As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.
… Continue Reading
I ran across an interesting article in PC World the other day concerning a head-to-head competition between Google Apps (Google’s SaaS offering) and Microsoft’s Office to provide certain day-to-day applications to the City of Los Angeles. The end result of this competition is that Google will be providing Google Apps (SaaS) to the City of Los … Continue Reading
In Part One of this blog series, we looked at the proactive nature of a data security and privacy schedule ("Schedule"), and considered the compliance function of a Schedule. Part Two of this series discusses security incident response contract terms that should be considered for a Schedule. In addition, we look at more traditional "risk … Continue Reading
It is a very interesting time for information security and privacy lawyers. Information technology and the processing, storage and transmitting of sensitive and personal information is ubiquitous. At the same time (and likely as a result of this ubiquity) the legal risk and regulatory compliance environment poses increased threats and potential for significant liability. Finally, … Continue Reading
Service contracts that involve protected personal information should include provisions allocating responsibility for protecting that information and responding to security breaches. Increasingly, this means incorporating specific references to applicable laws and information security standards, and often certifications of conformance.
… Continue Reading