David T. Cohen

Of Counsel

New York

Read full biography at www.orrick.com
David Cohen provides strategic litigation defense counsel across many business sectors to help clients navigate complex privacy and cybersecurity litigation and enforcement matters. He counsels companies that have suffered a data breach or are accused of privacy violations, including those related to biometric privacy, and defends them against the class action litigation or regulatory actions by state attorneys general and the Federal Trade Commission (FTC) that frequently follow. David’s matters have included some of the most closely watched privacy and cybersecurity actions in U.S. history, including the groundbreaking defense of LabMD in LabMD v. FTC where he helped to persuade the U.S. Court of Appeals for the Eleventh Circuit to become the very first court to overturn a cybersecurity enforcement action by the FTC.

David also offers privacy and cybersecurity risk-based counseling to help clients minimize their chances of regulatory scrutiny and litigation. He is a regular contributor to Trust Anchor, Orrick’s Privacy and Cybersecurity blog, and is called upon by industry publications and news sources to weigh in on breaking legal developments. David is also an active member of the Sedona Conference Working Group 11 on Data Security and Privacy Liability.

Posts by: David Cohen

Third Circuit Shire Decision May Spell Trouble for FTC Cybersecurity Enforcement Plans

In June 2018, medical laboratory LabMD obtained the first-ever court decision overturning a Federal Trade Commission (FTC) cybersecurity enforcement action. (The team directing that effort – led by Doug Meal and Michelle Visser – joined Orrick in January 2019). There, the Eleventh Circuit held that an FTC cease-and-desist order imposing injunctive relief requiring LabMD to implement “reasonable” data security was impermissibly vague. In the wake of LabMD, the FTC’s new Chairman, Joseph Simons, stated that he was “very nervous” that the agency lacked the remedial authority it needed to deter allegedly insufficient data security practices and that, among other things, the FTC was exploring whether it has additional untapped authority it could use in this space. In this regard, Chairman Simons and Commissioner Rebecca Kelly Slaughter announced that the FTC is examining whether it can “further maximize its enforcement reach, in all areas, through strategic use of additional remedies” such as “monetary relief.” READ MORE

Roller Coaster Start to the New Year for Biometrics: Rosenbach v. Six Flags and Emerging Biometric Laws

A recent decision from the Supreme Court of Illinois heightens the risks faced by companies collecting biometric information by holding that an individual who is the subject of a violation of Illinois’ Biometric Information Privacy Act—but who suffered no separate harm from the violation—is an “aggrieved party” with a cause of action under the statute. Rosenbach v. Six Flags Entertainment Corp., No. 123186 (Ill. Jan. 25, 2019). This decision will only further embolden plaintiffs’ lawyers to bring biometric privacy suits, and the risk to companies collecting biometric information will likely increase as newly enacted and proposed legislation comes into effect. In this post, we discuss what happened, what is on the horizon, and some steps to consider. READ MORE

Rivera v. Google Bolsters Article III Challenges to Privacy Suits – But Risks Remain

Rivera v. Google, a recent federal court decision from the Northern District of Illinois, highlights how challenges to Article III standing are a versatile and useful tool for corporate defendants in privacy and cybersecurity litigation. At the same time, the litigation underscores the significant legal risk faced by entities that collect biometric information and the consequent need to proactively assess and mitigate that risk. READ MORE