David Kessler is the Head of Data and Information Risk at Norton Rose Fulbright US LLP and is a thought leader on issues involving discovery, data privacy, records management, and cyber security. David counsels clients on a range of data privacy matters focusing on compliance and cross border data transfers. David has provided advice regarding the Stored Communication Act (SCA), the Health Insurance Portability and Accountability Act (HIPAA), the Children's Online Privacy Protection Act (COPPA) and Family Educational Rights and Privacy Act (FERPA). He also provides advice to multinational clients regarding compliance with EU data protection and privacy laws including the General Data Protection Regulation (GDPR), where he works closely with his colleagues in the EU. David is a Certified Information Privacy Professional (CIPP/E) through the International Association of Privacy Professionals (IAPP).
David acts as global discovery counsel for technology, finance, pharmaceutical and manufacturing companies where he helps them address litigation readiness, cross border discovery complications and acts as special discovery counsel in complex litigations. David focuses not only on tactical e-discovery issues in particular cases, but advises clients regarding strategic e-discovery portfolio management and data governance. For example, David has helped clients with emergency ex parte preservations orders; negotiations with opposing counsel regarding disaster recovery data; establishing that opponents had fabricated e-mails; and developed litigation readiness protocols.
David has a particular focus on cross-border discovery. David was recently the counsel of record for an amicus brief before the United States Supreme Court in United States v. Microsoft addressing the importance of comity in cross border discovery. David has helped clients preserve, collect, process and transfer data from countries all over the world including, by way of example, Australia, Brazil, Canada, China, Germany, India, Italy, Nigeria, Japan, South Africa, Spain, Switzerland, and the United Kingdom. David is a contributor to and has been a faculty member for the Sedona Conference's (one of the world's leading e-discovery organizations) Work Group 6 on International Electronic Information Management, Discovery and Disclosure. David is an adjunct professor at the University of Pennsylvania Law School where he teaches an advanced seminar on "E-Discovery."
As part of his information governance practice, David has advised clients on where and how to store and manage data globally as well as how to integrate record retention, data security and e-discovery into the fabric of their IT infrastructure. Beyond helping clients stand up information governance programs with policies and record retention schedules, David counsels clients on mobile device management, ephemeral data, disaster recovery and business continuity systems and the cloud. He also has represented clients in defensible data disposition projects and examining the contours of their own dark data.
As part of the firms cybersecurity team, David has represented clients both preparing for and responding to cyber incidents. He has drafted and revised incident response plans (IRPs), run table top exercises and helped clients select and contract with forensic and public relations vendors. David has advised clients about the scope of data breaches and the company's obligations to notify the appropriate authorities and the people affected by the breach. Finally, David has represented clients in investigations by the FTC into suspected incidents and the quality of the clients' preparations and response.