Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Tag Archives: outsourcing

David Navetta Talks About Service Provider Liability

Posted in In The News

In an article at Dark Reading, David Navetta is quoted concerning vendor limitations of liability and the importance of vendor contracts for managing risk.  InfoLawGroup has written extensively concerning vendor liability and managing risk contractually, especially in the cloud computing context.

Do the New EU Processing Clauses Apply to You?

Posted in Cloud Computing, Data Privacy Law or Regulation, EU, Information security contracts, International, PII, Privacy Law, Regulations, Service Provider Breach, Third Party Beneficiary, Workplace Privacy

A new set of EU standard contract clauses (“SCCs” or “model contracts”) for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU “Article 29″ working group on the concepts of “controller” and “processor” under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations.

Information Security Standards and Certifications in Contracting

Posted in Breach Notification, Breach of Contract, Cloud Computing, Damages, Data Privacy Law or Regulation, Encryption, Financial Services, Information Security, Information security contracts, International, NDA / Confidentiality Agreement, Payment Card Breach Laws, PCI, PII, Plastic Card Security Laws, Privacy and Security Litigation, Privacy Law, Reasonable Security, Regulations, Service Provider Breach, Standards

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer’s data.

Cloud Providers Competing on Data Security & Privacy Contract Terms

Posted in Cloud Computing

I ran across an interesting article in PC World the other day concerning a head-to-head competition between Google Apps (Google’s SaaS offering) and Microsoft’s Office to provide certain day-to-day applications to the City of Los Angeles.  The end result of this competition is that Google will be providing Google Apps (SaaS) to the City of Los… Continue Reading

Privacy’s Trajectory

Posted in Breach Notice, Breach Notification, Cloud Computing, Data Privacy Law or Regulation, Digital Evidence and E-Discovery, Information Security, Massachusetts 210 CMR 17.00, Massachusetts Data Security Regulations, Nevada Security of Personal Information Law, PCI, Privacy Law, Regulations

As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, “A Call For Agility: The Next-Generation Privacy Professional,” tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.

EU Adopts New Standard Contract Clauses for Foreign Processors

Posted in Cloud Computing, Data Privacy Law or Regulation, EU, International

The European Commission has announced a new set of standard contractual clauses to be used in agreements with processors located outside the EU / EEA. The new SCCs represent an effort to better ensure privacy protection when European personal data are passed on to subcontractors in business process outsourcing, cloud computing, and other contexts of successive data sharing.

Legal Implications of Cloud Computing — Part One (the Basics and Framing the Issues)

Posted in Cloud Computing, Cloud Computing Series, Special Series

I had the pleasure of hearing an excellent presentation by Tanya Forsheit on the legal issues arising out of cloud computing during the ABA Information Security Committee’s recent meeting (at the end of July) in Chicago. The presentation resulted in a spirited debate between several attorneys in the crowd. The conversation spilled over into happy hour and became even more interesting. The end result: my previous misunderstanding of cloud computing as “just outsourcing” was corrected, and now I have a better appreciation of what “the cloud” is and the legal issues cloud computing raises.