and incident response program.
Performed a data security audit for an educational institution, which uncovered data processing issues, and advised the institution on best practices and compliance.
Trained legal and IT staff at major utilities and a government transportation entity regarding data security.
Represented global internet company in implementing responses to Edward Snowden leaks regarding government monitoring of internet traffic.
-
Privacy Transactions, Cloud Computing, Networking, Data Centers, and Database Transactions Plus
Negotiated data-related agreements, including data processing agreements, licensing agreements, and SaaS agreements.
Handled GDPR and CCPA vendor agreement updates for numerous clients.
Advised one of the largest global internet companies regarding domestic and international data centers, internet backbone and content delivery networks, and related data security implications. Advised in-house legal, engineers, and other corporate channels.
Negotiated the sale of a major data center for a Fortune 500 company.
Managed a team of ten attorneys and a paralegal in handling data-related technology transactions.
Negotiated a wide range of intellectual property related contracts, including software development agreements, end user licensing agreements, and trademark licensing agreements.
-
Incident Response Plus
Lead outside counsel on numerous data security incident responses, which involved handling global reporting obligations to consumers, regulators, and data protection authorities, and working with law enforcement and forensic IT vendors.
Lead outside counsel responding to wire transfer fraud incidents, including working with law enforcement such as the US Secret Service, forensic IT vendors, and negotiations with affected counterparties.
Represented multiple nonprofit entities whose data was compromised by a widely-reported ransomware attack.
Assisted a global manufacturing and marketing company on a data breach that included access to social security numbers and other sensitive employee data.
Managed response to security breach of a nonprofit resulting in unauthorized access to sensitive information, resulting in fraudulent tax returns; handled press release and consumer notices.
Activities
- CIPP-US Certified by the International Association of Privacy Professionals
- Federal Communications Bar Association, Member
- Pacific Northwest Chapter, Cochair
- International Association of Privacy Professionals, Member
- KnowledgeNet Chapter, Cochair, 2018-2019
- Washington State Bar Association, Member
Recognition
- Selected for inclusion as a Washington Super Lawyer—Rising Star, 2007-2008
Insights from David
- "Cyber Security Attorney Offers Advice on How to Avoid Attacks," League of Oregon Cities, Local Focus Magazine (June 2022)
- "Cyber defences of luxury leaders," Luxury Law Alliance, coauthor (May 2022)
- “Managing Risk: Are You Prepared? Responding to a Data Breach,” Oregon Restaurant & Lodging Association Magazine (Mar. 2022)
- “California Privacy Rights Act: Are You Keeping Up With The Golden State?” Miller Nash, IP & Technology Law Trends (Aug. 2021)
- “SCOTUS Issues Long-Awaited TCPA Ruling Narrowing The Definition Of An Autodialer,” Miller Nash Graham & Dunn, IP Law Trends, coauthor (Apr. 2021)
- “Text Message Marketing Can Cost You Millions,” Miller Nash Graham & Dunn, IP Law Trends, coauthor (Feb. 2021)
- “Washington - Data Protection in the Financial Sector,” OneTrust DataGuidance, coauthor (Jan. 2021)
- “Know How to Balance Student Privacy, Health in Pandemic,” Campus Legal Advisor, coauthor (Dec. 2020)
- “California Is at It Again: The California Privacy Rights Act Makes November Ballot,” Miller Nash Graham & Dunn, IP Law Trends, coauthor (July 2020)
- “Electronic Signatures in Washington: New State Law Should Prompt Employer Best Practices Review,” Miller Nash Graham & Dunn, Employment Law & Labor Relations News You Can Use (June 2020)
- “Managing Data Security and Privacy Issues with Remote Learning Technology,” Miller Nash Graham & Dunn, K-12 Education: News You Can Use (Apr. 2020)
- “CCPA Enforcement Will Not Be Delayed Due to COVID-19: Is Your Business in Compliance?,” Miller Nash Graham & Dunn, IP Law Trends, coauthor (Apr. 2020)
- “Companies Must Evaluate and Respond to Data Security and Privacy Issues Raised by COVID-19,” Miller Nash Graham & Dunn, IP Law Trends, coauthor (Mar. 2020)
- “Washington State Legislature Passes Bill With Major Revisions to Data Breach Notification Statute,” Miller Nash Graham & Dunn, IP Law Trends (May 2019)
- “Follow Six Critical Steps to Manage Privacy, Security Risks in Ed Tech,” Campus Legal Advisor (Dec. 2018)
- “California Enacts First Law Regulating Internet Of Things Devices,” Miller Nash Graham & Dunn, IP Law Trends (Oct. 2018)
