This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at email@example.com
… Continue Reading
This blogpost is the second in our series analyzing the terms of Google and Computer Science Corporation’s (“CSC”) Cloud contract with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In this installment, we will focus on terms related to compliance … Continue Reading
Earlier this month (May 1, 2010), Alberta became the first Canadian province to pass a broad breach notice law (“Bill 54”) as part of their comprehensive data privacy statute, the Personal Information Protection Act (“the Act”; technically, Alberta is the second province to pass a breach notice law in Canada, Ontario previously passed a breach … Continue Reading
The ISSA Journal was recently kind enough to provide me with the opportunity to publish an article entitled "The Legal Defensibility Era" (the cover article for its May 2010 publication, which focuses on legal issues impacting information security). Here is the abstract for the article: The era of legal defensibility is upon us. The legal … Continue Reading
In Part One of this blog series, we looked at the proactive nature of a data security and privacy schedule ("Schedule"), and considered the compliance function of a Schedule. Part Two of this series discusses security incident response contract terms that should be considered for a Schedule. In addition, we look at more traditional "risk … Continue Reading
It is a very interesting time for information security and privacy lawyers. Information technology and the processing, storage and transmitting of sensitive and personal information is ubiquitous. At the same time (and likely as a result of this ubiquity) the legal risk and regulatory compliance environment poses increased threats and potential for significant liability. Finally, … Continue Reading
With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This … Continue Reading
Massachusetts' Office of Consumer Affairs & Business Regulation (OCABR) recently released a revised version of its "Standards for the Protection of Personal Information of Residents of the Commonwealth" (the "Regulation"). This August 2009 version modifies the February 2009 version of the Regulation. The press release for the new revision is here, and the FAQs released by OCABR appear updated to address some of the changes in the regulations.
For ease of reference, ISC has taken the time to create a REDLINED VERSION showing the revisions in the new Regulation. The redlines indicate changes between the February 2009 version and the August 2009 version of the Regulation. Also included below is a summary of some of the more significant changes.
… Continue Reading
I had the pleasure of hearing an excellent presentation by Tanya Forsheit on the legal issues arising out of cloud computing during the ABA Information Security Committee's recent meeting (at the end of July) in Chicago. The presentation resulted in a spirited debate between several attorneys in the crowd. The conversation spilled over into happy hour and became even more interesting. The end result: my previous misunderstanding of cloud computing as "just outsourcing" was corrected, and now I have a better appreciation of what "the cloud" is and the legal issues cloud computing raises.
… Continue Reading