David Wheeler


 (312) 606-8657
 (312) 630-9233
Download vCard
 Print PDF

I represent and counsel companies with issues related to information governance programs, cybersecurity risk assessments and preparedness, incident response planning, as well as legal and regulatory compliance. My background as a software developer allows me to grasp the technical aspects of each matter and provide a higher level of counsel on my clients’ intellectual property, technology audits, proprietary technology protection, privacy, and data cybersecurity issues.

Clients are quickly guided toward the best solution for their business goals from an assessment of the risks and implications of each situation. I handle a wide variety of intellectual property issues, including trademark and copyright prosecution and litigation, new gTLDs, and forced recovery of domain names. I have drafted and negotiated a range of technology services agreements, from cyber forensics and vulnerability agreements to E.U. data processing and cloud services agreements. I assist clients with becoming compliant with cybersecurity rules, regulations, and initiatives such as those required or issued by Executive Orders, SEC, FCC, FTC, FCRA, HIPAA/FACTA, FINRA, FFIEC, OCC, state and self-regulatory frameworks, such as PCI-DSS. I also resolve social media issues, including addressing false statements, harassment, and infringement issues associated with social media platforms.

Throughout my career, clients have been in a broad range of industries, including industrial, financial, entertainment, education, hospitality, energy, transportation, and medical. Clients value my three decades of information technology experience, including:

  • Development of cyber and privacy policies and procedures
  • Cybersecurity and privacy audits
  • Cyber risk mitigation and remediation
  • PCI, GDPR, and CCPA and other state law compliance
  • Employee privacy
  • Record retention and electronic discovery
  • International cross-border data transfer
  • Data breach readiness
  • Response and crisis management
  • Data privacy and security breach
  • CAN-SPAM Act
  • TCPA class action issues

I have approached software from a variety of disciplines. Spending nearly a decade focusing on software policy at large national law firms, I gained experience as a consumer financial services class-action defense litigator and IP/IT counselor. Prior to that, I used trading software as an investment banker and currency trader for First Chicago Capital Markets and as a telecommunication consultant for Bank of America’s international trade bank. Early in my career, I was a software developer for eight years working for a Department of Defense contractor.

J.D., Loyola University Chicago School of Law, 1999

  • Moot Court Honors

M.B.A., Loyola College in Maryland, 1993

B.S., Information Systems, University of Maryland, 1987

  • Data security compliances, incident response, breach notification compliance, PCI-DSS compliance, and cyber governance counseling, E.U. Safe Harbor
  • Internet domain name and username forced recovery, purchase, registration and assignment, negotiation and counseling, and new ICANN gTLD domain name registry services negotiation and counseling
  • eCommerce transactions, including EDI/XML agreements for Internet-based mortgage lenders, web site terms of use agreements, disclaimers, data licensing, co-branding agreements, outsourcing and independent contractor agreements, intellectual property assignments, limited liability company and operating agreements, software licensing agreements, asset purchase privacy due diligence
  • Counsels industry leading telecommunications companies and financial institutions on records retention policies and procedures, CAN-SPAM, privacy and data, security issues
  • Advises companies on various technology related issues including wireless broadband and technology acceptable uses, licensing, transfers and purchases
  • Website, social networks, corporate, and international privacy policy counseling

  • Domain name and trademark infringement litigation
  • Search engine search terms disputes
  • Consumer lending class action litigation with an emphasis on the defense of national banks and mortgage lenders against FHA, ECOA, TILA, HOEPA, FCRA, FACTA, FDCPA, HMDA,
  • RESPA and state consumer lending claims

  • Represented a global software services provider regarding retail distribution license development, including addressing issues of cloud services and end-user license agreements.
  • Represented a major university regarding a data breach dating back several years affecting current students and alumni. Counseled on breach response, data security risk remediation and pre-litigation strategy.
  • Represented a major hotel chain in a data breach that involved significant exposure of customer credit cards at several locations. Handled breach response, advised on payment card industry data security standards (PCI-DSS) and developed new internal data security governance standards.
  • Counseled a public transportation system on trademark, branding strategy and prosecution, as well as internet-related trademark infringement matters including domain name recovery, trademark infringement and licensing.

  • National Black Lawyers Top 100 (2015-present)
  • Award of Merit, the National Center for Missing and Exploited Children

  • Author, “The Inevitability of Cyber Breaches: How to Prepare for When it Happens,” National Association of Real Estate Investment Managers, August 1, 2014
  • Co-Author, “Chapter 5: Privacy and Social Media,” McGrady on Social Media, LexisNexis, 2011
  • Co-Author, “Addressing The Legal Challenges of Federated Identity Management,” BNA
  • Privacy & Security Law Report, March 3, 2008

  • American Bar Association Cybersecurity Conference – Election Security August 2018
  • DRI Speaker on Legal Standard of Care for Cybersecurity 2018
  • ABA New York 2018
  • Speaker, “Law Firm Cybersecurity and Ethical Obligations”, October 17, 2017
  • Speaker, “NIST Cybersecurity Framework and Ethical Obligations”, August 10, 2017
  • Panelist, “What Every In-House Counsel Should Know about IoT, Data Analytics and Machine Learning Roundtable”, June 21, 2017
  • Panelist, “Protecting Organizational Assets Against Evolving Cyber Threats”, June 21, 2017
  • Speaker, “Preparing for and Defending Clients in Cybersecurity Litigation”, May 12, 2017
  • Panelist,  “Webinar on Engaging State Lawmakers on Issues of Cybersecurity”, January 27, 2017
  • Panelist, “Cybersecurity Table Top Exercise,” ABA Section of State and Local Government law, November 17”, 2016
  • Panelist, ABA Cybersecurity Taskforce State and Local Governments, “Cybersecurity Table Top Exercise”, November 16, 2016.
  • Panelist, “Cyber Security & Compliance,” National Association of Real Estate Investment Managers, November 12, 2015
  • Panelist, “Navigating the Internet-of-Things (IoT) Implications” webinar, The Knowledge Group LLC, October 26, 2015

  • American Bar Association Cybersecurity Legal Task Force (August 2019 -present)
  • Chair, Homeland Security/Emergency Management Committee (August 2019-present)
  • CIPP, Certified Information Privacy Professional (2004-present)
  • Member, International Association of Privacy Professionals (2004-present)
  • Member, American Bar Association (1999-present)
  • Member, Chicago Bar Association (1999-present)
  • Member, National Bar Association (1999-present)
  • Member, National Black MBA Association (1993-present)