Insights on legal defensibility,outsourcing

Binding Corporate Rules, clauses, cloud computing, consent, contract, controller, EU, EU Data Protection Directive, EU Directive, European Union, offshoring, outsourcing, processor, Safe Harbor, sstandard, standard contractual clauses

Do the New EU Processing Clauses Apply to You?

By W. Scott Blackmer on June 10, 2010

A new set of EU standard contract clauses ("SCCs" or "model contracts") for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU "Article 29" working group on the concepts of "controller" and "processor" under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations.

Read more

AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards

Information Security Standards and Certifications in Contracting

By W. Scott Blackmer on May 26, 2010

It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.

Read more

agility, best practices, compliance, IAPP, information governance, IT, Law, legal defensibility, outsourcing, privacy professionals, risk, Security, security breach, technology, whitepaper

Privacy's Trajectory

By InfoLawGroup LLP on March 14, 2010

As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, "A Call For Agility: The Next-Generation Privacy Professional," tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.

Read more

cloud computing, EU Directive, international data transfers, model contracts, outsourcing, standard contract clauses, standard contractual clauses, transborder data flows

EU Adopts New Standard Contract Clauses for Foreign Processors

By W. Scott Blackmer on February 08, 2010

The European Commission has announced a new set of standard contractual clauses to be used in agreements with processors located outside the EU / EEA. The new SCCs represent an effort to better ensure privacy protection when European personal data are passed on to subcontractors in business process outsourcing, cloud computing, and other contexts of successive data sharing.

Read more

Breach, contracting, e-Discovery, Electronic evidence, EU Directive, IaaS, outsourcing, PaaS, privacy, SaaS, Security, service provider

Legal Implications of Cloud Computing -- Part One (the Basics and Framing the Issues)

By InfoLawGroup LLP on August 16, 2009

I had the pleasure of hearing an excellent presentation by Tanya Forsheit on the legal issues arising out of cloud computing during the ABA Information Security Committee's recent meeting (at the end of July) in Chicago. The presentation resulted in a spirited debate between several attorneys in the crowd. The conversation spilled over into happy hour and became even more interesting. The end result: my previous misunderstanding of cloud computing as "just outsourcing" was corrected, and now I have a better appreciation of what "the cloud" is and the legal issues cloud computing raises.

Read more