Posts tagged contracts

Cloud, cloud computing, Computing, contracting, contracts, privacy, SaaS, schedule, Security, security schedule

Cloud Computing Customers' "Bill of Rights"

By InfoLawGroup LLP on October 11, 2010

Needless to say, due in part to our numerous writings on the legal ramifications of Cloud computing, the InfoLawGroup lawyers have been involved in much Cloud computing contract drafting and negotiating, on both the customer and service provider side. As a result, we have seen a lot in terms of negotiating tactics, difficult contract terms and parties taking a hard line on certain provisions. During the course of our work, especially on the customer side, we have seen certain "roadblocks" consistently appear which make it very difficult for organizations to analyze and understand the legal risks associated with Cloud computing, and in some instances can result in a willing customer walking away from a deal. Talking through some of these issues, InfoLawGroup thought it might be a good idea to create a very basic "Bill of Rights" to serve as the foundation of a cloud relationship, and allow for more transparency and enable a better understanding of potential legal risks associated with the cloud.

contracts, Domain Registrar, Gross Negligence, New York

Court in Domain Hijacking Case, Reminds Parties: You Can't Contractually Limit Liability in NY for Willful or Grossly Negligence Conduct

By InfoLawGroup LLP on September 22, 2010

Under New York law it's settled doctrine that "contractual provisions that 'clearly, directly and absolutely' limit liability for 'any act or omission' are enforceable, 'especially when entered into at arm's length by sophisticated contracting parties.'" And that New York courts "generally enforce contractual waivers or limitations of liability."

assessment, audit, Breach, breach notice, Cloud, cloud computing, Computing, contracting, contracts, Contracts Breach, forensics, incident, incident response, liability, notice, privacy, provider, Regulation, response, schedule, Security, security assessment, security breach, security schedule, service, service provider, service provider liability

What's in Google's SaaS Contract with the City of Los Angeles? Part Three.

By InfoLawGroup LLP on June 23, 2010

This blogpost is the third (and final) in our series analyzing the terms of Google's and Computer Science Corporation's ("CSC") cloud contracts with the City of Los Angeles. In Part One, we looked at the information security, privacy and confidentiality obligations Google and CSC agreed to. In Part Two, the focus was on terms related to compliance with privacy and security laws, audit and enforcement of security obligations, incident response, and geographic processing limitations, and termination rights under the contracts. In Part Three, we analyze what might be the most important data security/privacy-related terms of a Cloud contract (or any contract for that matter), the risk of loss terms. This is a very long post looking at very complex and interrelated contract terms. If you have any questions feel free to email me at dnavetta@infolawgroup.com

Adobe, contracts, Digital signatures, e-signatures

Adobe eSignatures "beta" - Part 2 of 2

By InfoLawGroup LLP on June 23, 2010

In the end eSignatures provided a tantalizing glimpse of a potential esigning future, but one that remains firmly in the distance at this time. Certainly eSignatures is in fact useful at the moment - for a limited range of actions and signings. But unless its more notable shortcomings are timely and completely addressed this will remain a beta that doesn't reach the other shore.

colleges, contracts, FERPA, higher education, universities

Higher Education and Cloud Computing

By InfoLawGroup LLP on June 21, 2010

Institutions of higher learning are often breeding grounds for experimentation and creative approaches to old problems. Thus, it is far from surprising that universities have represented some of the earliest adopters of enterprise cloud computing solutions. Cloud computing is enormously attractive to universities, for a number of reasons, especially when it comes to email. My article, "The Ivory Tower in the Cloud," recently published in Information Security and Privacy News, a publication of the Information Security Committee, ABA Section of Science & Technology Law, briefly explores some of the information security and privacy legal implications for higher education moving into the cloud, and then discusses some recent developments with respect to highly publicized trials of cloud computing services by universities and colleges. You can read the full article here.

AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards

Information Security Standards and Certifications in Contracting

By W. Scott Blackmer on May 26, 2010

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.

compliance, contracting, contracts, privacy, risk management, Security

Contracting for Cloud Computing Services

By InfoLawGroup LLP on May 18, 2010

Nearly every day, businesses are entering into arrangements to save the enterprise what appear tobe significant sums on information technology infrastructure by placing corporate data ''in the cloud.'' Win-win, right? Not so fast. If it seems too good to be true, it probably is. Many of these deals are negotiated quickly, or not negotiated at all, due to the perceived cost savings. Indeed, many are closed not in a conference room with signature blocks, ceremony, and champagne, but in a basement office with the click of a mouse. Unfortunately, with that single click, organizations may be putting the security of their sensitive data (personal information, trade secrets, intellectual property, and more) at risk, and may be overlooking critical compliance requirements of privacy and data security law (not to mention additional regulations). My article "Contracting for Cloud Computing Services: Privacy and Data Security Considerations," published this week in BNA's Privacy & Security Law Report, explores a number of contractual provisions that organizations should consider in purchasing cloud services. You can read the full article here, reprinted with the permission of BNA.

201 CMR 17-00, AES, anonymity, behavioral advertising, breach notification, California, cloud computing, contracts, DPA, Eavesdropping, encryption, EU Data Protection Directive, GLBA, HIPAA, HITECH, IAPP, Kearney, Massachusetts, personally identifiable information, pii, RFID, social networking, spam, SSN, TCPA, telemarketing, text messages, UK ICO, VPPA

Celebrating Data Privacy from A to Z

By InfoLawGroup LLP on January 28, 2010

In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!