Clicky

Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Tag Archives: contracting

The Duty to Authenticate Identity: the Online Banking Breach Lawsuits

Posted in Reasonable Security

We have entered an era where our commercial transactions are increasingly being conducted online without any face-to-face interaction, and without the traditional safeguards used to confirm that a party is who they purport to be. The attenuated nature of many online relationships has created an opportunity for criminal elements to steal or spoof online identities and use them for monetary gain. As such, the ability of one party to authenticate the identity of the other party in an online transaction is of key importance.
To counteract this threat, the business community has begun to develop new authentication procedures to enhance the reliability of online identities (so that transacting parties have a higher degree of confidence that the party on the other end of an electronic transaction is who they say they are). At the same time, the law is beginning to recognize a duty to authenticate. This blogpost post looks at two online banking breach cases to examine what courts are saying about authentication and commercially reasonable security.

Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?

Posted in Cloud Computing, Cyber Insurance

As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.

Our “Contracting for Cloud Computing” Free Webinar Now Available On Demand

Posted in Cloud Computing

Last week, the InfoLawGroup presented a free one-hour webinar on Contracting for Cloud Computing in conjunction with Zenith Infotech, Ltd and MSPtv.  The feedback received was very positive and our presentation covered a wide-ranging number of contracting issues specifically applicable to cloud computing scenarios. This next installment in our webinar series on cloud computing is… Continue Reading

Data Breach in the Clouds

Posted in Cloud Computing

As we move into 2011 it should be obvious that cloud computing is not a fad, but rather a computing model that is becoming ubiquitous. Cloud computing offers a slew of advantages including efficiency, instant scalability and cost effectiveness. However, these advantages must be balanced against the control organizations may lose over their information technology operations when they are reliant on a cloud provider to provide key processes. The issues that arise out of this loss of control are apparent when considering data breach response and liability in the cloud. When a cloud customer puts its sensitive data into the cloud it is completely reliant on the security and incident response processes of the cloud service provider in order to respond to a data breach. This situation poses many fundamental problems.

Cloud Computing Customers’ “Bill of Rights”

Posted in Cloud Computing

Needless to say, due in part to our numerous writings on the legal ramifications of Cloud computing, the InfoLawGroup lawyers have been involved in much Cloud computing contract drafting and negotiating, on both the customer and service provider side. As a result, we have seen a lot in terms of negotiating tactics, difficult contract terms and parties taking a hard line on certain provisions. During the course of our work, especially on the customer side, we have seen certain “roadblocks” consistently appear which make it very difficult for organizations to analyze and understand the legal risks associated with Cloud computing, and in some instances can result in a willing customer walking away from a deal. Talking through some of these issues, InfoLawGroup thought it might be a good idea to create a very basic “Bill of Rights” to serve as the foundation of a cloud relationship, and allow for more transparency and enable a better understanding of potential legal risks associated with the cloud.

What’s in Google’s SaaS Contract with the City of Los Angeles? Part Three.

Posted in Cloud Computing

This blogpost is the third (and final) in our series analyzing the terms of Google’s and Computer Science Corporation’s (“CSC”) cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com

Adobe eSignatures “beta” – Part 1 of 2

Posted in E-Signatures

At first glance, the seemingly Grand Canyon-wide gap between a verified signature and eSignature’s practice is troubling. However, upon reflection, the lack of individual party verification is less worrying than it appears – at least in corporate scenarios.

What’s in Google’s SaaS Contract with the City of Los Angeles? Part Two.

Posted in Breach Notice, Cloud Computing

This blogpost is the second in our series analyzing the terms of Google and Computer Science Corporation’s (“CSC”) Cloud contract with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In this installment, we will focus on terms related to compliance… Continue Reading

What’s in Google’s SaaS Contract with the City of Los Angeles? Part One.

