SlideShare a Scribd company logo

Technology Law: Regulations on the Internet and Emerging Technologies

Download as PPTX, PDF
I
Infinity Software Solutions

With a transactional practice, covering the areas of e-commerce, software and technology, Heather Buchta, with Quarles & Brady LLP, presented the different cloud regulations that impact our industry; from data privacy to compliance. Learn all the legal Internet/cloud considerations CIOs are faced with today and apply them to your value proposition.

Software
1 of 35
Partner Program
Technology Law: Regulations on the Internet and Emerging Technologies Heather L. Buchta Quarles & Brady LLP September 4, 2014
• Regulatory Environment • Contractual Issues
Regulatory Environment • Speed of Regulation • Comparison over last 10 years
State in 2003 –E-contracting –Cybercrime/hacking
Personal Information • FEDERAL – FTC Act – COPPA – CAN-SPAM – TCPA – FERPA • STATE – Breach Notification – Point of Sale Collection – State Consumer Protection – Security Obligations Health Information • FEDERAL – HIPAA – HITECH – Health Breach Notification Rule – GINA • STATE – HIPAA-like Financial Information • FEDERAL – GLB – FCRA – FACTA • STATE – GLB-like Employee Information • FEDERAL – ERISA – FMLA – Whistleblower Protection Act • STATE – Contract law Current State
Regulatory Environment - Background • Terminology –Data Privacy –Data Security – Cybersecurity –Co-Lo – Cloud • Legal Framework – Sectoral –Comprehensive
A Bit of Historical Context…. • Not actually a new topic – Warren and Brandeis – 1890 – Prosser – 1960 – Fair Information Practices – 1973 – Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data – 1980 – Council of Europe – 1981 – EU Data Protection Directive – 1995 – APEC Privacy Framework – 2004
Regulatory Environment – Disclaimer • Data Privacy and Protection – Health Care – Financial – Labor & Employment – Trade Secrets – Internet of Things – BYOD • Other Regulations – Online contracting – All other offline business regulations – FCC, FTC, etc.
Regulatory Environment • Understand applicable obligations – Geographic Source of Data – What Kind of Data – Defined by States and/or Statutes • Personally Identifiable Information (PII) • Nonpublic Personal Information (NPI) • Protected Health Information (PHI) • Types of Obligations – Privacy – Security
Regulatory Environment • Understand Applicable Obligations – Personal Information • Federal – FTC » Section 5 of the FTC Act » Telemarketing Sales Rule » COPPA » CAN-SPAM – FCC » Telephone Consumer Protection Act – USDOE » FERPA – Electronic Communications Privacy Act
Regulatory Environment • New Bills – Location Privacy Protection Act of 2014 • S.2171, Sen. Franken, March 27, 2014 – Personal Data Privacy and Security Act of 2014 • S.1897, Sen. Leahy, January 8, 2014 – Data Security Act of 2014 • S.1927, Sen. Carper, January 15, 2014 – Commercial Privacy Bill of Rights of 2014 • S.2378, Sen. Menendez, May 21, 2014 • Other Initiatives – Do Not Track movement – Big Data: Seizing Opportunity, Preserving Value, May 2014, Executive Office of the President
Regulatory Environment • Understand Applicable Obligations – Personal Information • State – Security Breach Notification Statutes – Point of Sale Collection – Security Obligations – MA 201 CMR 17.00, Nev. 603A.215 – State Consumer Protection Laws – FERPA-like – ECPA-like – California » CALOPPA, BPC 22575-22579 » Shine the Light, CA Civ Code 1798.83 » CALCOPPA, S.B. 568
Regulatory Environment • Understand Applicable Obligations – Health Information • HIPAA/HITECH – OCR of HHS –LabMD – overlapping jurisdiction with FTC –State Attorneys General • Health Breach Notification Rule – FTC • GINA – EEOC • States also have similar legislation
Regulatory Environment • Understand Applicable Obligations – Financial Information • GLB –Privacy Rule – FTC and CFPB –Safeguards Rule – FTC and CFPB –Banking Regulators • FCRA – FTC, CFPB and State Attorneys General • FACTA – FTC, CFPB and State Attorneys General –Red Flags Rule • Some states have similar legislation
Regulatory Environment • Understand Applicable Obligations – Employee Information • ADA • HIPAA • State Specific Rules – social media • Employee Handbooks • Union Agreements/Collective Bargaining Agreements
