This document discusses data security and privacy risks associated with cloud computing. It identifies 8 key risks: 1) regulatory requirements regarding data security and privacy, 2) practical data hazards like weak access protection, 3) meeting legal holds for litigation documents, 4) complying with European data privacy laws, 5) low-cost cloud providers having limited protections and liability, 6) tier 1 cloud providers still potentially falling short of legal obligations, 7) insufficient control over software changes, and 8) responsibility for costs of database breaches. The document is presented by William Tanenbaum, chair of the technology and outsourcing group at Kaye Scholer LLP, to highlight legal and practical risks companies should consider regarding data security and privacy
October 29, 2019, I was invited to present the keynote of the LegalTech Alliance meeting on eDiscovery and Big Data, in which 11 law departments from the Universities of Applied Sciences in the Netherlands participate.
eDiscovery is more and more important than ever. Future legal professionals must be able to deal with large electronic data sets so they can:
- Take decisions based on facts and not based on guesses and assumptions;
- Answer information requests timely, accurately and complete;
- Avoid high cost, reputation damage, regulatory measures, business disruption and stress!
It is great that the LegalTech Alliance understands that need and that they embed eDiscovery in their educational programs.
Attached are slides of the workshop were we presented the course eDiscovery (including the hands-on with ZyLAB) which we developed together with the University of Applied Sciences in Amsterdam
Ai and applications in the legal domain studium generale maastricht 20191101jcscholtes
November 20, 2019, it was my great pleasure to present a special lecture on Artificial Intelligence and Application in the Legal Domain. In this lecture I discuss how the development of machines that can learn, reason and act intelligently – Artificial Intelligence (AI) – is advancing rapidly in the legal domain. In some areas, machine intelligence have even already surpassed the limits of what the brightest human minds are capable of achieving, especially in the field of eDiscovery and Legal Review of large data set.
In others, machines still struggle with seemingly basic tasks. Nonetheless, breakthroughs in AI already have profound impact on the legal profession. AI is set to improve our world now and will continue to do so in the future. At the same time, there is the fear of losing control.
This lecture was part of a larger series on AI organized by our department of data science and knowledge engineering: https://www.maastrichtuniversity.nl/events/artificial-intelligence.
More information can be found here: https://textmining.nu
Who owns your data ans why should you careDerek Keats
This is a video that was made from a webinar I did for Living in a connected world: Who owns my data, and why should I care? that was held by Nedbank, JCSE and EE Business Intelligence. My focus was on what ownership means.
October 29, 2019, I was invited to present the keynote of the LegalTech Alliance meeting on eDiscovery and Big Data, in which 11 law departments from the Universities of Applied Sciences in the Netherlands participate.
eDiscovery is more and more important than ever. Future legal professionals must be able to deal with large electronic data sets so they can:
- Take decisions based on facts and not based on guesses and assumptions;
- Answer information requests timely, accurately and complete;
- Avoid high cost, reputation damage, regulatory measures, business disruption and stress!
It is great that the LegalTech Alliance understands that need and that they embed eDiscovery in their educational programs.
Attached are slides of the workshop were we presented the course eDiscovery (including the hands-on with ZyLAB) which we developed together with the University of Applied Sciences in Amsterdam
Ai and applications in the legal domain studium generale maastricht 20191101jcscholtes
November 20, 2019, it was my great pleasure to present a special lecture on Artificial Intelligence and Application in the Legal Domain. In this lecture I discuss how the development of machines that can learn, reason and act intelligently – Artificial Intelligence (AI) – is advancing rapidly in the legal domain. In some areas, machine intelligence have even already surpassed the limits of what the brightest human minds are capable of achieving, especially in the field of eDiscovery and Legal Review of large data set.
In others, machines still struggle with seemingly basic tasks. Nonetheless, breakthroughs in AI already have profound impact on the legal profession. AI is set to improve our world now and will continue to do so in the future. At the same time, there is the fear of losing control.
This lecture was part of a larger series on AI organized by our department of data science and knowledge engineering: https://www.maastrichtuniversity.nl/events/artificial-intelligence.
More information can be found here: https://textmining.nu
Who owns your data ans why should you careDerek Keats
This is a video that was made from a webinar I did for Living in a connected world: Who owns my data, and why should I care? that was held by Nedbank, JCSE and EE Business Intelligence. My focus was on what ownership means.
