David Rice has more than 20 years of experience representing clients on data privacy and security issues, technology transactions, and cloud services and infrastructure. He serves as lead outside counsel advising clients on privacy compliance, handles incident response, and conducts employee cybersecurity training.
David’s clients include Fortune 100 and international companies in industries such as internet services, communications, software, cloud services, social media, app development, health care, entertainment, gaming, cryptocurrency, government, and education. David is known for his national and international experience, helping to close transactions for services in the United States and 35 other countries in North America, South America, Africa, Europe, and Asia.
David advises clients on a wide range of international, federal, and state privacy and security laws, including the California Consumer Privacy Act, California Privacy Rights Act, General Data Protection Regulation, Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Personal Information Protection and Electronic Documents Act, Family Educational Rights and Privacy Act, Telephone Consumer Protection Act, FTC Red Flags Rule, and Computer Fraud and Abuse Act.
David has negotiated hundreds of complex information technology contracts with data security and privacy implications, including agreements involving cloud services, data sales, marketing, analytics, data centers, networking, databases, colocation, SaaS, IoT, content delivery networks, dark fiber, and IP transit.
A leader in the field, David regularly speaks at conferences, trade organizations, and in-house for companies on emerging issues related to data security and privacy.
Privacy and Security Compliance Plus
Lead outside counsel advising clients on international, federal, and state privacy and security laws, including the California Consumer Privacy Act, California Privacy Rights Act, General Data Protection Regulation, Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act, Personal Information Protection and Electronic Documents Act, Family Educational Rights and Privacy Act, Telephone Consumer Protection Act, FTC Red Flags Rule and Computer Fraud and Abuse Act.
Advised clients involved in internet technology, networking, social media, app development, communications, sports and entertainment, cryptocurrency, gaming, health care, manufacturing, education, cannabis, and government.
Advised clients regarding buying and selling personal information, marketing and sales strategies, analytics, AI, privacy policies, supply chain privacy and security risks, privacy program maturity, data mapping, online sales and mobile marketing, data privacy and security due diligence in M&A transactions, and TCPA compliance programs.
Advised clients regarding data subject access requests and handled responses and related disputes.
Handled GDPR and CCPA vendor agreement updates for numerous clients.
Developed privacy program for social media platform, including strategies regarding content moderation and data monetization.
Advised state port authority on its information security and incident response program.
Performed a data security audit for an educational institution, which uncovered data processing issues, and advised the institution on best practices and compliance.
Trained legal and IT staff at major utilities and a government transportation entity regarding data security.
Represented global internet company in implementing vendor responses to Edward Snowden leaks regarding government monitoring of internet traffic.
Incident Response Plus
Lead outside counsel on numerous data security incident responses, which involved handling global reporting obligations to consumers, regulators, and data protection authorities, and working with law enforcement and forensic IT vendors.
Lead outside counsel responding to wire transfer fraud incidents, including working with law enforcement such as the US Secret Service, forensic IT vendors, and negotiations with affected counterparties.
Represented multiple nonprofit entities whose data was compromised by a widely-reported ransomware attack.
Assisted a global manufacturing and marketing company on a data breach that included access to social security numbers and other sensitive employee data.
Managed response to security breach of a nonprofit resulting in unauthorized access to sensitive information, resulting in fraudulent tax returns; handled press release and consumer notices.
Transactions, Cloud Computing, Networking, Data Centers, and Database Transactions Plus
Advised one of the largest global internet companies regarding domestic and international data centers, internet backbone and content delivery networks, and related data security implications. Advised in-house legal, engineers, and other corporate channels.
Negotiated the sale of a major data center for a Fortune 500 company.
Managed a team of ten attorneys and a paralegal in handling technology transactions.
Negotiated a wide range of intellectual property related contracts, including software development agreements, end user licensing agreements, and trademark licensing agreements.
- CIPP-US certified by the International Association of Privacy Professionals
- Federal Communications Bar Association, member
- Pacific Northwest Chapter, cochair
- International Association of Privacy Professionals, member
- KnowledgeNet chapter, cochair, 2018-2019
- Washington State Bar Association, member
- Selected for inclusion as a Washington Super Lawyer—Rising Star, 2007-2008
Outside the Office
David enjoys playing and collecting guitars and is a Seattle Sounders FC season ticket holder.