Regulatory Environment • Understand Applicable Obligations – EU • Directives – Personal Information and Cookie • DPAs • Works Councils – Canada • PIPEDA • CASL – Australia • Privacy Amendment Act 2012
Regulatory Environment • Credit Card Data – PCI DSS v.3 – Nevada 603A.215 – Minnesota 325E.64 • Online Tracking – Digital Advertising Alliance – OBA and retargeting • NIST – Media Sanitization – Cybersecurity Framework • NERC • Contractual obligations and self-imposed obligations
Regulatory Environment • Security Audit – “systematic, measurable technical assessment of how the organization's security policy is employed at a specific site” (Symantec 2003) – “appropriate” and “reasonable” • What is involved? – Personal interviews – Vulnerability scans (pen-testing) – Examinations of operating system settings – Analyses of network shares and other data • Go to the experts – Find the right vendor – Set parameters
Regulatory Environment • WISP • Consider Insurance Options • Identify Key Team Members – Key Executives – Compliance – CISO? – Legal – Marketing/HR – PR – IT/Forensics – Incident Response Vendor? • Incident Response Plan • Tabletop Exercises
Regulatory Environment • Internal Privacy Program • Data Retention Schedule • Regularly Review
Why Do We Care • The Regulators are Coming…. –FTC –Attorneys’ General • And they are bringing bad press, fines and Enforcement Orders
Why Do We Care • Corporate Governance Issues – SEC Investigations – Officer Liability – Have to Stay Informed – NACD White Paper – Cybersecurity Boardroom Implications (2014) – SEC Cybersecurity Roundtable Transcript, 3/28/14, available at www.sec.gov
Why Do We Care • Valuation – Reputational Value – Corporate Deals - M&A • High Profile Deals – WhatsApp, Moves, Nest • Impacting the Bottom Line • Restricting Ability to Transfer
Why Do We Care • Vendor Relationships – Implicates both privacy and security – Outsourcing does not mean relinquishing obligations or liability • Must do due diligence • Appropriate contractual provisions • Maintain level of control and knowledge of activities
Why Do We Care • Mobile App Development – Privacy By Design • Hosting Facilities – Security Requirements – Breach Notifications • SaaS – Data Ownership/Access/Return – Data Usage • Marketing – Retargeting – OBA
Why Do We Care • Ask Questions • Then Ask More Questions • Which will lead to more questions • Must understand the data flows, retention, sharing and usage
Why Do We Care • Key Provisions to Consider – Audit Rights – Security Audit Reports – SSAE16/ISAE3402 – Disaster Recovery/Business Continuity – Compliance with Laws – Ownership/Usage/Destruction – Indemnities – Warranties – Exclusions to Limitations of Liability – Insurance
Why Do We Care • Responsibility for breach of security is a function of who controls the data • Liability for breach of security is a function of the contract • Compliance with laws may be a domestic and/or foreign matter
Other Considerations • IP law trailing the technology evolution of the Cloud • Trade Secrets and the Cloud may be incompatible – Potential third-party disclosures – US PATRIOT Act • Evolving licensing models • Potential data location issues • Legacy software and systems issues
Other Considerations • Ownership of Data • Preservation of Data • Preservation may be easier on the cloud…or not – Courts may not distinguish servers in the cloud – Physical location of Data may be unknown – Compliance with e-discovery and litigation holds • Spoliation • Data Integrity – Must be free from corruption
Other Considerations • Determine accountability for data preservation – Who is liable for stolen data – What does indemnification cover – What happens in bankruptcy – What notice is provided for security breach – What happens if lose co-lo contract or lose lease
Other Considerations • Intellectual Property – Whose software – Whose network • Ownership – Customizations or configurations – Works made for hire • Same contractual provisions come into play – now from an IP perspective
Other Considerations • Service Levels • Online contracting – Enforceability – Notice • Conspicuous – Choice • Meaningful • Contract of Adhesion
Questions??? Thank you for your partnership!

