David focuses his practice on data privacy matters, regularly advising technology companies and healthcare providers on all matters pertaining to privacy and data security, including contract review and negotiation, breach investigation, notification and reporting, and compliance with state, federal and foreign privacy and data security laws such as HIPAA, FERPA, CCPA, GDPR and PIPL. Having served as the Interim Associate Compliance Officer and Director of Privacy of an academic medical center in North Carolina, David offers a unique business perspective for clients that blends awareness of the intricacies of relevant laws with practical advice.

David leads Smith Anderson’s Data Privacy practice and is certified in Healthcare Privacy Compliance (CHPC®). He has extensive experience providing oversight of privacy and security compliance matters, advising on day-to-day emergent issues in an outside general counsel role. David has designed and managed privacy compliance training infrastructure, prepared and revised privacy and information-related policies, procedures and external-facing documentation and managed breach investigation triage and response. He regularly counsels clients in connection with health information management, data use and other vendor contract negotiation and execution.   

David has additional experience with business litigation in state and federal court.

In his spare time, David enjoys running, Wake Forest sports, NASCAR and Canes hockey. David is also an Eagle Scout and a member of Providence Church.

Areas of Focus



  • The Best Lawyers in America®
    • Health Care Law (2024)
    • Product Liability – Defendants (2024)
  • Best Lawyers: Ones to Watch® in America
    • Health Care Law (2023)
    • Privacy and Data Security (2023)
  • North Carolina Lawyers Weekly, Health Care Power List (2023)
  • North Carolina Super Lawyers Rising Star (2017-2022)


  • Wake Forest University School of Law, J.D., 2012
    • Moot Court Board
    • Super Regional Champion, Philip C. Jessup International Law Moot Court Team
    • Student Trial Bar Board
    • CALI Award of Excellence – Products Liability, Criminal Procedure, Pre-Trial Practice
  • Wake Forest University, B.A., 2007

Bar & Court Admissions



  • Treasurer, Health Care Law Section, North Carolina Bar Association
  • American Health Information Management Association, Member
  • American Health Law Association, Member
  • Wake Forest University School of Law Rose Council, Former Executive Council Member
  • Providence Baptist Church
    • Vice Chair of Deacons
    • Life Group Leader
  • Boy Scouts of America
    • Eagle Scout Award
    • Order of the Arrow


Prior to joining Smith Anderson, David:

  • Advised clients on data processing, use, and transfer agreements, vendor contracts, and data transfer mechanisms regarding issues related to state and foreign privacy laws, including CCPA, GDPR, and PIPL.
  • Conducted privacy and security risk assessments and privacy impact assessments and implemented resulting mitigation efforts.
  • Advised educational institution on issues related to FERPA compliance and incident and complaint response.
  • Developed and implemented HIPAA privacy compliance employee training program for academic medical center.
  • Prepared policy and procedure manuals and trainings for health information management departments to address HIPAA privacy requirements related to medical records and release of information.
  • Advised institutional review boards on privacy considerations related to research protocols.
  • Managed investigations of and advised clients on privacy and data security incidents, including breach reporting and notification requirements to federal and state agencies such as the Office for Civil Rights and state attorneys general.
  • Coordinated responses to multiple investigations by federal and state agencies arising from reported complaints and privacy incidents.
  • Counseled healthcare providers on HIPAA, Part 2 substance use confidentiality regulations, and Information Blocking compliance, including drafting of contract terms, policies, procedures, and training.


Events & Programming

  • Speaker, “HIPAA Compliance and Enforcement Update,” North Carolina Association of Healthcare Risk Managers, Asheville, N.C.
    Speaking Engagement
  • Speaker, “Privacy and Information Security,” North Carolina Bar Association, Cary, N.C.
    Speaking Engagement
  • Speaker, “OCR’s Annual Reports to Congress Compliance Update,” Florida Health Information Management Association (FHIMA), Orlando, Fla.
    Speaking Engagement
  • Speaker, “Privacy and Security Rule Enforcement Update,” NCHIMA, Raleigh, N.C.
    Speaking Engagement
  • Speaker, “Lessons Learned from Recent OCR Enforcement of HIPAA Privacy and Security Rules,” SCHIMA, Greenville, S.C.
    Speaking Engagement
Jump to Page

This website uses cookies to enhance your browsing experience and improve functionality. To learn more, you may view our Privacy Policy. By continuing to browse Smith Anderson's website, you are accepting our use of cookies in accordance with our privacy policy.