David Keating

About David Keating

David Keating focuses his practice on matters involving technology and data and co-leads the Privacy, Cyber & Data Strategy Team. He has advised clients on privacy and security issues arising along the entire data lifecycle for more than 20 years. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, privacy and security issues in transactions, and privacy enforcement matters.

[Read Bio]

State Regulators Form Privacy Law Implementation and Enforcement Group

April 17, 2025 By David Keating and Dorian Simmons

Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency (“CPPA”) and California Attorney General Rob Bonta, the Consortium aims to coordinate enforcement efforts, share priorities, and discuss developments in privacy law. […]

California Attorney General Targets Location Data in New Investigative Sweep

March 12, 2025 By David Keating and Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]

CPPA Board Advances CCPA Regulations to Formal Rulemaking; Adopts New Data Broker Regulations

November 15, 2024 By David Keating, Dorian Simmons and Yin Tydir

On November 8, 2024, the California Privacy Protection Agency (the “CPPA”) Board advanced to formal rulemaking the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and insurance. The CPPA Board also adopted the California Delete Act proposed regulations, which clarify data broker registration requirements and provide definitions […]

More Guidance from HHS on Online Tracking Technologies but Questions Remain

March 20, 2024 By Daniel Felz, David Keating and Sara Pullen Guercio

Health and Human Services (“HHS”) released updated guidance yesterday on the use of online tracking technologies (like cookies, pixels, software development kits (SDKs), etc.) by HIPAA Covered Entities (the “Updated Guidance”). The Updated Guidance amends and supersedes HHS’s original guidance on the use of digital tracking technologies published on December 1, 2022 (the “Prior Guidance”). […]

White House Executive Order to Regulate Transactions Involving Sensitive Personal Data of Americans

February 28, 2024 By Daniel Felz, David Keating, Jason Waite and John Lesko

Today, the White House announced that President Biden will sign an executive order designed to protect sensitive data of U.S. persons from exploitation by identified countries of concern. This executive order is expected to be published later today, and to direct the Department of Justice (DOJ) to issue regulations designed to address transactions that involve […]