Our clients purchase, sell and use technology and information technology software, hardware and professional services to gain a competitive advantage in the marketplace. We partner with our clients to navigate the legal and business risks that arise in the acquisition, sale, deployment, integration and usage of these technology products and services. We collaborate with our clients’ business, legal, marketing, supply chain, engineering and IT teams to negotiate and complete technology transactions consistent with industry best practices.

Our clients are global manufacturing companies, consumer products companies, health care providers, software developers and service providers, insurance companies, transportation, banking and financial services companies, as well as non-profits and schools.

We have significant experience in the following areas:

Software Licensing and Professional Services

• Software licensing – traditional and hosted services, as well as escrow agreements
• Cloud services – software as a service and platform as a service agreements
• Maintenance and support for software, cloud and hardware
• Professional services – development, integration, implementation, training services and SOWs
• Outsourcing agreements
• Software development agreements
• Open source usage
• Confidentiality and non-disclosure agreements

E-Commerce: Websites and Mobile Applications

• Terms of use for applications, websites and portals
• End user license agreements
• Online purchase agreements
• Application development agreements
• Clickwrap agreements
• Website development and hosting agreements
• Privacy policies
• Subscription agreements
• Employer policies and procedures
• Bring your own device policies

IT Infrastructure Agreements

• Colocation and managed services agreements
• Disaster recovery and business continuity
• Dark fiber agreements
• Data transport and interconnection
• ISP
• Telecommunications agreements

Data Privacy and Security
Reputation is critical to the success of our clients. Our clients understand that protecting the privacy of their customers and employees is of utmost importance. They take data privacy and security issues very seriously and are committed to employing best practices in protecting the security of their information technology networks, their data, their intellectual property and preventing the disclosure of personal information.

We help our clients face the challenges of navigating the unsettled and ever-changing world of international, federal and state data security and privacy. We work to put best practices in place that reduce the risk of a data security breach, hold vendors accountable for failures in their own security, and perform due diligence on data protections.

Data Security Regulatory Compliance and Best Practices
We use our knowledge to advise clients and negotiate agreements that provide data security and privacy law protections throughout their businesses.

Many of our clients are subject to multiple international, federal, state and local privacy and security laws and regulations. Many clients are obligated to comply with multiple regulatory obligations. We understand the interrelationship between these laws and regulations and utilize that knowledge and experience to protect clients in both their internal practices with vendor agreements and when hiring data security and privacy service providers. We also develop vendor management plans to ensure proper vetting while maintaining industry best practices and auditing.

We have significant experience in the following areas:

Information Technology Contracting and Privacy Policies

• Negotiate contract provisions requiring clients’ vendors comply with our data security and privacy requirements
• Prepare data security addendums to be included with information technology agreements
• Identify the need for and inclusion of cyberinsurance coverage requirements in technology agreements
• Website privacy policies
• Advise on big data, data monetization, the Internet of Things, and de identification/anonymization

Company Compliance Programs, Counseling and Training

• Counsel on policies and procedures to minimize the risk of a data breach
• Prepare data privacy and security policies
• Develop privacy and cybersecurity programs
• Provide data privacy and security training for a variety of industries
• Assist with the development of requirements for vendors with access to company data, including personal information
• Data analytics and geolocation protections
• Electronic Communications Privacy Act Compliance

Health Care Data Privacy and Security

• Draft Business Associate Agreements and HIPAA compliant data privacy and security policies
• Negotiate information technology agreements that include HIPAA and corollary state law requirements
• Advise health care providers and other covered entities under HIPAA and HITECH on a daily basis on compliance issues
• HIPAA training for both health care providers and other covered entities

Financial Services and Insurance

• Guidance to financial institutions and insurance companies regulated under Gramm Leach Bliley and corollary state financial service and insurance law requirements
• PCI standards for credit card transactions and storage of credit card industry data

Education

• Advise on the Federal Education Rights Privacy Act (FERPA) and the corollary state statutes
• Identify risks under the Children’s Online Privacy Protection Act (COPPA)

Data Breach Responses and Notifications

• Help ensure timely compliance with federal and state statutory notice requirements in the case of a data breach
• Assess whether a data breach has occurred and coordinating the response
• Investigate the incident and notify customers, employees or other impacted individuals
• Collaborate with law enforcement on investigating hacking, ransomware and other incidents of unauthorized access to customers’ computer systems

International Data Laws and Cross-Border Issues

• Advice on compliance with EU Regulation and Directives, and actively assist clients with assessing how to comply with the new EU Regulations
• Assessing whether to and how to obtain EU Privacy Shield certification
• Advising on country-specific issues such as the Swiss Privacy Act, the Danish Privacy Act, and the Privacy Laws of the Netherlands
• Advising on compliance with the Australian Privacy Laws
• Working with clients doing business on a regular basis in Mexico, Canada and South America

Insurance Coverage Issues

• We have substantial experience evaluating the need for cybersecurity coverage and requirements for vendors
• Counseling on additional insurance coverage that could potentially cover a cyberattack, ransomware attack or data breach

Record Retention

• Determine how to store and how long to store data that is subject to privacy laws
• Electronic data retention practices
• E-discovery and litigation holds