Managing the Legal Concerns of Cloud ComputingAmy Larrimore
Presented at the 2013 Pennsylvania Bar Institute as an edition in an annual series on legal concerns around cloud computing ,. This one covers how technology overlaps and where the risk needs to be managed in between systems.
These are slides from my presentation at the Law Firm Leaders Forum in New York, Nov. 6-7, 2014. Part I covers Substantive Hints of Change: Innovative Technology Popping Up and Part II covers Legal Design: Structured Innovation Process and Focus on Client/User Needs.
Cross-Border/International Legal Malpractice. Due to the increased volume of the movement of goods, investment and services, the risk of legal malpractice is increasing. The level of such malpractice is probably greater than most acknowledge. I have numerous articles written about this topic and been involved in legal matters involving this issue.
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...Jason Haislmaier
Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.
Op 21 maart vond de officiële opening van het Legal Tech Lab plaats. Alle partners gaven samen met docenten en studenten een workshop verzorgen tijdens deze middag. Hieronder het programma met een overzicht van de workshops. Bijgaand de eDiscovery presentative van ZyLAB
Is your law firm technologically competent?
As the practice of law evolves—and as modern technology becomes ever more prevalent in society—legal professionals have an ever-increasing responsibility to be technologically competent.
It’s vital—and, in the majority of U.S. states, it is now an ethical duty—for lawyers to understand the benefits and risks that technology poses for themselves, their law firms, and their clients.
Join Bob Ambrogi, lawyer and founder of the LawSites blog, and Joshua Lenon, Clio’s Lawyer in Residence, to hear their expert perspective on this deeply important topic.
In this CLE-eligible webinar, you’ll learn:
What it means to be tech competent, and why it’s so important
Strategies for developing technological competence in your practice
How legal tech software and resources make it easier than ever for lawyers to keep up with the times
https://landing.clio.com/understanding-legal-technology-competence.html
Startup Legal & IP (July2013 Founder Institute)Touraj Parang
Startup Legal Issues Facing Founders. From pre-formation, to incorporation, to IP strategy. What to expect to pay in legal fees and how to save money. Tips on hiring lawyers for your business effectively and efficiently. Technologies mentioned: Markify, http://upcounsel.com,
Chief Data Officer Agenda Webinar: How CDOs Should Work with LawyersDATAVERSITY
Legal risks, rights and obligations are among the most important emerging issues in enterprise data management today, and yet are not well understood, especially considering most CDOs come to the role with a business or IT background, rather than legal training. Bill Tanenbaum is one of the leading technology and intellectual property attorneys in the country, and is joining us on this edition of the CDO Agenda to provide a legal perspective on the issues that organizations should be dealing with today, from the standpoint of data management policy. Among the topics he will address are:
Security and Data Breaches
Data Vulnerability in Contracts
The CDO’s Role in ITS Contracts
Privacy is Contextual
Data Ownership vs License rights
Data as Intellectual Property
Data Sharing
Is Data an Asset?
How Long Should you Keep Data?
Managing the Legal Concerns of Cloud ComputingAmy Larrimore
Presented at the 2013 Pennsylvania Bar Institute as an edition in an annual series on legal concerns around cloud computing ,. This one covers how technology overlaps and where the risk needs to be managed in between systems.
These are slides from my presentation at the Law Firm Leaders Forum in New York, Nov. 6-7, 2014. Part I covers Substantive Hints of Change: Innovative Technology Popping Up and Part II covers Legal Design: Structured Innovation Process and Focus on Client/User Needs.
Cross-Border/International Legal Malpractice. Due to the increased volume of the movement of goods, investment and services, the risk of legal malpractice is increasing. The level of such malpractice is probably greater than most acknowledge. I have numerous articles written about this topic and been involved in legal matters involving this issue.
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...Jason Haislmaier
Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.
Op 21 maart vond de officiële opening van het Legal Tech Lab plaats. Alle partners gaven samen met docenten en studenten een workshop verzorgen tijdens deze middag. Hieronder het programma met een overzicht van de workshops. Bijgaand de eDiscovery presentative van ZyLAB
Is your law firm technologically competent?
As the practice of law evolves—and as modern technology becomes ever more prevalent in society—legal professionals have an ever-increasing responsibility to be technologically competent.
