This presentation discusses issues relating to cloud service contracts for municipalities. It notes that moving to cloud services requires focusing on contracting strategy and terms and conditions, as legal issues are complex. While some issues are traditional like outsourcing, cloud computing introduces new unique challenges. Key areas to focus on in contracts include governing law, data availability, intellectual property, privacy, termination, and exit strategies. The presentation provides examples of boilerplate contract language and issues to consider for negotiation to adequately protect a municipality's interests and manage risks of cloud computing arrangements.
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
Common Data Protection Issues in Managing M&A DealsMatheson Law Firm
This article explores the potential application of the GDPR in running a typical Irish merger or acquisition and sets out some practical guidelines on how parties to the transaction can demonstrate compliance with the GDPR requirements.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
This is the chapter I wrote for Professor William Byrnes' Taxation of Intellectual Property and Technology treatise. I am truly grateful for this experience and I am honored to have participated in this project.
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
This is a presentation I gave to the South Carolina Law Review Symposium entitled: On Task?: Expanding the Boundaries of Legal Education, February 28, 2014.
This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
This presentation will highlight the key legal issues associated with cloud computing and some implementation methods for minimizing or mitigating those risks.
There are numerous legal issues in cloud computing like operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and jurisdictional issues. Security, privacy and confidentiality remain the biggest concern for the data owner, as when the data is stored on the cloud the same might be accessible to multiple users. There is concern for its safety and protection of valuable data and trade secrets. Then there are intellectual property issues regarding ownership of and rights in information and services placed in the cloud.
For more information visit https://brightpay.co.uk
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations.
This webinar will look at the GDPR, how it may affect your business and what we have learned from the GDPR 5 months on. We will also have a look at how BrightPay can help your organisation utilise the new regulations for the benefit of you, your customers and youremployees.
Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data, and that includes your employee’s personal payroll and HR information. We will take you through the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligations with regards to payroll, HR and Employment law.
The webinar will include a demonstration of how our BrightPay Connect add-on can help you work towards GDPR compliance by offering remote online access to accountants, employers and employees. We will take a brief look at our Bright Contracts software, which as well as providing the user with the facility to create and customise Contracts of Employment and Company Handbooks, now has a new feature which enables the user to create an Employee Privacy Policy which is a requirement under GDPR.
We will also unveil our new timesheet rapid input feature. Our exciting new timesheet feature directly connects to the BrightPay payroll and allows clients to import timesheet hours from a CSV or directly input hours for each employee on the BrightPay connect employer dashboard. For accountants and payroll bureaus, clients can easily use the timesheet upload for rapid input of employee’s hours eliminating possible errors. The timesheet feature also allows bureaus to easily run the payroll before sending it back to your payroll client for final approval and validation.
Common Data Protection Issues in Managing M&A DealsMatheson Law Firm
This article explores the potential application of the GDPR in running a typical Irish merger or acquisition and sets out some practical guidelines on how parties to the transaction can demonstrate compliance with the GDPR requirements.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
On January 1, 2020, one of the strictest privacy laws in the US, the California Consumer Privacy Act (CCPA), will come into effect. What should governance, risk and compliance executives know in order to prepare for CCPA? Watch the on demand recording here: https://symc.ly/2Pn7tvW.
This is the chapter I wrote for Professor William Byrnes' Taxation of Intellectual Property and Technology treatise. I am truly grateful for this experience and I am honored to have participated in this project.
GDPR and personal data protection in EU research projectsLorenzo Mannella
This 20-minute presentation provides participants with a case study on data protection issues exposed by research partners awarded with a fictional Horizon 2020/Horizon Europe grant. Participants will follow the work of data controller and processors, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will be engaged to evaluate the compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals on a case study analysis. The session will benefit from a short Q&A and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work.
This is a presentation I gave to the South Carolina Law Review Symposium entitled: On Task?: Expanding the Boundaries of Legal Education, February 28, 2014.
This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
This presentation will highlight the key legal issues associated with cloud computing and some implementation methods for minimizing or mitigating those risks.
There are numerous legal issues in cloud computing like operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and jurisdictional issues. Security, privacy and confidentiality remain the biggest concern for the data owner, as when the data is stored on the cloud the same might be accessible to multiple users. There is concern for its safety and protection of valuable data and trade secrets. Then there are intellectual property issues regarding ownership of and rights in information and services placed in the cloud.
A presentation on cloud computing and its impact in the boardroom. Presented to the Australian Institute of Company Directors , this presentation covers:
1. What legal contracts and provisions should be put in place for IT?
2. Liability issues – what insurance do you need?
3. Privacy obligations and protecting data – key legislation and its application
Brendon Noney
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')DLA Piper Nederland N.V.
