W. Scott Blackmer

W. Scott Blackmer

(p) 801.953.3858 (e) sblackmer@infolawgroup.com

Scott Blackmer has practiced information technology law since 1982. Scott has been listed in several peer-reviewed directories of prominent IT lawyers, including the Legal Media Group’s Guide to the World’s Leading Technology, Media & Telecommunications Lawyers.

Formerly a partner in the Washington, DC and Brussels offices of the firm now known as WilmerHale, Scott is a founding partner of InformationLawGroup.  Licensed in Washington, DC and Utah, Scott is currently based in Salt Lake City and works with a view of the mountains.

A frequent speaker and writer on IT law and information privacy and security issues, as well as online financial and investment services, Scott has made presentations or taught seminars on these subjects at numerous industry and professional conferences and at the University of Chicago, Johns Hopkins University, Carnegie-Mellon University, George Washington University, the University of London, the University of Toulouse, the Catholic University of Buenos Aires, the US State Department (Washington, Berlin, Brussels, and Shanghai), the European Commission, the Council of Europe, the International Monetary Fund, the Multilateral Investment Fund, and the Electronic Commerce Promotion Council of Japan.

Scott acts as general counsel to the Trusted Computing Group and XDI.org, and he counsels other industry associations as well as corporations and individual entrepreneurs. He has advised US federal and state agencies and the European Commission on privacy and security issues. Scott also arbitrates Internet domain name disputes brought before the World Intellectual Property Organization (WIPO) in Geneva. Scott has worked on transactions and licensing, compliance issues, litigation, and arbitration matters in over 100 countries. He speaks English and French and has a working knowledge of Spanish, German, Dutch, Italian, and Portuguese.

Practice Areas

  • Intellectual property (with a focus on software patent and copyright licensing, technology transfers, trademark and domain names)
  • Privacy and information security
  • International transactions and multijurisdictional compliance with laws protecting consumers, employees, distributors, franchisees, or investors
  • E-commerce, online financial services, private investment offerings, outsourcing, cloud computing, software as a service, IT standards

Professional Associations

  • American Bar Association: Information Security Committee; Privacy and Computer Crime Committee
  • International Association of Privacy Professionals (IAPP)


  • University of California at Berkeley (Boalt Hall School of Law), JD with honors 1981 (Editor-in-chief, California Law Review)
  • University of Nevada, Las Vegas, BA with honors 1975
  • Brigham Young University, Provo, Utah (1970-73)
  • Université de Grenoble, France (1972)

Bar Admissions

  • District of Columbia
  • Utah
  • Formerly a registered foreign lawyer in the Law Society of England and Wales and the French Order of the Brussels Bar

Subscribe to all posts by W. Scott Blackmer

GDPR: Kids and Other Quirks

For the musically inclined, think of the new EU General Data Protection Regulation (GDPR) as “theme and variations.”  The principles and terminology are standard across Europe, but there are many instances where the application will vary to some extent from country to country.  An example of non-standardization is the varying national age limit, from 13 … Continue Reading

The Long Reach of the GDPR

The Long Reach of the GDPR This is a wake-up call for those who think the new EU General Data Protection Regulation (GDPR), which will be enforced starting in May 2018, is not a serious compliance issue outside Europe.  Here’s why you should care: Your European partners, affiliates, or customers will have to ensure that … Continue Reading

A Reasonable Security Blanket

Fear the data breach.  Companies large and small worry that a security lapse compromising personal information may hurt their customers or employees and expose the organization to costly liability and a damaged reputation.  But recent developments suggest that comfort may still be found in keeping privacy promises and keeping up with “reasonable security” best practices. … Continue Reading

Enforcing Canadian Anti-Spam Law

The Canadian Anti-Spam Legislation (CASL) has aroused concern among marketers on both sides of the border since it started coming into force in July 2014 (some provisions, such as a private right of action, do not take effect until next year). It has stricter consent requirements than the US CAN-SPAM Act, as well as rules … Continue Reading

GDPR: Getting Ready for the New EU General Data Protection Regulation

Four years in the making, the European Union’s General Data Protection Regulation (GDPR) obtained its final legislative approval on April 14, and the final text was published in the Official Journal yesterday.  It will be enforced after a two-year transition, beginning on May 25, 2018, replacing the national laws and regulations based on the venerable … Continue Reading

The New “EU-US Privacy Shield”

Since the European Court of Justice invalidated the fifteen-year-old EU-US “Safe Harbor Privacy Framework” last October, thousands of US companies have been awaiting the results of negotiations between the US government and the European Commission to produce “Safe Harbor 2.0,” a set of protocols to permit the continued flow of personal data between Europe and … Continue Reading

Will Spies Sink Transatlantic Commerce?