It’s vital—and, in the majority of U.S. states, it is now an ethical duty—for lawyers to understand the benefits and risks that technology poses for themselves, their law firms, and their clients.
Join Bob Ambrogi, lawyer and founder of the LawSites blog, and Joshua Lenon, Clio’s Lawyer in Residence, to hear their expert perspective on this deeply important topic.
In this CLE-eligible webinar, you’ll learn:
What it means to be tech competent, and why it’s so important
Strategies for developing technological competence in your practice
How legal tech software and resources make it easier than ever for lawyers to keep up with the times
https://landing.clio.com/understanding-legal-technology-competence.html
Startup Legal & IP (July2013 Founder Institute)Touraj Parang
Startup Legal Issues Facing Founders. From pre-formation, to incorporation, to IP strategy. What to expect to pay in legal fees and how to save money. Tips on hiring lawyers for your business effectively and efficiently. Technologies mentioned: Markify, http://upcounsel.com,
Chief Data Officer Agenda Webinar: How CDOs Should Work with LawyersDATAVERSITY
Legal risks, rights and obligations are among the most important emerging issues in enterprise data management today, and yet are not well understood, especially considering most CDOs come to the role with a business or IT background, rather than legal training. Bill Tanenbaum is one of the leading technology and intellectual property attorneys in the country, and is joining us on this edition of the CDO Agenda to provide a legal perspective on the issues that organizations should be dealing with today, from the standpoint of data management policy. Among the topics he will address are:
Security and Data Breaches
Data Vulnerability in Contracts
The CDO’s Role in ITS Contracts
Privacy is Contextual
Data Ownership vs License rights
Data as Intellectual Property
Data Sharing
Is Data an Asset?
How Long Should you Keep Data?
Learning to Thrive as a Tech-Savvy Lawyer by Nehal MadhaniNehal Madhani
Nehal Madhani, attorney and now CEO of Alt Legal, discusses technologies that lawyers can use to make their practices simpler, more efficient, and more profitable.
Trends in Law Practice Management – Calculating the RisksNicole Garton
Presented by the CBA’s Legal Profession Assistance Conference, the Canadian Lawyers Insurance Association and the National Law Practice Management and Technology Section live via webconference.
The advantages of cloud computing, virtual or online law practices and unbundling of legal services are getting a lot of press – convenience to clients, reduced overhead expenses, remote access, and enhanced access to justice are among the benefits touted. But there are also very real and practical risks, and ethical implications, for each new tool or practice implemented. As these trends infiltrate legal practice in North America, lawyers and law firm leaders need to exercise due diligence to assess the potential risks and benefits.
Our panelists, Nicole Garton-Jones and David Bilinsky will provide a practical overview of these trends in law practice management. In doing so, they’ll provide you with tools to reduce the risk and identify the questions you need to ask yourself, as well as potential third party service providers, your insurers and your law society, when conducting your own risk-benefit analysis.
Register here: http://www.cba.org/pd/details_en.aspx?id=na_onfeb212
Keeping client confidences secure in the digital age is not always easy, but it certainly is necessary. It seems like there’s always some new technology tool or gadget that lawyers are told they “have to” learn. This program covers how to ethically use today’s technology and what emerging tools are important for lawyers to consider.
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
As privacy and security professionals it's true: we simply can't get enough data on the costs of a data breach. This is primarily driven, of course, by our desire to quantify the risks associated with our profession in terms that organizations can understand and measure. Our quest is complicated, however, by the fact that breach cost data is so hard to come by.
This unique webinar will take data breach analysis to the next level. First we'll define our terms and review of some of the best known, publicly available data breach research. But then, we'll dive into a more detailed, exhaustive, quantitative review of breach data. This will include both case studies of a few seminal data breaches and statistical analysis of data breaches in the aggregate.
Our featured speaker for this timely webinar is Patrick Florer, Co-Founder & CTO of Risk Centric Security. Patrick, who is also a Fellow and Chief Research Analyst at the Ponemon Institute, has decades of experience in risk analysis and analytics and is considered an expert in data breach analysis.