This workshop has been held at Legal Business Day on 8 September 2011.
Across the globe organisations are contending with this latest technology panacea - cloud computing. The multijurisdictional nature of the internet - which cares not for geographical boundaries - creates a variety of challenges and opportunities for businesses, regardless of the country in which they are based and are transferable to any industry in the private or public sector.
What key considerations should your organisation be aware of? In this workshop we share our opinions on how to handle the legal challenges surrounding cloud computing such as data protection and security, the importance of getting the contract right and on the current lack of consistent, international legal protection.
TRUST. IP and Technology Update - IT Audit Toolkit for CIOs and General Couns...Jan Lindberg
Planning the right strategy to survive third-party licence audits is essential to minimizing your expenses that arise out of third-party audits. In this article, we aim to provide experiences from recent IT disputes from the customer’s or target company’s perspective, as well as tools for handling different technology licensing related breach of contract and copyright infringement claims after licence audits.
Janneke Breeuwsma (Arthur’s Legal) @ SLA-Ready Workshop in Madrid, Spain (15 November 2016).
Be part of our next workshop in Brussels http://bit.ly/2fVcCG7 .
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachSLA-Ready Network
Janneke Breeuwsma (Arthur’s Legal) @ SLA-Ready Workshop during Cloud Forward 2016 (19 October 2016, Madrid, Spain).
Be part of our next workshop in Brussels http://bit.ly/2fVcCG7 .
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
Authorities including the UK Information Commissioner, the Solicitors Regulation Authority
(SRA) and the Council of Bars and Law Societies of Europe (CCBE) are establishing
requirements which are conflicting with the main foundation of cloud computing and in
many cases making it impossible to implement
Partly Sunny With a Chance of Rain: Forecasting the Legal Issues in Cloud Com...
Misa cloud computing workshop lhm final
1. Lou Milrad B.A., LL.B.
Lawyer
MilradLaw
Cloud Computing –
Moving Forward
March 26th, 2013
Burlington Convention Centre
2. This presentation illustrates a sampling of issues relating to
cloud service contracts while also providing discussion
insights on such issues and is intended to be merely
Illustrative, rather than conclusive, of the complexity of those
issues.
The model under discussion assumes that your Municipality
will be negotiating a cloud services contract and that the
expectation is that some sensitive and private data will be
stored on cloud-based data servers belonging to either the
cloud provider or to a business partner of that provider. In
addition, your Municipality is in the final stages of launching a
BYOD (Bring Your Own Device) policy.
3. In shifting away from the traditional infrastructure approach of
separately (or in combination) purchasing hardware, software and
services to complete services solution (SaaS, IaaS, PaaS, (MaaS,
SaaS, etc.), critical need to focus on
IT contracting strategy, and
Associated contract terms & conditions
Legal issues have become somewhat more complex
Many are traditional (e.g. IT outsourcing and similar managed
services arrangements), but many are new and unique to or
exacerbated by migration to the cloud.
4. Typically governed by total $$$ to be spent coupled
with supplier target market and industry standard
practices.
Try to avoid web-based terms and conditions
approach – exception may only be in “free” services
However, “free” might change to “paid for” services
model if volume or usage thresholds are exceed
Cautions -
Automatic term renewals
Incorporation of web-terms into negotiated
contracts
5. Clou
Web-based vs. negotiated terms
Governing Law
Data Availability and Term and Renewals
Additionally referenced terms & unilateral amendments, Statements of Work (SOW’s), & Service level agreements (SLA’s)
Intellectual property rights (IPR)
Confidential information (Confidentiality) and Trade Secrets
Privacy
Force majeure
Geographic Location of Data Servers
Third party access
Indemnification & insurance suspension & Termination
Suppliers’ compliance requirements
Grounds for Contract Termination
Liability of Damages due to a Service Interruption
Having an Exit Strategy
Grounds for Contract Termination
Data retention upon contract termination
6. Boilerplate examples for discussion
Contract Structure
Governing Law
Term and Renewals
Data Availability and Ownership
Intellectual Property Rights (IPR)
Confidential Information
Privacy
Force Majeure
AND
Data Availability and Ownership
7. Terms and Conditions
Full of legalese
Once signed, becomes the governing terms and
conditions
Amending Agreement to change terms
Schedules
Specifications
Pricing and Payment, etc.
