About Information Technology, Data Privacy and Security

Our clients purchase, sell and use technology and information technology software, hardware and professional services to gain a competitive advantage in the marketplace. We partner with our clients to navigate the legal and business risks that arise in the acquisition, sale, deployment, integration and usage of these technology products and services. We collaborate with our clients’ business, legal, marketing, supply chain, engineering and IT teams to negotiate and complete technology transactions consistent with industry best practices.

Using our substantial Fortune 500 company background and experience, we counsel clients in a multitude of industries and a variety of sizes with negotiating information technology agreements and policies, allowing them to effectively market and compete in a global marketplace.

Our clients are global manufacturing companies, consumer products companies, health care providers, software developers and service providers, insurance companies, transportation, banking and financial services companies, as well as non-profits and schools.

We have the experience to guide our clients with the licensing or purchase of On-Premises, Hosted and Cloud (SAAS) Service Solutions; Service Level Agreements; Outsourcing Agreements; Professional Services Agreements and Data Security Addendums, among other legal needs.

We have significant experience in the following areas:

Software Licensing and Professional Services

  • Software licensing – traditional and hosted services, as well as escrow agreements
  • Cloud services – software as a service and platform as a service agreements
  • Maintenance and support for software, cloud and hardware
  • Professional services – development, integration, implementation, training services and SOWs
  • Outsourcing agreements
  • Software development agreements
  • Open source usage
  • Confidentiality and non-disclosure agreements
  • Enterprise resource planning (ERP) software licensing, including negotiating with companies such as SAP, Oracle, Microsoft and Infor
  • Implementers, including negotiating with companies such as Accenture, Deloitte Consulting, Tata and IBM
  • Human resource information systems (HRIS) and benefits solutions agreements: WorkDay, Kronos, Success Factors, ADP and bSwift
  • Electronic health information systems (EHR) and data analytics, including EPIC, Cerner, Ingenix and Innovolan
  • CRM software, including SalesForce

E-Commerce: Websites and Mobile Applications

  • Terms of use for applications, websites and portals
  • End user license agreements
  • Online purchase agreements
  • Application development agreements
  • Clickwrap agreements
  • Website development and hosting agreements
  • Privacy policies
  • Subscription agreements
  • Employer policies and procedures
  • Bring your own device policies

Marketing and Advertising

  • Federal Trade Commission regulatory compliance
  • National sweepstakes and promotions
  • Advertising reviews
  • Consumer pricing
  • Consumer protection law compliance
  • Trademark licensing, marketing and joint branding agreements
  • Telephone Communications Privacy Act compliance
  • Social media

IT Infrastructure Agreements

  • Colocation and managed services agreements
  • Disaster recovery and business continuity
  • Dark fiber agreements
  • Data transport and interconnection
  • ISP
  • Telecommunications agreements with AT&T, Verizon, and TDS Metrocom

Data Privacy and Security
Reputation is critical to the success of our clients. Our clients understand that protecting the privacy of their customers and employees is of utmost importance. They take data privacy and security issues very seriously and are committed to employing best practices in protecting the security of their information technology networks, their data, their intellectual property and preventing the disclosure of personal information.

We help our clients face the challenges of navigating the unsettled and ever-changing world of international, federal and state data security and privacy. We work to put best practices in place that reduce the risk of a data security breach, hold vendors accountable for failures in their own security, and perform due diligence on data protections.

Data Security Regulatory Compliance and Best Practices
We use our knowledge to advise clients and negotiate agreements that provide data security and privacy law protections throughout their businesses.

Many of our clients are subject to multiple international, federal, state and local privacy and security laws and regulations. Many clients are obligated to comply with multiple regulatory obligations. We understand the interrelationship between these laws and regulations and utilize that knowledge and experience to protect clients in both their internal practices with vendor agreements and when hiring data security and privacy service providers. We also develop vendor management plans to ensure proper vetting while maintaining industry best practices and auditing.

We have significant experience in the following areas:

Information Technology Contracting and Privacy Policies

  • Negotiate contract provisions requiring clients’ vendors comply with our data security and privacy requirements
  • Prepare data security addendums to be included with information technology agreements
  • Identify the need for and inclusion of cyberinsurance coverage requirements in technology agreements
  • Website privacy policies
  • Advise on big data, data monetization, the Internet of Things, and de identification/anonymization

Company Compliance Programs, Counseling and Training

  • Counsel on policies and procedures to minimize the risk of a data breach
  • Prepare data privacy and security policies
  • Develop privacy and cybersecurity programs
  • Provide data privacy and security training for a variety of industries
  • Assist with the development of requirements for vendors with access to company data, including personal information
  • Data analytics and geolocation protections
  • Electronic Communications Privacy Act Compliance
  • Recommendations on obtaining or requiring vendors to provide auditing and certification such as SSAE 16, ISOE and other industry-specific audit requirements

Health Care Data Privacy and Security

  • Draft Business Associate Agreements and HIPAA compliant data privacy and security policies
  • Negotiate information technology agreements that include HIPAA and corollary state law requirements
  • Advise health care providers and other covered entities under HIPAA and HITECH on a daily basis on compliance issues
  • HIPAA training for both health care providers and other covered entities

Financial Services and Insurance

  • Guidance to financial institutions and insurance companies regulated under Gramm Leach Bliley and corollary state financial service and insurance law requirements
  • PCI standards for credit card transactions and storage of credit card industry data


  • Advise on the Federal Education Rights Privacy Act (FERPA) and the corollary state statutes
  • Identify risks under the Children’s Online Privacy Protection Act (COPPA)

Data Breach Responses and Notifications

  • Help ensure timely compliance with federal and state statutory notice requirements in the case of a data breach
  • Assess whether a data breach has occurred and coordinating the response
  • Investigate the incident and notify customers, employees or other impacted individuals
  • Collaborate with law enforcement on investigating hacking, ransomware and other incidents of unauthorized access to customers’ computer systems

International Data Laws and Cross-Board Issues

  • Advice on compliance with EU Regulation and Directives, and actively assist clients with assessing how to comply with the new EU Regulations
  • Assessing whether to and how to obtain EU Privacy Shield certification
  • Advising on country-specific issues such as the Swiss Privacy Act, the Danish Privacy Act, and the Privacy Laws of the Netherlands
  • Advising on compliance with the Australian Privacy Laws
  • Working with clients doing business on a regular basis in Mexico, Canada and South America

Insurance Coverage Issues

  • We have substantial experience evaluating the need for cybersecurity coverage and requirements for vendors
  • Counseling on additional insurance coverage that could potentially cover a cyberattack, ransomware attack or data breach

Record Retention

  • Determine how to store and how long to store data that is subject to privacy laws
  • Electronic data retention practices
  • E-discovery and litigation holds

Contact any of our information technology, data privacy and security attorneys so we can explore how to help you accomplish your goals.