Recommended

When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsTara Aaron
 
Privacy 101
Privacy 101Privacy 101
Privacy 101Trish McGinity, CCSK
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)EmilyDShaw
 

Recommended

When Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsWhen Big Data is Personal Data - Data Analytics in The Age of Privacy Laws
When Big Data is Personal Data - Data Analytics in The Age of Privacy LawsTara Aaron
 
Privacy 101
Privacy 101Privacy 101
Privacy 101Trish McGinity, CCSK
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)EmilyDShaw
 
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...ictseserv
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislationIRIS
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
Data privacy presentation
Data privacy presentationData privacy presentation
Data privacy presentationTravers Morgan
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
S719a
S719aS719a
S719aecommerce
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...ImageSoft
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startupsEkoInnovationCentre
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselOCTF Industry Engagement
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Data 101: The New World of Privacy & Security
Data 101: The New World of Privacy & SecurityData 101: The New World of Privacy & Security
Data 101: The New World of Privacy & SecurityQuarles & Brady
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotatedwdsnead
 

More Related Content

What's hot

Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...ictseserv
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislationIRIS
 
Data privacy presentation
Data privacy presentationData privacy presentation
Data privacy presentationTravers Morgan
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...ImageSoft
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startupsEkoInnovationCentre
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 

What's hot (20)

Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislation
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
Data privacy presentation
Data privacy presentationData privacy presentation
Data privacy presentation
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
S719a
S719aS719a
S719a
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to know
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Data protection
Data protectionData protection
Data protection
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...Legal Considerations of Digital Document Storage and E-Signature, Authority f...
Legal Considerations of Digital Document Storage and E-Signature, Authority f...
 
Data protection compliance for tech startups
Data protection compliance for tech startupsData protection compliance for tech startups
Data protection compliance for tech startups
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 

Similar to Technology Law: Regulations on the Internet and Emerging Technologies

Data 101: The New World of Privacy & Security
Data 101: The New World of Privacy & SecurityData 101: The New World of Privacy & Security
Data 101: The New World of Privacy & SecurityQuarles & Brady
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotatedwdsnead
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)Neil Ende
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentAllen Woods
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Online privacy; myth or reality?
Online privacy; myth or reality?Online privacy; myth or reality?
Online privacy; myth or reality?Swaleh Ahmed
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
"Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation "Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation MorningstarLaw
 
Implications of acts in organizations
Implications of acts in organizations Implications of acts in organizations
Implications of acts in organizations Swarupa Rani Sahu
 

Similar to Technology Law: Regulations on the Internet and Emerging Technologies (20)

Data 101: The New World of Privacy & Security
Data 101: The New World of Privacy & SecurityData 101: The New World of Privacy & Security
Data 101: The New World of Privacy & Security
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Balancing Privacy and Digitization
Balancing Privacy and DigitizationBalancing Privacy and Digitization
Balancing Privacy and Digitization
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Online privacy; myth or reality?
Online privacy; myth or reality?Online privacy; myth or reality?
Online privacy; myth or reality?
 
Online privacy
Online privacyOnline privacy
Online privacy
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
"Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation "Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation
 
Implications of acts in organizations
Implications of acts in organizations Implications of acts in organizations
Implications of acts in organizations
 

More from Infinity Software Solutions

Importance one stop_hris_payroll_solution-phil-lamb
Importance one stop_hris_payroll_solution-phil-lambImportance one stop_hris_payroll_solution-phil-lamb
Importance one stop_hris_payroll_solution-phil-lambInfinity Software Solutions
 
Payroll integration millennium (jennifer mc_cray)
Payroll integration millennium (jennifer mc_cray)Payroll integration millennium (jennifer mc_cray)
Payroll integration millennium (jennifer mc_cray)Infinity Software Solutions
 
Importance one stop_hris_payroll_solution (phil lamb)
Importance one stop_hris_payroll_solution (phil lamb)Importance one stop_hris_payroll_solution (phil lamb)
Importance one stop_hris_payroll_solution (phil lamb)Infinity Software Solutions
 
Ats employee screening_aurico (luis solis & matt siegal)
Ats employee screening_aurico (luis solis & matt siegal)Ats employee screening_aurico (luis solis & matt siegal)
Ats employee screening_aurico (luis solis & matt siegal)Infinity Software Solutions
 

More from Infinity Software Solutions (10)

Importance one stop_hris_payroll_solution-phil-lamb
Importance one stop_hris_payroll_solution-phil-lambImportance one stop_hris_payroll_solution-phil-lamb
Importance one stop_hris_payroll_solution-phil-lamb
 
Payroll integration millennium-jennifer-mc_cray
Payroll integration millennium-jennifer-mc_crayPayroll integration millennium-jennifer-mc_cray
Payroll integration millennium-jennifer-mc_cray
 
Service bureau wins_losses (steve whittier)
Service bureau wins_losses (steve whittier)Service bureau wins_losses (steve whittier)
Service bureau wins_losses (steve whittier)
 
Performance mgmt best_practices (john austin)
Performance mgmt best_practices (john austin)Performance mgmt best_practices (john austin)
Performance mgmt best_practices (john austin)
 
Payroll integration millennium (jennifer mc_cray)
Payroll integration millennium (jennifer mc_cray)Payroll integration millennium (jennifer mc_cray)
Payroll integration millennium (jennifer mc_cray)
 
Partner certification program (mario orellana)
Partner certification program (mario orellana)Partner certification program (mario orellana)
Partner certification program (mario orellana)
 