Statements of Work (SOW’s)
Service Level Agreements (SLA’s)
8. What law governs performance under the contract terms?
Complex legal regulatory environment surrounding cloud computing
that both customers and providers need to consider.
e.g. Privacy statutes
Provision is typically found in the Boilerplate section of the contract (i.e.
- towards the end of the T’s & C’s)
Typically, vendor’s form contract
• Good place to start and build on
will specify that it is governed by the law of the vendor’s home
province/state, and
grant the courts of that province/state exclusive jurisdiction over
any disputes arising out of the contract
9. 3 Key aspects – Applicable law & jurisdiction/location
Contract interpretation
Location for Hearing(s)/Trial(s)
Resolution through mediation & arbitration
Options
Mutual agreement on these items
Leave unresolved and open for later argument and resolution
(if needed)
10. Vendor form contracts typically
Renew automatically for additional terms unless proper prior
notice
Not really major concern in the context of “free” services, but
could be problematic under a ”pay for services” automatic
renewal contract where the customer has not tracked the
advance notice of “intention to not to renew” date… and it
slips by
Auto renewal avoids the need to renegotiate the contract,
but…
Consideration for negotiating “termination for convenience”
provisions
Avoid additionally referenced terms & unilateral amendments -
11. Provide the vendor with the unilateral right, to make
modifications to its services – a negotiated
compromise might be something like:
“Vendor may make commercially reasonable
modifications to the Service, provided that they do
not materially diminish the nature, scope, or quality
of the Service.
12. Prerequisite for consideration:
Understanding of the system architecture
e.g. - How and in what format it keeps your data
Tools that are available to you to access your data
Covering off on e-discovery needs that may arise
Remain mindful of compliance with enterprise-wide policies (existing &
under consideration/development) - AUP, MDM, BYOD, etc.
13. Additional Requirements
Redundancy and backup
Disaster recovery
No vendor lock-in
Exit strategies as required
Protection of all designated confidential information and other intellectual property
rights
Confirmation that the vendor does not acquire and may not claim any security
interest in your data.
Where does Open Data fit in?
14. IP categories include
Copyrights, Trademarks, Trade secrets (Confidential Information) Data
IP Assets & Treatment under
Canadian laws
Laws of other countries
Infringement – what remedies?
Third party access – is vendor intending to grant some privileged third parties access to
your Municipality's stored data
Who is that to be
What is approval and authorization procedure?
Is there to be a confidential disclosure agreement and what form is it to take?
Protecting “personal information” and IPR
15. Defining Characteristics of Confidential Information: Typically includes intangible assets (and
associated materials) such as trade secrets, designs, processes, programs, procedures, third party
Information, developments, disclosed under terms of a software license or services agreement
Examples might include, nonpublic and financial contract terms with other suppliers, and
categories set out under MFIPPA
Negotiated cloud contracts will typically define, spell out, the restrictions, and remedies for
unauthorized disclosure or other violation – Web-based, less likely to address question although
it may be included under Intellectual Property Rights language
Breach of Confidentiality: Legal obligation of employees to respect the organization’s intangible
assets, business and trade secrets etc. and maintain their confidentiality both during and after term of
employment
Confidentiality & Non-Disclosure Agreements (NDA’s) might precede contract negotiation, and in
any event, negotiate contracts will contain associated obligations and restrictions regarding
confidentiality
Key consideration: Notwithstanding vendors adherence to best practices, what happens if the data
center gets hacked? Is there a remedy, and if so, what is it to be?
16. Canada has two federal privacy laws
the Privacy Act and the Personal Information Protection and Electronic Documents Act. …
Every province and territory has privacy legislation governing the collection, use and disclosure of
personal information held by government agencies – Office of The Privacy Commissioner of Canada
Ontario’s
MFIPPA Municipal Freedom of Information and Protection of Privacy Act, &
PHIPA - the Personal Health Information Protection Act
Onus on Municipalities and their suppliers to protect “personal information” from disclosure
Challenge to be considered - the trusteeship by the Municipality of personal information coupled with
possible access, handling and disclosure of personal information of others stored on external cloud
servers.
BYOD and Cloud access - Makings of a perfect storm with the convergence on one device of both
personal and corporate data and providing access to cloud based data and databases – therefore, a
critical need to have an enforceable BYOD policy in place.
17. Others
Our systems are vulnerable to damage or interruption
from earthquakes, terrorist attacks, floods, fires, power
loss, telecommunications failures, computer viruses,
computer denial of service attacks, or other attempts to
harm our systems.
18. Thank You
Lou Milrad
IT Lawyer
Milrad Law Office
lou@milrad.ca
647.982.7890
www.milradlaw.ca