David T. Cohen
David’s practice focuses on complex litigation, particularly in the area of privacy and data security. He has extensive experience working with corporate clients that have suffered data breaches or have been accused of privacy violations, defending them against class actions and claims asserted by payment card brands and representing them in connection with federal and state government actions. In addition, David advises clients on a range of privacy and data security compliance matters, including the Payment Card Industry Data Security Standard. As an experienced litigator, David also has represented clients in a variety of business disputes outside the privacy and cybersecurity context, including appellate, antitrust, securities, and regulatory matters.
In addition, David is a thought leader in the area of privacy and cybersecurity, publishing extensively on the latest issues in the space and serving as a resource to reporters and others writing on breaking legal developments. David is also an active member of the Sedona Conference Working Group 11 on Data Security and Privacy Liability.
Outside the office, David performs classical vocal music in the New York City area.
- LabMD: Represented LabMD in its successful petition to the U.S. Court of Appeals resulting in the first-ever court decision overturning an FTC cybersecurity action.
- Supervalu Inc.: Represented Supervalu in obtaining full dismissal of all consumer class actions filed over unauthorized network intrusions suffered in 2014.
- Sony: Represented Sony in government investigations stemming from criminal cyber-attacks on certain of Sony’s computer networks.
- Wyndham Hotels & Resorts: Represented Wyndham in securing a favorable settlement to terminate a Federal Trade Commission lawsuit stemming from unauthorized network intrusions into certain Wyndham-branded hotels.
- Heartland Payment Systems: Represented Heartland in obtaining dismissal of issuing bank class actions filed across the nation related to a data security breach.
- Co-author, “DCMS publishes report on IoT security, privacy and safety including draft code of practice for security in consumer IoT products and associated services,” Thomson Reuters’ Computer and Telecommunications Law Review (August 17, 2018)
- Co-author, “What litigating the LabMD case showed us about US cybersecurity regulation,” IAPP’s Privacy Perspectives (June 27, 2018).
- Co-author, “Ninth Circuit’s Flawed Zappos Decision is Cautionary Tale for Corporate Victims of Cyberattacks,” Washington Legal Foundation Legal Backgrounder (May 4, 2018)
- Quoted, “Risk of Harm From Uber Breach Enough for Standing, Drivers Say,” Bloomberg BNA’s Privacy Law Watch (March 19, 2018)
- Quoted, “States Show More Appetite For Litigating After Data Breaches,” WSJ Pro Cybersecurity (March 8, 2018)
- David Cohen, Michelle Visser, Tom Wakefield and Rebecca Harlow, “City Suits: The Next Frontier of Data Breach Actions,” The New York Law Journal (February 21, 2018)
- Doug Meal, Michelle Visser and David Cohen, “With ‘LabMD’ Decision Looming, FTC Workshop Delves into Privacy & Data Security Harms,” The WLF Legal Pulse (December 21, 2017)
- David Cohen, “Is D.C. Circuit’s Data-Breach Standing Decision a Tipping Point for High Court Review?,” The WLF Legal Pulse (October 19, 2017)
- James DeGraw, Michelle Visser, David Cohen, Joseph Santiesteban and Nicole Gelsomini, “FTC’s First Foray into Gig Economy Data Security,” Law360 (August 28, 2017)
- Quoted, “Spokeo Ruling Deals Blow To Cos. But May Have Silver Lining,” Law360 (August 15, 2017)
- Co-author, “High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs,” Bloomberg BNA Privacy and Security Law Report (May 2017)
- David Cohen, Ani-Rae Lovell, “Another Way To Challenge Standing In Data Breach Cases,” Law360 (April 24, 2017)
- Michael Kheyfets, Michelle Visser, David T. Cohen and Adam Winship “A Rigorous Analysis of Class Certification Issues in Consumer Data Breach Litigation,” Bloomberg BNA Privacy and Security Law Report (January 16, 2017)
- Heather Sussman, Doug Meal, David Cohen, and Joseph Santiesteban, “Recent Decisions Highlight Product Cybersecurity Issues,” Law360 (November 18, 2016)
- Seth Harrington, David Cohen and Lindsey Sullivan, “Practical Tips for In-House Counsel From Recent Private Data Security Breach Litigation,” Bloomberg BNA’s Privacy and Security Law Report (September 13, 2016)
- Quoted, “Fears of Big Changes in Class-Action Law Didn't Come to Pass With Spokeo,” Communications Daily (August 5, 2016)
- Deborah Gersh, David Cohen, Caleb Dulis and Jamie Liebert, “LabMD and FTC's Attempt to Expand Data Security Authority,” Law360 (August 3, 2016)
- Doug Meal, David Cohen and Joseph Cleemann, “Amazon Unfair Practice Case May Affect Data Breach Cases,” Law360 (July 1, 2016)
- Michelle Visser, David Cohen and Dan Routh, “Spokeo Decision Narrows the Path for Data Breach Plaintiffs,” The Daily Journal (San Francisco) (July 1, 2016)