Importance one stop_hris_payroll_solution (phil lamb)
Importance one stop_hris_payroll_solution (phil lamb)Importance one stop_hris_payroll_solution (phil lamb)
Importance one stop_hris_payroll_solution (phil lamb)
 
Implementing infinity hr (katie cuthriell)
Implementing infinity hr (katie cuthriell)Implementing infinity hr (katie cuthriell)
Implementing infinity hr (katie cuthriell)
 
Ats employee screening_aurico (luis solis & matt siegal)
Ats employee screening_aurico (luis solis & matt siegal)Ats employee screening_aurico (luis solis & matt siegal)
Ats employee screening_aurico (luis solis & matt siegal)
 
ACA: Employer Reporting Requirements
ACA: Employer Reporting RequirementsACA: Employer Reporting Requirements
ACA: Employer Reporting Requirements
 

Recently uploaded

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Recently uploaded (20)

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 

Technology Law: Regulations on the Internet and Emerging Technologies

  • 2. Technology Law: Regulations on the Internet and Emerging Technologies Heather L. Buchta Quarles & Brady LLP September 4, 2014
  • 3. • Regulatory Environment • Contractual Issues
  • 4. Regulatory Environment • Speed of Regulation • Comparison over last 10 years
  • 5. State in 2003 –E-contracting –Cybercrime/hacking
  • 6. Personal Information • FEDERAL – FTC Act – COPPA – CAN-SPAM – TCPA – FERPA • STATE – Breach Notification – Point of Sale Collection – State Consumer Protection – Security Obligations Health Information • FEDERAL – HIPAA – HITECH – Health Breach Notification Rule – GINA • STATE – HIPAA-like Financial Information • FEDERAL – GLB – FCRA – FACTA • STATE – GLB-like Employee Information • FEDERAL – ERISA – FMLA – Whistleblower Protection Act • STATE – Contract law Current State
  • 7. Regulatory Environment - Background • Terminology –Data Privacy –Data Security – Cybersecurity –Co-Lo – Cloud • Legal Framework – Sectoral –Comprehensive
  • 8. A Bit of Historical Context…. • Not actually a new topic – Warren and Brandeis – 1890 – Prosser – 1960 – Fair Information Practices – 1973 – Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data – 1980 – Council of Europe – 1981 – EU Data Protection Directive – 1995 – APEC Privacy Framework – 2004
  • 9. Regulatory Environment – Disclaimer • Data Privacy and Protection – Health Care – Financial – Labor & Employment – Trade Secrets – Internet of Things – BYOD • Other Regulations – Online contracting – All other offline business regulations – FCC, FTC, etc.
  • 10. Regulatory Environment • Understand applicable obligations – Geographic Source of Data – What Kind of Data – Defined by States and/or Statutes • Personally Identifiable Information (PII) • Nonpublic Personal Information (NPI) • Protected Health Information (PHI) • Types of Obligations – Privacy – Security
  • 11. Regulatory Environment • Understand Applicable Obligations – Personal Information • Federal – FTC » Section 5 of the FTC Act » Telemarketing Sales Rule » COPPA » CAN-SPAM – FCC » Telephone Consumer Protection Act – USDOE » FERPA – Electronic Communications Privacy Act
  • 12. Regulatory Environment • New Bills – Location Privacy Protection Act of 2014 • S.2171, Sen. Franken, March 27, 2014 – Personal Data Privacy and Security Act of 2014 • S.1897, Sen. Leahy, January 8, 2014 – Data Security Act of 2014 • S.1927, Sen. Carper, January 15, 2014 – Commercial Privacy Bill of Rights of 2014 • S.2378, Sen. Menendez, May 21, 2014 • Other Initiatives – Do Not Track movement – Big Data: Seizing Opportunity, Preserving Value, May 2014, Executive Office of the President
  • 13. Regulatory Environment • Understand Applicable Obligations – Personal Information • State – Security Breach Notification Statutes – Point of Sale Collection – Security Obligations – MA 201 CMR 17.00, Nev. 603A.215 – State Consumer Protection Laws – FERPA-like – ECPA-like – California » CALOPPA, BPC 22575-22579 » Shine the Light, CA Civ Code 1798.83 » CALCOPPA, S.B. 568
  • 14. Regulatory Environment • Understand Applicable Obligations – Health Information • HIPAA/HITECH – OCR of HHS –LabMD – overlapping jurisdiction with FTC –State Attorneys General • Health Breach Notification Rule – FTC • GINA – EEOC • States also have similar legislation
  • 15. Regulatory Environment • Understand Applicable Obligations – Financial Information • GLB –Privacy Rule – FTC and CFPB –Safeguards Rule – FTC and CFPB –Banking Regulators • FCRA – FTC, CFPB and State Attorneys General • FACTA – FTC, CFPB and State Attorneys General –Red Flags Rule • Some states have similar legislation