Posted in Cloud Computing

At the beginning of April, I wrote a blogpost on the City of Los Angeles’ selection of Google Apps to provide the City with Cloud services. As summarized, news outlets reported that Google was willing to compete on various contract provisions in order to win the City’s business. They also identified various contractual concessions Google… Continue Reading

Contracting for Cloud Computing Services

Posted in Breach Notice, Breach Notification, Breach of Contract, Cloud Computing, Cloud Computing Series, Damages, Data Destruction, Data Privacy Law or Regulation, Digital Evidence and E-Discovery, Information Security, Information security contracts, Reasonable Security, Service Provider Breach, Standards

Nearly every day, businesses are entering into arrangements to save the enterprise what appear to
be significant sums on information technology infrastructure by placing corporate data ”in the cloud.” Win-win, right? Not so fast. If it seems too good to be true, it probably is. Many of these deals are negotiated quickly, or not negotiated at all, due to the perceived cost savings. Indeed, many are closed not in a conference room with signature blocks, ceremony, and champagne, but in a basement office with the click of a mouse. Unfortunately, with that single click, organizations may be putting the security of their sensitive data (personal information, trade secrets, intellectual property, and more) at risk, and may be overlooking critical compliance requirements of privacy and data security law (not to mention additional regulations). My article “Contracting for Cloud Computing Services: Privacy and Data Security Considerations,” published this week in BNA’s Privacy & Security Law Report, explores a number of contractual provisions that organizations should consider in purchasing cloud services. You can read the full article here, reprinted with the permission of BNA.

Cloud Providers Competing on Data Security & Privacy Contract Terms

Posted in Cloud Computing

I ran across an interesting article in PC World the other day concerning a head-to-head competition between Google Apps (Google’s SaaS offering) and Microsoft’s Office to provide certain day-to-day applications to the City of Los Angeles.  The end result of this competition is that Google will be providing Google Apps (SaaS) to the City of Los… Continue Reading

Developing an Information Security and Privacy Schedule for Service Provider Transactions (Part Two)

Posted in Information security contracts, Reasonable Security

In Part One of this blog series, we looked at the proactive nature of a data security and privacy schedule ("Schedule"), and considered the compliance function of a Schedule.  Part Two of this series discusses security incident response contract terms that should be considered for a Schedule.  In addition, we look at more traditional "risk… Continue Reading

Developing an Information Security and Privacy Schedule for Service Provider Transactions

Posted in Information security contracts, Reasonable Security

It is a very interesting time for information security and privacy lawyers. Information technology and the processing, storage and transmitting of sensitive and personal information is ubiquitous. At the same time (and likely as a result of this ubiquity) the legal risk and regulatory compliance environment poses increased threats and potential for significant liability. Finally,… Continue Reading

Compliance as a Service (CaaS): The Enabler Role of Legal, Security and Privacy Professionals

Posted in Cloud Computing

Cloud computing promises incredible benefits for companies looking for inexpensive and scalable computing solutions without the need (or the costs or employees) to do it all themselves. However, as foreshadowed in the InfoLawGroup’s “Legal Implications of Cloud Computing” series (see Part One, Part Two and Part Three) data security, privacy and legal compliance issues are beginning to cause great concern. Stories like this highlight these concerns. High profile information security snafus (fairly or unfairly) have also stoked the fire: Rackspace power outage, Amazon denial of service attack, and the Sidekick Data Loss. Data leakage is maybe problematic as well based on Cloud architecture. In fact, the InfoLawGroup has encountered some companies that are taking a pass on cloud computing (“v. 1.0″) because of regulatory, privacy and security concerns. Do these compliance concerns threaten the Cloud computing model or potentially reduce the cost benefits it promises?

Legal Implications of Cloud Computing — Part Three (Relationships in the Cloud)

Posted in Cloud Computing, Cloud Computing Series, Special Series

While there is much debate on the IT side as to whether Cloud computing is revolutionary, evolutionary or “more of the same” with a snazzy marketing label, in the legal context, Cloud computing does have a potential significant impact on legal risk. Part three of our ongoing Cloud legal series explores the relationships in the Cloud, and the potential legal implications and impacts suggested by them.

Legal Implications of Cloud Computing — Part One (the Basics and Framing the Issues)

Posted in Cloud Computing, Cloud Computing Series, Special Series

I had the pleasure of hearing an excellent presentation by Tanya Forsheit on the legal issues arising out of cloud computing during the ABA Information Security Committee’s recent meeting (at the end of July) in Chicago. The presentation resulted in a spirited debate between several attorneys in the crowd. The conversation spilled over into happy hour and became even more interesting. The end result: my previous misunderstanding of cloud computing as “just outsourcing” was corrected, and now I have a better appreciation of what “the cloud” is and the legal issues cloud computing raises.