David Cook

Partner
David Cook is driven, professional and very passionate about his work.
Legal 500
About

David Cook advises on contentious cyber security, privacy, and data protection matters and has done for over 15 years.  He acts for a global client-base that routinely turns to him for advice on a cross-border basis and with significant and complicated legal, regulatory, and reputational implications.

David’s practice covers the range of cyber risk management, governance, and incident reporting issues.  He has extensive experience coordinating high profile and sensitive cyber security incident response and data protection regulatory engagement.  He is routinely engaged to support with regulatory notification, internal investigation and support and representation in the civil and the criminal law jurisdictions.

His practice extends to cyber security technical controls work, which is an area of expertise informed by his background in learning to code at the age of seven years old through to his time spent in a Big 4 professional services consultancy.  That thorough technical understanding underpins David’s position at the forefront of this area of law.

He has delivered training to a number of police teams in how to effectively investigate and evidence cyber crime.  He was invited by Keir Starmer KC, the then Director of Public Prosecutions, to a roundtable meeting of experts considering CPS policy on the prosecution of cyber crime.

He has delivered seminars and key-note presentations to the University of Manchester, University of Derby, Henley Business School and at the National Cyber Security Centre funded centre of cyber security excellence at the University of Lancaster.

Professional QualificationsSolicitor-Advocate in England and WalesSolicitor of the Senior Courts of England and Wales

EXPERIENCE

  • Advised over 150 organisations on cyber security incident response, often involving advice on regulatory investigation, government and law enforcement engagement, and engaging with affected individuals and media.
  • Represented numerous organisations subject to investigation and enforcement under both the Data Protection Act 1998, the GDPR (as applicable in the EU), and the UK GDPR, including:
    • Under both voluntary audit and compulsory audit by way of Assessment Notice.
    • With respect to compliance with an Information Notice.
    • On the imposition of a Monetary Penalty Notice.
    • Providing advocacy by way of Oral Representations to the Head of Enforcement at the ICO. 
    • In appeal before the First-Tier Tribunal.
  • Represented numerous organisations subject to formal investigation and enforcement for cyber security incidents, including under the data protection legislation but also by way of the FCA Handbook and PRA Rulebook, and under the Network and Information Systems Regulations 2018.
  • Successfully engaged with the National Cyber Security Centre on behalf a tech vendor, which led to reform of the Cyber Essentials and Cyber Essentials Plus assessment frameworks.
  • Acted for numerous FTSE100 and listed companies in relation to litigation as a result of data protection and cyber security issues, ranging from data protection compensation claims, to supply chain litigation, and by way of injunction.
  • Acted for organisations in relation to traditional common law privacy torts, including breach of confidence and misuse of private information claims.
  • Successfully represented organisations before the High Court, including obtaining injunctive relief and then subsequently the delivery up of unlawfully held confidential material.

Historical matters of note:

  • 2009 – Acted for a party alleged to have established an online cyber crime members forum and BitTorrent tracker.  The case was discontinued on the basis of a challenge to the technical evidence.
  • 2010 – Acted for a party alleged to have established an online cyber crime members forum and webtorrent-based file sharing service.  The case was discontinued on the basis of a challenge to the technical evidence.
  • 2011 - Acted for a party before the Leveson Inquiry into the culture, practices, and ethics of the press.  The case against the client was discontinued without the individual having to give evidence.
  • 2012 – Represented an individual alleged to have been responsible for a significant cyber security incident affecting an online retailer.
  • 2013 – Provided expert evidence on behalf of a high-profile sportsperson in the top tier national division in respect of allegations of “hacking”.
  • 2013 – Successfully represented a prominent politician in respect of allegations of “hacking”.
  • 2013 – Successfully represented a party in the first appeal of a monetary penalty issued by the Information Commissioner’s Office under PECR. 
  • 2014 – Negotiated on behalf of a white hat hacking group in securing a bug bounty from a well-known global tech platform having discovered a vulnerability in its customer gateway portal.
Languages
  • English
Education
  • University of Liverpool, BSc (Hons), Chemistry, 2000 to 2004
  • College of Law, GDL (Commendation), 2005
  • College of Law, LPC, 2006


    College of Law, Higher Rights of Audience (Civil Proceedings), 2009


    College of Law, Higher Rights of Audience (Criminal Proceedings), 2009

Additional Qualifications

  • Fee Paid Member of the Upper Tribunal and First-Tier Tribunal (Information Rights)

Connect

Phone

+44 (0) 161 2354 030
(Work, Manchester)