Transactions, e-Commerce and Online Content

Transactions

  • Outsourcing agreements
  • Cloud computing, Saas, IaaS
  • Information technology services agreements
  • Data security and incident response agreements
  • Intellectual property licensing and royalties (e.g. copyright, trademark, patent, royalty agreements and IP contribution agreements to trade associations, etc.)            
  • Electronic signatures
  • Software development and implementation
  • Marketing and data sharing agreements
  • Managed security services agreements
  • Payment card processing agreements (e.g. merchant agreements, payment processor agreements, payment gateway agreements, service provide agreements)
  • New media licensing
  • Data disposition agreements
  • End-user license agreements – EULAs (e.g. “shrink wrap” licenses, “browser wrap” or “click-through” licenses)
  • Website terms and conditions
  • Linking agreements
  • Non-disclosure agreements
  • Application Service Provider (ASP) and web service agreements
  • Data center and hosting agreements
  • Call-center and customer service agreements
  • Outsourced recruiting and human resources agreements
  • Cyber insurance policies
  • E-government services agreements

E-commerce and online content

  • Compliance with U.S. and foreign laws regulating online business activities and publication of content
  • Electronic signature legal requirements (e.g. E-SIGN, UETA, and similar laws)
  • CDA (Communications Decency Act)
  • Digital Millennium Copyright Act -- DMCA (and similar legislation in other countries)
  • Web 2.0 and new media (e.g. social networking, blogging, message boards, instant messaging, websites, etc.)
  • Uniform Computer Information Transactions Act -- UCITA(state laws based on UCITA)
  • Marketing activities laws (e.g. CAN-SPAM, TCPA, JFPA, etc.)
  • Behavioral marketing principals
  • Spyware and online advertising
  • Anti-Cybersquatting Consumer Protection Act (ACCPA)
  • Export laws (e.g. OFAC requirements, regulations on the export/import, or use of strong encryption, etc.)
  • Consumer protection laws (e.g. required notices and disclosures, opportunity to rescind, records and statements, jurisdiction and forum, unfair and unconscionable terms)
  • Advice on jurisdictional and tax issues relating to online transactions
  • Records retention/records management
  • Conformance with relevant industry standards

Other transaction-related activity

  • Requests for Proposals -- RFPs (e.g government and corporate procurement of IT or IT security products and services)
  • Due diligence services for intellectual property rights, and information privacy and security risks (e.g. mergers and acquisitions, divestitures, technology transfer, product development, expansion into new jurisdictions and globalization of business processes)
  • Intellectual property portfolio review, valuation, and disposition
  • Investment documents (e.g. private placement memoranda (PPMs), prospectuses, and investment memoranda concerning IT and media investments)
  • Research and development grant applications (e.g. for grants relating to information privacy, security or technology) 

Litigation, Alternative Dispute Resolution and Regulatory Proceedings

Litigation, arbitration, mediation and regulatory actions concerning:                                   

  • Data security breaches and identity theft (e.g. personally identifiable information, payment card breaches, etc.)
  • Privacy violations (e.g. improper collection or handling of personal information, privacy policy violations, online behavioral tracking, HIPAA, GLB, etc.)
  • Technology professional services disputes (e.g. software development, online service providers,
  • Intellectual property disputes (e.g. copyright, trademark, patent, DMCA, counterfeit products and services and licensing disputes)
  • Domain disputes (e.g. cybersquatting, deep-linking, framing, ICANN UDRP proceedings, etc.)
  • Online advertising
  • Trade secrets (e.g. abuse of trade secrets, NDA violations, invention ownership, CFAA lawsuits against employees, etc.)
  • Computer crimes
  • Media violations (e.g. defamation, libel, slander, false light, intrusion upon seclusion, commercial misappropriation of commercial likeness, public disclosure of private facts)Unfair and deceptive trade practice violations (e.g. FTC Act, state consumer protection laws, etc.)

E-discovery, electronic evidence and digital forensics

  • Manage forensic team efforts for gathering relevant data
  • Identify relevant data types
  • Coordinate preservation and collection of relevant data
  • Processing, review and analysis of relevant data
  • Production and presentation of relevant data
  • Develop admissibility positions for data

Expert opinions and testimony in cases involving information technology, privacy, or security

 

 

Breach Notification and Incident Response

Planning and Policies

  • Records management (e.g. records retention, litigation hold planning, data classification, records disposal, etc.)
  • Security incident response planning (e.g. breach notice law compliance, HITECH Act, payment card and PCI-DSS breach planning)
  • Written security incident response plans      
  • Third party incident response planning and contracts (e.g. contractually ensuring that vendors are aligned with client’s incident response strategy)

