David Williams

Career Associate

San Francisco

David Williams, CIPP/US, CIPM is an eDiscovery and Cyber, Privacy & Data Innovation lawyer in the San Francisco office of Orrick, Herrington & Sutcliffe. David advises clients on a broad range of privacy and cybersecurity matters, including compliance and risk management.

David's practice focuses on leveraging his experience of providing insight and guidance on U.S. and E.U. privacy laws to assist clients with their privacy and cybersecurity needs. David works primarily with the eDiscovery and Cyber, Privacy, & Data Innovation groups addressing issues in both privacy issues in the context of litigation and compliance efforts. David assists clients from a broad range of industries and sectors in assessing their current privacy and cybersecurity practices.

David has guided clients through tailored California Consumer Privacy Act (CCPA) compliance programs and has experience evaluating the applicability of European data protection requirements, including the General Data Protection Regulation (GDPR), to U.S. companies.

Before joining Orrick, David was a Privacy Law Clerk at LinkedIn, where he worked with the legal team to develop policies and procedures in preparation for the enforcement of the European General Data Protection Regulation (GDPR). David also addressed privacy and data management questions for LinkedIn services and managed data processing and handling issues for new products.

David also has an active pro bono practice, which has included representing clients in immigration and innocence matters and assisting small and non-profit businesses with their privacy needs.

  • • Guided and managed a multinational multi-level marking company, cloud-based document service company, and financial technology company through tailored compliance programs with the California Consumer Privacy Act.
    • Prepared over a dozen uniquely tailored external and internal privacy notices satisfying both U.S. and international requirements.
    • Simultaneously managed multiple privacy compliance projects for a global technology company and conducted detailed weekly reporting.
    • Completed data mapping exercises for both large and small companies with an emphasis on identifying data handling and processing risks.
    • Developed and maintained a comprehensive state privacy legislative tracker identifying key initiatives and developments in the privacy field for multiple clients.
    • Advised and assisted colleagues through GDPR Article 30 documentation and legitimate interest analysis in connection with data collection and transfer data from EU custodians on three separate matters.