David WITH Goliath: How Big Companies Do Deals with Small Cloud and Social Me...William Tanenbaum
Conventional deal structures do not always work when big companies engage small cloud and social media companies as part of marketing and digital business. To go live you need to go smart. Legal documents need to enable, not delay. Due diligence is important: Are you picking a winner or a loser? Would you invest in this company? Is security backed in or will you be subject to a privacy breach and a reputational hit? Are the investors in it for the long haul or are they taking a flier?
Social Business =Cloud + Big Data + Social Media + Mobile ComputingWilliam Tanenbaum
Cloud Computing is an inflection point, and is the technology that enable Big Data and predictive analytics. In combination with Big Data, Social Media and Mobile Computing, it constitutes how mainstream business use Cloud
SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...SirionLabs
Slides from SirionLabs' webinar 'Plugging Value Leakage in IT Outsourcing Engagements' featuring Forrester VP and Principal Analyst, Andrew Bartels.
CIOs and their IT departments often struggle to achieve the full value in strategic IT Outsourcing engagements due to ineffective governance and lack of performance alignment between the enterprise and its suppliers.
This webinar explains:
- The growing importance of service providers to firms (both for IT and for business overall)
- Why the traditional tools and technologies are not adequate to manage today’s complex supplier management challenges
- How CIOs can take the lead in embracing specialized software tools to enable not just the IT organization but the entire enterprise to get the most value from their strategic services suppliers
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyButlerRubin
Butler Rubin Partner, Dan Cotter discusses in detail the changes to the Model Rules of Professional Conduct that impact lawyers and their obligations to understand technology and safeguard against inadvertent data breaches.
Open Source Governance in Highly Regulated Companiesiasaglobal
Open source governance is part of IT governance and focuses on the specific issues related to the acquisition, use and management of OSS, and ensuring it is done in alignment with a company?s stated objectives, policies and risk profile. And as open source becomes more common, the need for governance increases dramatically. Without proper controls and processes to ensure compliance and reduce exposure, organizations will be at risk from technical and operational, regulatory, security, legal and brand factors.
Similar to Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourcing Interests Group Conference (20)
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
All privacy is contextual. Like that, the legal rules for collecting, aggregating, sharing and protecting data, including through IP, are specific to the context. One size does not fit all.
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Rules for data collection, aggregation, sharing, use and protection all depend on the business and legal context. One size does not fit all.
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Collecting, sharing, aggregating and using data in different business models and scenarios are subject to different rules and depend on the specific context
Green Outsourcing, Energy Efficient Data Centers and Sustainable Supply Chain...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourcing Interests Group Conference
1. Chicago . Frankfurt . London . Los Angeles . New York . Palo Alto . Shanghai . Washington DC . West Palm Beach
Data Security and Privacy Risks in
Cloud Computing
William A. Tanenbaum
Chair, Technology, Intellectual Property & Outsourcing Group, and
Chair, GreenTech and Sustainability Group
Kaye Scholer LLP
New York and Palo Alto Offices
2. Audience Poll
• Do you have company trade secrets in
the Cloud?
• Do you have contractual consent to use
U.S. health and financial personal data?
• Do you have customer data from Europe
in the Cloud?
• Has a court ordered you to preserve
litigation documents?
• Will your Cloud provider pay for costs of
database breaches?
60350343.PPTX
3. Data Security vs. Privacy
• To identify and protect against
your risks, you need to
distinguish between company
data and personally identifiable
information (“PII”)
• Unauthorized access vs.
impermissible use
60414334.PPTX
4. Risk No. 1: Regulatory Requirements
• Data security requirements
imposed by US regulations
– HIPPA, HITECH, GLB, SOX,
FTC Act § 5, FERPA,
Massachusetts, other states
• Raises audit issues
• Also export control
regulations
60350343.PPTX
5. Risk No. 2: Practical Data Hazards
• Weak technical access
protection
• Provider’s employees
• Provider’s subcontractors
• Lack of transparency
• Lack of customer control
60350343.PPTX
6. Risk No. 3: Litigation Holds
• Can you meet litigation
document hold requirements
if your data is in the Cloud?
• Is metadata a legal and
practical solution?
• Who pays tagging costs?
60350343.PPTX
7. Risk No. 4: Can You Use Available Legal
Options Under EEA Law?