- “And Away We Go…UK Information Commissioner’s Office Issues First Formal Notice Under the GDPR,” Miller Nash Graham & Dunn, IP Law Trends (Sept. 2018)
- “FBI Calls Out Data Privacy and Security Risks with Educational Technology,” Miller Nash Graham & Dunn, IP Law Trends (Sept. 2018)
- “The EU’s General Data Protection Regulation (GDPR), Effective May 25, 2018, Will Impact Many United States Businesses,” Miller Nash Graham & Dunn, IP Law Trends (Apr. 2018)
- “CFPB Finds “Deceptive” Data Security Practices Without Consumer Harm and Requires Dwolla to Implement a Written Data Security Plan,” Miller Nash Graham & Dunn, Bank Law Monitor (Apr. 2016)
- “States Are Amending Their Data Breach Laws. Why Should Banks Care?” Miller Nash Graham & Dunn, Bank Law Monitor (Jul. 2015)
- “Hacked,” Miller Nash Graham & Dunn, Cyber-Graham (June 2015)
- "Take a Proactive Approach to Protect Your Institution From Data Breaches,” Campus Legal Advisor (Jan. 2015)
- “Don’t Click that Link! How to Protect Yourself and Your Clients from Hackers,” Washington State Bar Association, 2022 Ethics Institute (Dec. 2022)
- “The Effect of FTC Safeguards Rule Amendments on Colleges and Universities,” Independent Colleges of Washington (Oct. 2022)
- "The Future of Telehealth and Virtual Medicine," Federal Communications Bar Association, Pacific Northwest Chapter, moderator (Dec. 2021)
- "Eyes Over Employees: Cross-Jurisdictional Data Privacy Implications of Employee Surveillance," Employment Law Alliance, moderator (Nov. 2021)
- “Data Security & Data Privacy,” National Federation of Paralegal Associations, 2021 Convention: Continuing Legal Education (Oct. 2021)
- “Industry Survey Chat,” Federal Communications Bar Association, The Converging Communications and Technology Sectors: Industry Regulatory & Legal Issues—An FCBA All-Chapter Event, moderator (Apr. 2021)
- “What IP Lawyers Need To Know About Data Privacy,” King County Bar Association Intellectual Property Section, section meeting (Dec. 2020)
- “Data Security and Privacy: Managing Risks of Remote Work,” Oregon Bioscience Association, Bio, Business and Good Beans, webinar series (June 2020)
- “Dancing Through the Minefield: Addressing Risks in Vendor Contracting,” Washington State Bar Association, Cut Your Losses: Managing Risk as the Stakes Get Higher Seminar (Nov. 2019)
- “Offensive Cyber Security—A New and Shifting Landscape,” Federal Communications Bar Association and International Association of Privacy Professionals, moderator (Oct. 2019)
- “Managing Privacy and Security Risks With Vendors and Suppliers: How Companies are Meeting the Challenge,” Federal Communications Bar Association and International Association of Privacy Professionals (Aug. 2019)
- “The Data Ethics of Emerging Technologies,” DAMA Puget Sound, DAMA Day 2019, panelist (May 2019)
- “Vendor Agreements—Understanding and Managing Privacy and Security Risks,” Oregon State Bar, Technology Law Section Lunch and Learn CLE (Mar. 2019)
- “Advising Clients in a Rapidly Evolving Area of Law: GDPR, CCPA, and Beyond,” Seattle University School of Law, “The GDPR—It Came, We Saw, But Did It Conquer?” CLE (Feb. 2019)
- “Vendor Agreements—Understanding and Managing Privacy and Security Risks,” Cybersecurity Collaborative (Jan. 2019)
- “Big Data: Who Owns It (If Anyone) And What Can You Do with It Once You Have It?” Copyright Society of the USA, Northwest Chapter CLE (Nov. 2018)
- “Data Privacy and Security,” TiE Seattle, Entrepreneur Institute (Nov. 2018)
- “Data Breaches and Government Surveillance,” Cellular Telecommunications Industry Association/Federal Communications Bar Association, Wireless Legal Seminar for the West (Oct. 2018)
- “Internet of Things—Hype or Reality,” Federal Communications Bar Association and International Association of Privacy Professionals (June 2018)
- “Yes: The GDPR Will Apply to U.S. Companies Without a Physical Presence in the EU,” Miller Nash Graham & Dunn (Apr. 2018)
- “Internet & Wireless Infrastructure, Municipal Siting, and Tower Company Trends,” CTIA Wireless Legal Seminar for the West (Nov. 2016)
- “Cyber Security and Cyber Insurance Panel,” Miller Nash Graham & Dunn CEO Brainstorming Meeting (June 2016)
- “Latest Trends in Security,” Society for Information Management Seattle Technology Leadership Summit (May 2016)
- “Legal Quick-Fire,” Entrepreneurs Organization Meeting (Feb. 2016)
- “Understand Your Universe: Know Your Data-Privacy Obligations,” Miller Nash Graham & Dunn Employment Law Half-Day Seminar (Oct. 2014)
- “Emerging Legal Issues in Mobile Communications,” MobileNorthwest 2011 Conference (May 2011)
- “Data Privacy,” Federal Communications Bar Association, Pacific Northwest Chapter Meeting (Dec. 2010)
- “Latest Developments in Privacy,” Federal Communications Bar Association Seminar West (Oct. 2010)

Outside the Office
David enjoys playing and collecting guitars and is a Seattle Sounders FC season ticket holder.