The Impact of the Schrems Safe Harbor Decision Here is the latest fallout from Edward Snowden’s public disclosures about NSA snooping on international communications: On Tuesday, the European Court of Justice invalidated the 15-year-old “Safe Harbor Data Protection Framework” under which more than 4500 US companies and organizations are permitted to process data relating to … Continue Reading

European Criticism for Google’s New Privacy Policy

Google's new privacy policy (and its plans to create user profiles across multiple online services) has drawn fire from European data protection authorities. Online and mobile retailers and service providers should take account of a renewed emphasis on transparency and proportionality in collecting data about users. … Continue Reading

Domain Name Extensions Extended Again

ICANN decided Friday to postpone approval of procedures for organizations to propose new generic top-level domains (gTLDs). Companies anticipating the need to protect trademarks in a potentially large number of new gTLDs will have at least a few more months to understand and weigh in on the proposals, and to brace themselves for successive rounds of sunrise filings and domain name disputes as new gTLDs are introduced. … Continue Reading

European Reservations?

German state data protection authorities have recently criticized both cloud computing and the EU-US Safe Harbor Framework. From some of the reactions, you would think that both are in imminent danger of a European crackdown. That's not likely, but the comments reflect some concerns with recent trends in outsourcing and transborder data flows that multinationals would be well advised to address in their planning and operations. … Continue Reading

Mexico’s New Data Protection Law

Mexico has joined the ranks of more than 50 countries that have enacted omnibus data privacy laws covering the private sector. The new Federal Law on the Protection of Personal Data Held by Private Parties (Ley federal de protección de datos personales en posesión de los particulares) (the "Law") was published on July 5, 2010 and took effect on July 6. IAPP has released an unofficial English translation. The Law will have an impact on the many US-based companies that operate or advertise in Mexico, as well as those that use Spanish-language call centers and other support services located in Mexico. … Continue Reading

Quon: US Supreme Court Rules Against Privacy on Employer-Issued Devices

The United States Supreme Court issued its decision today in City of Ontario, California v. Quon, ruling that a public employer's examination of an employee's personal text messages on a government-issued pager did not violate the Fourth Amendment. Justice Kennedy's opinion for the Court remarked that a review of messages on an employer-provided device would similarly be regarded as "reasonable and normal in the private-employer context." … Continue Reading

Do the New EU Processing Clauses Apply to You?

A new set of EU standard contract clauses ("SCCs" or "model contracts") for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU "Article 29" working group on the concepts of "controller" and "processor" under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations. … Continue Reading

Social Networking: Setting Boundaries in a Borderless Brave New World

Social networking entails some risks and responsibilities. It may implicate privacy and labor law, confidentiality and nondisclosure agreements, advertising regulations, defamation, and other legal regimes, across borders in a global medium. Users, and their employers, need to be aware of these risks and responsibilities in deciding how to make best use of social media. … Continue Reading

Information Security Standards and Certifications in Contracting

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data. … Continue Reading

Information Governance

Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations. … Continue Reading

Security Breach Notices for Canadian Data

Notice of significant security breaches involving personal information is recommended under federal Privacy Commissioner guidelines and legally required for custodians of personal health information in Ontario. Albert's new Bill 54, not yet in force, sets a new standard for mandatory notification to the provincial Privacy Commissioner, who can determine whether and how individuals must be notified. … Continue Reading

EU Adopts New Standard Contract Clauses for Foreign Processors

The European Commission has announced a new set of standard contractual clauses to be used in agreements with processors located outside the EU / EEA. The new SCCs represent an effort to better ensure privacy protection when European personal data are passed on to subcontractors in business process outsourcing, cloud computing, and other contexts of successive data sharing. … Continue Reading

Data Integrity and Evidence in the Cloud

Data integrity is a potential challenge in cloud computing, with implications for both operational efficiency and legal evidence. Vendors should consider a standards-based approach to assuring data integrity, and customers should address the issue in due diligence and in contracting. … Continue Reading