MenuClose
David F. Herman is an associate in Montgomery McCracken’s Litigation Department. Prior to joining Montgomery McCracken, he completed judicial internships with the Honorable Petrese B. Tucker, Chief Judge, U.S. District Court for the Eastern District of Pennsylvania; the Honorable C. Darnell Jones, Judge, U.S. District Court for the Eastern District of Pennsylvania; and the Honorable Arnold L. New, Coordinating Judge, Philadelphia Court of Common Pleas Complex Litigation Program. David graduated, magna cum laude, from Temple University’s James E. Beasley School of Law in 2014 and received a B.A. in History in 2008 from Franklin and Marshall College.
Follow on Twitter
Jun 29

It wasn’t me! What happens when users are “hacked” but your servers are still secure?

Deutsche Telekom, one of the largest mobile telecommunication companies in the world and the corporate parent of T-Mobile, recently announced that “real and current” consumer passwords were available for anyone to buy on the internet equivalent of the black market.  The precise number of consumers… Read More

Feb 11

Obama’s Cybersecurity National Action Plan: Something for everyone to love (and hate)

This post was co-authored by David F. Herman, an associate in Montgomery McCracken’s Litigation Department. He serves as an editor of the firm’s Data Privacy Alert blog, which focuses on data privacy and cybersecurity issues. David can be reached at 215.772.7614 or at dherman@mmwr.com. In the wake of… Read More

Feb 08

Key Components of FDA’s Draft Guidance for Medical Device Cybersecurity

On January 22, 2016, FDA issued draft guidance to manufacturers regarding the postmarket management of cybersecurity vulnerabilities in medical devices. This draft guidance comes on the heels of draft guidance issued in 2013 to manufacturers on the premarket management of cybersecurity risks related to the… Read More

Jan 29

New Authority for Companies to Monitor and Share Information on Cybersecurity Threats

Private entities have broad new powers to monitor their information systems and share cybersecurity information under the Cybersecurity Act of 2015 (“Act”), which was signed on December 18, 2015 into law as part of the Consolidated Appropriations Act.  Further, private entities are immune from liability… Read More

Sep 15

Pennsylvania Department of Banking Weighs In on Cybersecurity

On Wednesday, the Pennsylvania Department of Banking (“DOBS”) issued a two page letter to the Pennsylvania financial services industry with a succinct, clear message: get your cybersecurity houses in order or else. The DOBS letter specifically highlights the grave risks that accompany the banking industry’s… Read More

Sep 03

In the Wake of Wyndham’s Alleged Mistakes, Businesses Should Review Cybersecurity Policies

This post was co-authored by Michael B. Hayes, a partner in Montgomery McCracken’s Litigation Department.  He serves an editor of the firm’s Data Privacy Alert blog, which focuses on data privacy and cybersecurity issues. Michael can be reached at 215.772.7211 or at mhayes@mmwr.com. The old… Read More

Aug 21

National Cybersecurity Center of Excellence releases its first cybersecurity practice guide: “Securing Electronic Health Records on Mobile Devices.”

As we discussed during a recent webinar, Cybersecurity: A Mid-Year Legal Review, damaging health care data breaches are being reported with increasing frequency. Earlier this year, the FBI issued a private notice to the healthcare industry warning providers that their cybersecurity systems are lax compared… Read More

Jul 20

Is there a “Constitutional Right to Informational Privacy”?

Only July 8, 2015, the National Treasury Employees Union filed the second class action against (now former) OPM Director Archuleta stemming from the massive OPM data breach.  While the plaintiffs in the first OPM data breach lawsuit, briefly discussed here, alleged violations of the Privacy… Read More

Jul 08

Glass Houses: Comparing the FTC’s data security “guidance” against the OPM’s reported data security failures

On June 30th, the Federal Trade Commission issued data security “guidance” for business as part of its “Start with Security” initiative. According to the FTC, its new guidance is drawn from “lessons learned from the more than 50 law enforcement actions the FTC has announced… Read More

Jul 01

FTC announces data security initiative with new guidance for businesses

On June 30, 2015, the Federal Trade Commission announced a new initiative called “Start with Security,” which includes new guidance for businesses that draws on the lessons learned in the more than 50 data security cases brought by the FTC over the years. The new… Read More