  • 16. Regulatory Environment • Understand Applicable Obligations – Employee Information • ADA • HIPAA • State Specific Rules – social media • Employee Handbooks • Union Agreements/Collective Bargaining Agreements
  • 17. Regulatory Environment • Understand Applicable Obligations – EU • Directives – Personal Information and Cookie • DPAs • Works Councils – Canada • PIPEDA • CASL – Australia • Privacy Amendment Act 2012
  • 18. Regulatory Environment • Credit Card Data – PCI DSS v.3 – Nevada 603A.215 – Minnesota 325E.64 • Online Tracking – Digital Advertising Alliance – OBA and retargeting • NIST – Media Sanitization – Cybersecurity Framework • NERC • Contractual obligations and self-imposed obligations
  • 19. Regulatory Environment • Security Audit – “systematic, measurable technical assessment of how the organization's security policy is employed at a specific site” (Symantec 2003) – “appropriate” and “reasonable” • What is involved? – Personal interviews – Vulnerability scans (pen-testing) – Examinations of operating system settings – Analyses of network shares and other data • Go to the experts – Find the right vendor – Set parameters
  • 20. Regulatory Environment • WISP • Consider Insurance Options • Identify Key Team Members – Key Executives – Compliance – CISO? – Legal – Marketing/HR – PR – IT/Forensics – Incident Response Vendor? • Incident Response Plan • Tabletop Exercises
  • 21. Regulatory Environment • Internal Privacy Program • Data Retention Schedule • Regularly Review
  • 22. Why Do We Care • The Regulators are Coming…. –FTC –Attorneys’ General • And they are bringing bad press, fines and Enforcement Orders
  • 23. Why Do We Care • Corporate Governance Issues – SEC Investigations – Officer Liability – Have to Stay Informed – NACD White Paper – Cybersecurity Boardroom Implications (2014) – SEC Cybersecurity Roundtable Transcript, 3/28/14, available at www.sec.gov
  • 24. Why Do We Care • Valuation – Reputational Value – Corporate Deals - M&A • High Profile Deals – WhatsApp, Moves, Nest • Impacting the Bottom Line • Restricting Ability to Transfer
  • 25. Why Do We Care • Vendor Relationships – Implicates both privacy and security – Outsourcing does not mean relinquishing obligations or liability • Must do due diligence • Appropriate contractual provisions • Maintain level of control and knowledge of activities
  • 26. Why Do We Care • Mobile App Development – Privacy By Design • Hosting Facilities – Security Requirements – Breach Notifications • SaaS – Data Ownership/Access/Return – Data Usage • Marketing – Retargeting – OBA
  • 27. Why Do We Care • Ask Questions • Then Ask More Questions • Which will lead to more questions • Must understand the data flows, retention, sharing and usage
  • 28. Why Do We Care • Key Provisions to Consider – Audit Rights – Security Audit Reports – SSAE16/ISAE3402 – Disaster Recovery/Business Continuity – Compliance with Laws – Ownership/Usage/Destruction – Indemnities – Warranties – Exclusions to Limitations of Liability – Insurance
  • 29. Why Do We Care • Responsibility for breach of security is a function of who controls the data • Liability for breach of security is a function of the contract • Compliance with laws may be a domestic and/or foreign matter
  • 30. Other Considerations • IP law trailing the technology evolution of the Cloud • Trade Secrets and the Cloud may be incompatible – Potential third-party disclosures – US PATRIOT Act • Evolving licensing models • Potential data location issues • Legacy software and systems issues
  • 31. Other Considerations • Ownership of Data • Preservation of Data • Preservation may be easier on the cloud…or not – Courts may not distinguish servers in the cloud – Physical location of Data may be unknown – Compliance with e-discovery and litigation holds • Spoliation • Data Integrity – Must be free from corruption
  • 32. Other Considerations • Determine accountability for data preservation – Who is liable for stolen data – What does indemnification cover – What happens in bankruptcy – What notice is provided for security breach – What happens if lose co-lo contract or lose lease
  • 33. Other Considerations • Intellectual Property – Whose software – Whose network • Ownership – Customizations or configurations – Works made for hire • Same contractual provisions come into play – now from an IP perspective
  • 34. Other Considerations • Service Levels • Online contracting – Enforceability – Notice • Conspicuous – Choice • Meaningful • Contract of Adhesion
  • 35. Questions??? Thank you for your partnership!