David chairs both the Privacy and Data Security Practice Group and the Intellectual Property, Technology and Media Litigation Practice Group. He concentrates a substantial portion of his practice on privacy law, data breaches, intellectual property, copyright and trademark infringement, as well as trade secret, trade dress technology and media related litigation. David is experienced defending privacy and intellectual property cases venued throughout the United States and has been litigating cases in federal and state courts since 1994. David is a national and international featured speaker at privacy and data security conferences and seminars. His presentations focus on legal issues and emerging trends in the insurance industry with an emphasis on all areas of privacy, data breach and data security.
David additionally represents design professionals in a variety of construction industry related claims. He has extensive experience representing architects, engineers, surveyors, land developers, commercial property owners, general contractors, subcontractors and commercial landscapers. David has defended clients in cases that involved claims for design errors and omissions and other contractual and negligence claims. Over the past 25 years, he has tried a number of bench trials, jury trials, and arbitrations.
Thought Leadership
Legal Updates for Privacy and Data Security
Vendor Cyber Attack Compromises PII of More Than 3 Million Hunting and Fishing License Holders in Texas
June 30, 2026
The Texas Parks & Wildlife Department (TPWD) announced earlier this month that one of its vendors which handles the sale of state hunting and fishing licenses was the victim of a cybersecurity attack. The threat actor appears to have exfiltrated personal driver’s license information, passport numbers, email addresses, phone numbers and addresses of over 3 million hunting and fishing license holders. The State Parks Department advised that the attack did not compromise social security numbers, dates of birth or financial information. Texas Cyber Command, the state’s new cybersecurity authority formed to protect critical infrastructure and coordinate threat responses across state and local government, reportedly assisted in detecting and containing the attack. TPWD has already set up free credit monitoring for those impacted through Kroll. According to press reports, no specific group has yet been identified as the perpetrator of the theft. TPWD also advised that business has not been interrupted and license sales were continuing. This incident once again demonstrates that cybersecurity is only as strong as the weakest link in the supply chain. Businesses must prioritize security across their own environments and those of their vendors and contractors as well.
Legal Updates for Privacy and Data Security
Identity Theft Resource Center Report Reveals Rising Data Breaches Despite Drop in Mega Breaches
February 19, 2026
The Identity Theft Resource Center (ITRC), a well-known, non-profit identity theft and fraud prevention organization, recently released its 2025 annual data breach report with significant findings for the data breach field. The ITRC tracked 3,322 data breaches in 2025 – an increase of more than 5% compared to 2024. The numbers set a new record for U.S. data breaches tracked by the ITRC over the past 20 years. These numbers also show a 79% jump in data breaches over the last five years. Just as importantly, the number of victim notices that were sent out decreased. In 2024, the ITRC found that over 1.3 million notices had been sent out, while in 2025 less than 300,000 notices were distributed. The ITRC noted that the significant decrease in victim notices was likely due to the lack of “mega-breaches” in 2025 compared to 2024. The ITRC also found that the financial services industry was the most breached industry in 2025 followed by health care, professional services, manufacturing, and education. The ITRC’s president was quoted that they had found “more attacks that are more precise, more automated and more difficult to detect. Consumers can take all of the right steps, businesses can have the best cyber security and still fall victim to criminals.” These findings are significant for the cyber security insurance field. While mega breaches may be decreasing, the overall number of breaches demonstrates that all businesses should be obtaining proper cyber security insurance, and insurance carriers should be aware that while less notices will go out, more claims will be made that can affect both underwriting and the claims procedures. Legal Updates for Privacy & Data Security - February 19, 2026, has been prepared for our readers by Marshall Dennehey. It is solely intended to provide information on recent legal developments and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please contact MeDeSatnick@MDWCG.com. ATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2026 Marshall Dennehey, P.C. All Rights Reserved.