• Safe Harbor
• Approved Clauses
• Binding Corporate
60350343.PPTX
8. Risk No. 5: Low Price Comes at a Cost
• Generally, Utility Cloud
providers:
– Rely on third party platforms
and software
– Use one-sided contracts
– No ability to negotiate stronger
protections
– No service levels
– Disclaim liability
• Conclusion: may not meet
customer’s legal
obligations
60350343.PPTX
9. Risk No. 6. Do Tier 1 Providers Go Far
Enough?
• Offer Private Clouds, but
they may still fall short of
legal obligations
• Offer more location
specificity, but still may fall
short
• Pay extra for data security
• At some point, tips into
custom data center and
hosting services, and
becomes more ITO than
Cloud
60350343.PPTX
10. Risk No. 7: Is There Sufficient Software
Change Control?
• If Provider changes software or
version, will your software still
work?
• Can compromise on advance
notice?
• Caution: what do online terms
and conditions allow?
60350343.PPTX
11. Risk No. 8: Database Breaches
• Who bears cost of:
– Determining liability and exposure
under state law?
– Providing statutory notices?
– Providing identity protection
services?
– Providing call centers and other
customer-facing remediation?
– Government investigations?
– Infrastructure upgrades?
60350343.PPTX
12. Questions and Answers
William A. Tanenbaum
Chair, Technology, Intellectual
Property & Outsourcing Group
Chair, GreenTech and
Sustainability Group
Kaye Scholer LLP,
New York and Palo Alto
wtanenbaum@kayescholer.com
212-836-7661
60350343.PPTX
13. William A. Tanenbaum
wtanenbaum@kayescholer.com
• William A. Tanenbaum is the international chair of both Kaye Scholer’s Technology, Intellectual
Property & Outsourcing Group and its GreenTech and Sustainability Group, and works in the
firm’s New York and Palo Alto offices. Legal Researcher Chambers found that Bill:
• “built one of New York City‟s most outstanding transactional IT practices,”
• is an “internationally recognized intellectual property, technology and outsourcing lawyer,”
• is a “well-respected attorney, with a well-informed approach [who] provides litigation,
transaction work and strategic counseling on a range of technology and outsourcing-related
issues,”
• is “efficient, solution-driven and makes excellent judgment calls,”
• is “a leading light” in outsourcing with “household names” in his client roster,
• is “an acknowledged expert on the convergence of mainstream business with cleantech,” and
that
• “clients highlight his IP experience but „commend his command of the whole deal.‟”
• The Legal 500 publication found that Bill is “an outstanding attorney with a deep knowledge
and understanding of technology and outsourcing and a deeply principled and trustworthy
colleague.”
60350343.PPTX
14. William A. Tanenbaum (cont’d)
• Bill’s Information Technology Law practice has been recognized for over ten years by Best
Lawyers and was ranked in the First Tier in New York in the 2010 Best Law Firms Survey
by U.S. News and World Report. Because of the strength of his Group’s practice, Kaye
Scholer was named as the “Internet & E-Commerce Law Firm of the Year” by The Lawyers
World Law Awards 2011. He is a past President of the ITech Law Association and a graduate
of Brown University (Phi Beta Kappa), Cornell Law School, and the Bob Bondurant School of
High Performance Driving. Chambers recognized him as a “Leading Individual” and awarded
him “Recommended” ratings in both “Technology and IT Outsourcing” and “Business Process
Outsourcing,” and named him as a “Notable Practitioner” at the national level in Outsourcing.
He was voted one of the World‟s Top 250 IP strategists (IAM client survey) and he was
selected as one of the country‟s top 25 pre-eminent IT practitioners in the Best of the Best
USA. He regularly advises clients on strategic intellectual property concerns, privacy, data
security, data transfer, information life cycle management and competitive intelligence matters,
in both transactional and litigation contexts. His the founder and co-chair of PLI’s annual legal
Outsourcing Conference and the founder and chair of PLI’s annual GreenTech Law and
Business Conference. He is listed in Who‟s Who in America, the International Who‟s Who of
Business Lawyers, the Guide to the World‟s Leading Litigation Experts and the Guide to the
World‟s Leading Patent Law Experts. He was the privacy and data protection columnist for the
New York Law Journal, co-author of a book on privacy law and has been quoted in The
Economist magazine as an expert on IP law. His articles have been used at Harvard and
other law schools.
60350343.PPTX