This document summarizes key points from a presentation by Bill Tanenbaum on data strategy issues for Chief Data Officers (CDOs). It discusses how CDOs should be involved in outsourcing decisions to help prevent data breaches. When breaches do occur, CDOs should lead gap analyses of contracts and renegotiations. The presentation also covers topics like different data classes, intellectual property issues, data retention policies, and strategies for addressing persistent cyber attacks.
2. William A. Tanenbaum
Head, IP & Technology Transactions Group
New York and Palo Alto
How CDOs Should Work with Lawyers
3. | Privileged and Confidential
Data Classes
• Internal Enterprise Data
– Combination of our company’s different sales channels and
customer/product lines
• From public sources
• From third party data providers
• From Internet of Things
• Machine learning (computer to computer)
• Data used for internal analytics and for monetization by third party
sharing and combination
262768809
4. | Privileged and Confidential
Outsourcing Causes Data Breaches
• 2013 Trustwave Global Security Report on 450 database breaches
found that:
– 63% due to third-party IT providers
• Where is the CDO?
– Not involved in outsourcing or other IT or data RFPs
– RFP scoring: lowest price > data security risk
– Recommend data manager as well as account manager in steady
state
– Deal team vs. operations team
– Multi-vendor IT environment
362768809
5. | Privileged and Confidential
Remediation
• Gap analysis of existing contracts
– Old technology vs. new cyber threats
– Ensuring data restoration is a covered damage (not excluded as
“consequential”)
• Renegotiate to remediate
• New contracts
– Involve CDO in RFP
462768809
6. | Privileged and Confidential
All Privacy is Contextual
• Who sees what information for what purpose?
• Software agents vs. human beings
– To decide which data is shared in specific contexts
• Using business drivers to allocate ownership vs. license rights for
custom software and for joint developments
– In some cases it is better to allow vendor to own IP rights
562768809
7. | Privileged and Confidential
Intellectual Property
• Scope of IP protection
• Data sharing > pure ownership
• Yes, data is asset, but only if contract says so
• Need private vs. statutory arrangement
• Data sets and competitive advantage
• Selecting the flavor of open source
• Customizations: ownership vs. licensing
• Joint Ownership: unexpected consequences
• Dynamic dashboards
662768809
8. | Privileged and Confidential
How Long to Keep Data
• Prediction: Revisiting corporate data retention rules
• Litigation risk mitigation vs. revenue generation from data
analytics
• No single rule: retention will also be contextual
762768809
9. | Privileged and Confidential
BOYD Ecosystem
• BOYD = avenue for security breach
• Really “Bring Your Own Infrastructure” to work
• Cloud is no longer disruptive
• Smartphone-centric ecosystem
862768809
10. | Privileged and Confidential
New Approach to Persistent Attacks
• Present: SLAs and penalties
• Recommended: model on cooperation with FBI after state actor
attack
• Theory: grammatical errors constitute a business model
962768809
11. | Privileged and Confidential
Thank You
10
William A. Tanenbaum
Head, IP & Technology Transactions Group
“Lawyer of the Year” in IT in NY in 2013
wtanenbaum@kayescholer.com
212-836-7661
62768809
12. | Privileged and Confidential
William A. Tanenbaum, Partner,
Kaye Scholer
11
Bill Tanenbaum is the Head of the law firm Kaye Scholer’s multidisciplinary, multi-office IP &
Technology Transactions Group, which is ranked in the First Tier at the National Level by US
News & World Report/Best Lawyers. Bill was named “Lawyer of the Year 2013” in IT in NY
by Best Lawyers in America. He is ranked in Band One in Technology & Outsourcing in NY
by Chambers, America’s Leading Lawyers for Business, which found that he “built one of New
York City’s most outstanding transactional IT practices.” IP Law Experts Guide named Bill as
“The Recommended IT Lawyer in New York.” (Only a single attorney is designated in each state.)
He is past President of the International Technology Law Association and currently a VP of the
Society for Information Management (NY), a CIO industry association where he serves as the
only lawyer on the Board. Clients and peer attorneys say he is “one of the best IP attorneys I have
worked with” (LMG CleanTech Guide); “smart, practical, tactical and highly strategic,” “an
effective negotiator” (Chambers); “intellectual yet pragmatic” and “among the foremost IT
licensing experts and a leading authority on related issues such as data security, privacy and social
media” (World’s 250 Leading Patent and Technology Lawyers). His practice areas include
outsourcing, IT, offensive and defensive IP strategies, vendor management, data security and data
flows, IT and IP aspects of corporate transactions, technology agreements and licensing, Big Data
in procurement and supply chain management, and sustainability. He graduated from Brown
University (Phi Beta Kappa) and Cornell Law School.
62768809