Notice and Response

  • Coordinate incident response team (e.g. forensics, security, public relations, insurance, etc.)
  • Breach notice law applicability analysis
  • Drafting written notices to individuals affected by breach
  • Communication with law enforcement and governmental agencies (e.g. FTC, DOJ, local law enforcement, state attorneys general, etc.)
  • Develop communication strategies
  • Communicate and interact with affected stakeholders (e.g. consumers, employees, merchant banks, payment processors, card brands, issuing banks, etc.)
  • HITECH Act notice response actions
  • Payment card breach notice response actions 

 Litigation Readiness 

  • Establish attorney-client privilege
  • Analyze legal risk of organization due to breach
  • Develop defense strategies and legal theories in the event of litigation
  • Determine mitigating actions of organization 

e-Discover and Electronic Evidence Management 

  • Manage forensic team efforts for gathering relevant data
  • Identify relevant data types
  • Coordinate preservation and collection of relevant data

 

Compliance and Risk Management

Data Privacy and Information Security 

o Data privacy and information security law compliance

  • Breach notice laws (e.g. requiring notice if personal information exposed in a security breach)
  • “Reasonable security” under common law negligence
  • State personal information and privacy laws (e.g. Massachusetts Standards for the Protection of Personal Information, Nevada’s Security of Personal Information law, etc.)
  • Unfair and deceptive trade practice laws (e.g. FTC Act and
  • state equivalents)
  • U.S. financial privacy and security laws (e.g. GLB Act and agency regulations, FFIEC guidance, Bank Secrecy Act, PATRIOT Act, etc.)
  • U.S. healthcare privacy and security laws (e.g. HIPAA, HITECH, and state laws regulating medical data, etc.)
  • Payment Card Industry Digital Security Standard (PCI DSS) (including, card brand security programs, contractual obligations and card brand operating regulations, etc.)
  • Identity theft laws (e.g. Identity Theft Red Flag Rules)
  • Common-law privacy torts (e.g. false light, intrusion upon seclusion, misappropriation of commercial likeness, public disclosure of private facts)
  • Consumer privacy laws (e.g. FCRA, FACTA, etc.)
  • Government privacy laws (e.g. U.S. Federal Privacy Act, E-Government Act, FISMA, etc.)
  • Wiretapping laws (e.g. Electronic Communications Privacy Act)
  • Student and parent data privacy laws (e.g. FERPA/the Buckley amendment, etc.)
  • Data destruction and disposal laws (e.g. state social security disposal laws, FACTA consumer report disposal rules)
  • Child privacy laws (e.g.  COPPA)
  • Electronic voting
  • Website privacy policy and notice laws (e.g. California’s Online Privacy Protection Act)
  • Compliance with industry standards (NIST and OMB standards and guidelines for information security, Common Criteria, ISO 17799 / 27000 / 27001 / 27002, SAS 70, CoBit, OASIS, W3C, OpenID, TCG TPM, etc.)
  • International privacy and data security laws (e.g. EU Data Protection Directive, Canada PIPEDA, UK Data Protection Act, and similar laws in other countries such as Russia, Japan, Australia, Hong Kong, Israel, etc.) 

  o Workplace privacy, employee monitoring and surveillance  

Information Handing and Data Governance

  • Behavioral advertising (e.g. FTC’s Behavioral Advertising Privacy Principles)
  • Web 2.0 and new media (e.g. social networking, blogging, message boards, instant messaging, websites, etc.)
  • Intellectual property (e.g. trade secrets, copyright, trademark, domain name ownership, etc.)
  • Direct marketing – faxing, telemarketing, email marketing (e.g. FTC’s Telemarketing Sales Rule, Telecommunications and Telemarketing Consumer Protection Act, CAN-SPAM, TCPA, Junk Fax Prevention Act, etc.)
  • Privacy and security policy review and development
    • Privacy and security audits and privacy impact assessments
    • Privacy and security policy development and drafting
    • Privacy notices and management of consumer consent
    • Registration and approvals of privacy policies (e.g. from data protection authorities in Europe and elsewhere)
  • Cyber insurance consulting and drafting
    • Policy and endorsement drafting for carriers
    • Traditional policy coverage gap analysis
    • Cyber risk policy coverage analysis
  • Information handling and IT use policies (e.g. email policies, Internet usage policies, web-browsing policies, acceptable use polices, social networking policies and blogging policies)
  • Data retention and disposal practices review and policies
  • Transborder data flow (e.g. EU model contracts, International Safe Harbor, binding corporate rules)
  • Sarbanes-Oxley
  • Bankruptcy and M&A data disposition