David Rice

Photo of David Rice

David is a business attorney and strategic adviser for clients ranging from major international corporations to startups. David regularly advises businesses regarding their collection, storage, and use of data, as well as on finding creative solutions to issues involved with running a successful business. Many of David’s clients are in the online, mobile communications, and energy industries.

Latest Articles

Shortly after the proposed Washington Privacy Act (SB 5367) failed to pass the legislature, Washington is now set to revise its existing data breach law. HB 1071, which passed the legislature on April 22, 2019 and is awaiting the Governor’s signature, would substantially expand the definition of personal information, impose new breach notification requirements such as shortening the period for reporting data breaches, and make various other important revisions. These changes will increase the number of…
Another state may join the movement towards adopting General Data Protection Regulation (GDPR)-like privacy protections. A new privacy bill was introduced in the Washington Legislature on January 17, 2019, called the Washington Privacy Act (SB 5376). The Act would give consumers rights that are similar to those under the GDPR, such as the right to access their data, to update and correct their data, to port their data, to request deletion of their data under…
California has enacted the nation’s first law regulating Internet of Things (IoT) devices, which was signed by Governor Jerry Brown on September 28, 2018. IoT refers to the rapidly-expanding world of internet-connected objects such as home security systems, video monitors, enterprise devices that track packages and vehicles, health monitors, connected cars, smart city devices that manage traffic congestion, and smart meters for utilities. IoT devices promise to bring efficiencies to a broad range of industries…
Since the EU’s General Data Protection Regulation (GDPR) went into effect, we have been anxiously awaiting enforcement activities that would indicate regulator priorities. The waiting is over. It was recently reported that the UK Information Commissioner’s Office (ICO) issued an Enforcement Notice to AggregateIQ Data Services (AIQ) on July 6, 2018. Although the Enforcement Notice was issued in July, it only recently came to light. AIQ is a Canadian analytics firm that was involved with…
Educational technology (“EdTech”) such as unified communications programs, educational software, and networked devices has become an integral part of education due to its ability to help educators, students, and institutions manage information, provide educational materials, and improve administrative functions. But the FBI is now warning of the data privacy risks associated with EdTech. The FBI notes the wide range of personal data that EdTech collects from users: personally identifiable information; biometric data; academic progress; behavioral,…
Who: United States businesses that process (i.e., collect, store, or transmit) the personal information of EU residents in connection with offering goods or services in the EU (online or otherwise) are subject to the GDPR, regardless of whether the business has any physical presence in the EU or any payment is made by the EU resident. What: The GDPR is a comprehensive data-privacy regulation that gives people control over their data in ways that are…
On February 16, 2016, the Consumer Financial Protection Bureau (CFPB) issued a Consent Order relating to certain “deceptive” acts and practices of Dwolla, Inc., an Iowa based payment processor (Dwolla). Dwolla operates a software platform that enables “real time” funds transfers through a digital network that connects banks and credit unions. According to the CFPB, Dwolla had more than 650,000 users and transferred as much as $5 million a day as of May, 2015. The…
Data security and data breach notifications are—or should be—on everyone’s mind these days. Banks are certainly no exception. And banks, in general, are setting good examples for other businesses because banks’ data security systems and incident-response plans are usually up to date, tested for effectiveness, and the subject of board-level discussions. But how many banks are up to speed on the various state-level data-security and data-breach notification laws that may apply to their operations? (Recall…
It Can Happen to You I woke up this morning to a fraud alert from Citibank on my credit card. After going through the Spanish Inquisition to secure my identity, I finally learned what had triggered the alert—a small transaction in Spain. When I attempted to verify that the Citibank people were legitimate and not the hackers, they got indignant. Upon reflection, I realized that putting down a deposit for a flat in London may…