David A. Wheeler

Partner

Education

  • Loyola University Chicago School of Law (J.D., 1999), with honors,

    moot court

  • Loyola College in Maryland (M.B.A., 1993)
  • University of Maryland (B.S., 1987),

    Information Systems

Related Services

David is a partner in the Intellectual Property and Data Privacy and Information Governance practice groups. He counsels and defends clients in data, cybersecurity and privacy matters. His practice features a Defense in Depth (DiD) approach to protecting clients and their data, including information governance programs, cybersecurity risk assessment and preparedness, incident response planning, legal and regulatory compliance and security, and privacy and information management needs. He is CIPP certified by the International Association of Privacy Professionals (IAPP).

He provides counsel based on a wide variety of cybersecurity and privacy considerations, including the development of cyber and privacy policies and procedures, cybersecurity and privacy audits, cyber risk mitigation and remediation, cybersecurity and PCI compliance, GDPR compliance, CCPA compliance, employee privacy, record retention and electronic discovery, international and cross-border data transfer, data breach readiness, response and crisis management, and data privacy, security breach, CAN-SPAM Act and TCPA issues. 

David also assists clients in becoming compliant with cybersecurity rules, regulations and initiatives such as those required or issued by executive orders, SEC, FCC, FTC, FCRA, FACTA, FINRA, FFIEC, OCC, state and self-regulatory frameworks. He provides advice to clients on the litigation defense of data privacy, security breach and TCPA class action suits in the United States.

He has handled a wide range of intellectual property issues, including trademark and copyright litigation, new gTLDs and forced recovery of domain names. David has drafted and negotiated a variety of technology services agreements, including EU data processing agreements, cloud services agreements, card payment services agreements, web/app development and webhosting agreements, data sharing agreements, Wi-Fi internet access and services agreements, data center services agreements, call center access agreements, software license agreements, hardware lease/purchase agreements, cyber forensics agreements, and cyber vulnerability and threat remediation services agreements.

Before joining the firm David spent a number of years as a consumer financial services class-action defense litigator, as well as an IP/IT counselor. In the data security and privacy areas, David has applied his technical experience to address personal information collection and use requirements, data security requirements, breach notification compliance, incident response, PCI-DSS compliance and cyber governance counseling.

Clients value David’s three decades of information technology experience, including software development, use and policy development. He quickly assesses the risks and implications of each situation and guides clients toward the best solution for their business goals.
 

Information Technology/eCommerce

  • Advises on data security compliances, incident response, breach notification compliance, data security risk remediation and prelitigation strategy, payment card industry data security standards (PCI-DSS) compliance, EU Safe Harbor and cyber governance and the development of new internal data security governance standards
  • Provides guidance on internet domain name and username forced recovery, purchase, registration and assignment negotiation and counseling, and new ICANN gTLD domain name registry services negotiation and counseling
  • Drafts and negotiates eCommerce transactions, including EDI/XML agreements for Internet-based mortgage lenders, website terms of use agreements, disclaimers, data licensing, co-branding agreements, outsourcing and independent contractor agreements, intellectual property assignments, limited liability company and operating agreements, software licensing agreements and asset purchase privacy due diligence
  • Guides industry-leading telecommunications companies and financial institutions on records retention policies and procedures, CAN-SPAM, privacy and data security issues
  • Advises companies on various technology-related issues including wireless broadband and technology acceptable uses, licensing, transfers and purchases
  • Provides guidance on website, social networks, corporate, and international privacy policies
  • Counsels on retail distribution license development, including addressing issues of cloud services and end-user license agreements
  • Counsels on trademark, branding strategy and prosecution, as well as internet-related trademark infringement matters including domain name recovery, trademark infringement and licensing

Litigation

  • Domain name and trademark infringement litigation
  • Search engine search terms disputes
  • Consumer lending class action litigation with an emphasis on the defense of national banks and mortgage lenders against FHA, ECOA, TILA, HOEPA, FCRA, FACTA, FDCPA, HMDA, RESPA and state consumer lending claims
  • Award of Merit, The National Center for Missing and Exploited Children
     
  • Member, American Bar Association
  • Member, Chicago Bar Association
  • Member, International Association of Privacy Professionals
  • Member, National Bar Association
  • Member, National Black MBA Association