- Michelle Visser, David Cohen, and Adam Winship, “Data Breach Plaintiffs Invoking Tyson May Face Difficulties,” Law360 (April 13, 2016)
- Seth Harrington, Michelle Visser, David Cohen and Adam Winship, “FTC Study Could Lead To Changes In PCI DSS Certification,” Law360 (April 6, 2016)
- Heather Sussman, Michelle Visser, David Cohen and Sunil Shenoi, “Oracle Case Expands Pool Of Potential Data Security Defendants,” Law360 (January 14, 2016)
- James DeGraw, David Cohen and Sunil Shenoi, “FCC Expands Data Security Enforcement With Cox Action,” Law360 (November 19, 2015)
- Jason A. Brown, David Cohen and Joe Cleemann, “FTC Is Looking Beyond Consumer Harm Post-Breach,” Law360 (September 30, 2015)
- James DeGraw, David Cohen and Joe Cleemann, “Nomi Highlights Risks Of Publicizing Privacy Policies,” Law360 (May 27, 2015)
- David T. Cohen and Michelle Visser, “Wash. Decision Illustrates Challenges For Breach Plaintiffs,” Law360 (April 13, 2015)
- Doug Meal, Mark Szpak and David Cohen,“St. Joseph Demonstrates Challenges For Breach Plaintiffs,” Law360 (February 26, 2015)
- Quoted, “NY’s Novel Data Security Proposal Likely to Have Wide Appeal,” Law360 (January 27, 2015)
- Douglas H. Meal and David T. Cohen, “Private Data Security Litigation in the United States,” in Inside the Minds: Privacy and Surveillance Legal Issues (Aspatore 2014)
- Douglas H. Meal and David T. Cohen, “Takeaways From 9th Circ. FCRA Ruling Against Spokeo,”Law360 (February 14, 2014)
- Douglas H. Meal, James S. DeGraw, Paul D. Rubin and David T. Cohen, “FTC's Increasingly Aggressive Assertion Of Authority,”Law360 (October 9, 2013)
- Douglas H. Meal and David T. Cohen, “Data Breach Plaintiffs Continue To Face Challenges,”Law360 (July 22, 2013)
- Douglas H. Meal and David T. Cohen, “FTC's Payment Processor Lawsuits Signal Growing Privacy Risks,”Payment Source (July 15, 2013)
- David T. Cohen, “Chevron Ruling Reflects Trend On Song-Beverly's Reach,” Law360 (June 27, 2013)
- Douglas H. Meal and David T. Cohen, “Massachusetts High Court Decision on ZIP Codes Increases Legal Risk for Retailers,”Chain Store Age (May 2, 2013)
- Douglas H. Meal, David T. Cohen and Daniel M. Routh, “Supreme Court’s Clapper Decision Raises Bar For Standing in Data Security Breach Litigation,”
Bloomberg BNA's Privacy and Security Law Report (April 1, 2013)
- Douglas H. Meal and David T. Cohen, “How High Court's Clapper Ruling Will Impact Breach Cases,” Law360 (February 26, 2013)
- Jane E. Willis and David T. Cohen, “Ninth Circuit Brings Greater Scrutiny to Class Counsel's Fees in In re Mercury Interactive Corp.,”Bloomberg Law Reports: Class Actions/Securities Litigation and Enforcement (October 2010)
- Old Rule, New Theory: Revising the Personal Benefit Requirement for Tipper/Tippee Liability Under the Misappropriation Theory of Insider Trading, 47 B.C. L. Rev. 547 (2006), reprinted in Insider Trading: Regulatory Perspectives 1 (C. Vidya ed., 2007)
Ropes & Gray Alerts
- “PCI SSC Releases Version 3.1 of Data Security Standard,” Ropes & Gray Alert (May 19, 2015)
- “Online Retailer Zappos.com Reaches Settlement with Nine Attorneys General Over Data Security Breach,” Ropes & Gray Alert (January 15, 2015)
- “FTC Complaint Against Medical Laboratory Signals Agency’s Continued Intent to Assert Authority in Data-Security-Breach Actions,” Ropes & Gray Alert (September 11, 2013)
- “Federal Trade Commission Chairwoman Calls for Increased Scrutiny of Privacy Practices for Consumer Data,” Ropes & Gray Alert (August 28, 2013)
- “FTC Actions Against Payment Processors Heighten Legal Risks for Service Providers in Privacy Cases,” Ropes & Gray Alert (June 28, 2013)
- “FCC Rules Sellers May Be Vicariously Liable for Third-Party Telemarketers’ Violations of Telephone Consumer Protection Act,” Ropes & Gray Alert (May 17, 2013)
- “On-Line Sales of Shipped Goods Held Outside Reach of California’s Song-Beverly Credit Card Act,” Ropes & Gray Alert (May 6, 2013)
- “Massachusetts High Court Decision Regarding ZIP Codes Increases Consumer Litigation Risk for Retailers,” Ropes & Gray Alert (March 19, 2013)
- “Supreme Court’s Clapper Decision Raises Bar for Standing in Data Security Breach Litigation,” Ropes & Gray Alert (March 4, 2013)
- “FTC Settles with Device Manufacturer HTC America over Charges that HTC Products Had Security Design Flaws,” Ropes & Gray Alert (February 28, 2013)
- Speaker, “Practical Tips from 2015 Data Breach Litigation Decisions and Enforcement Actions,” ACC-SFBA CLE Lunch Seminars (January 2016)
- Presenter, “Developments in Private Litigation and Regulatory Enforcement Stemming from Data Security Breaches,” Lawline Seminar (August 13, 2015)
- Speaker, “Ropes & Gray West Coast Lunchtime Legal Briefing Teleconference - Navigating the Telephone Consumer Protection Act - When Can You Make That Call or Send That Text?” (September 2013)