4/16/2020 | Legal Update
Information Technology, Data Privacy and Security
Explore
Our Knowledge in Information Technology, Data Privacy and Security
Our clients purchase, sell and use technology and information technology software, hardware and professional services to gain a competitive advantage in the marketplace. We partner with our clients to navigate the legal and business risks that arise in the acquisition, sale, deployment, integration and usage of these technology products and services. We collaborate with our clients’ business, legal, marketing, supply chain, engineering and IT teams to negotiate and complete technology transactions consistent with industry best practices.
Our clients are global manufacturing companies, consumer products companies, health care providers, software developers and service providers, insurance companies, transportation, banking and financial services companies, as well as non-profits and schools.
We have significant experience in the following areas:
Software Licensing and Professional Services
- Software licensing – traditional and hosted services, as well as escrow agreements
- Cloud services – software as a service and platform as a service agreements
- Maintenance and support for software, cloud and hardware
- Professional services – development, integration, implementation, training services and SOWs
- Outsourcing agreements
- Software development agreements
- Open source usage
- Confidentiality and non-disclosure agreements
E-Commerce: Websites and Mobile Applications
- Terms of use for applications, websites and portals
- End user license agreements
- Online purchase agreements
- Application development agreements
- Clickwrap agreements
- Website development and hosting agreements
- Privacy policies
- Subscription agreements
- Employer policies and procedures
- Bring your own device policies
IT Infrastructure Agreements
- Colocation and managed services agreements
- Disaster recovery and business continuity
- Dark fiber agreements
- Data transport and interconnection
- ISP
- Telecommunications agreements
Data Privacy and Security
Reputation is critical to the success of our clients. Our clients understand that protecting the privacy of their customers and employees is of utmost importance. They take data privacy and security issues very seriously and are committed to employing best practices in protecting the security of their information technology networks, their data, their intellectual property and preventing the disclosure of personal information.
We help our clients face the challenges of navigating the unsettled and ever-changing world of international, federal and state data security and privacy. We work to put best practices in place that reduce the risk of a data security breach, hold vendors accountable for failures in their own security, and perform due diligence on data protections.
Data Security Regulatory Compliance and Best Practices
We use our knowledge to advise clients and negotiate agreements that provide data security and privacy law protections throughout their businesses.
Many of our clients are subject to multiple international, federal, state and local privacy and security laws and regulations. Many clients are obligated to comply with multiple regulatory obligations. We understand the interrelationship between these laws and regulations and utilize that knowledge and experience to protect clients in both their internal practices with vendor agreements and when hiring data security and privacy service providers. We also develop vendor management plans to ensure proper vetting while maintaining industry best practices and auditing.
We have significant experience in the following areas:
Information Technology Contracting and Privacy Policies
- Negotiate contract provisions requiring clients’ vendors comply with our data security and privacy requirements
- Prepare data security addendums to be included with information technology agreements
- Identify the need for and inclusion of cyberinsurance coverage requirements in technology agreements
- Website privacy policies
- Advise on big data, data monetization, the Internet of Things, and de identification/anonymization
Company Compliance Programs, Counseling and Training
- Counsel on policies and procedures to minimize the risk of a data breach
- Prepare data privacy and security policies
- Develop privacy and cybersecurity programs
- Provide data privacy and security training for a variety of industries
- Assist with the development of requirements for vendors with access to company data, including personal information
- Data analytics and geolocation protections
- Electronic Communications Privacy Act Compliance
Health Care Data Privacy and Security
- Draft Business Associate Agreements and HIPAA compliant data privacy and security policies
- Negotiate information technology agreements that include HIPAA and corollary state law requirements
- Advise health care providers and other covered entities under HIPAA and HITECH on a daily basis on compliance issues
- HIPAA training for both health care providers and other covered entities
Financial Services and Insurance
- Guidance to financial institutions and insurance companies regulated under Gramm Leach Bliley and corollary state financial service and insurance law requirements
- PCI standards for credit card transactions and storage of credit card industry data
Education
- Advise on the Federal Education Rights Privacy Act (FERPA) and the corollary state statutes
- Identify risks under the Children’s Online Privacy Protection Act (COPPA)
Data Breach Responses and Notifications
- Help ensure timely compliance with federal and state statutory notice requirements in the case of a data breach
- Assess whether a data breach has occurred and coordinating the response
- Investigate the incident and notify customers, employees or other impacted individuals
- Collaborate with law enforcement on investigating hacking, ransomware and other incidents of unauthorized access to customers’ computer systems
International Data Laws and Cross-Border Issues
- Advice on compliance with EU Regulation and Directives, and actively assist clients with assessing how to comply with the new EU Regulations
- Assessing whether to and how to obtain EU Privacy Shield certification
- Advising on country-specific issues such as the Swiss Privacy Act, the Danish Privacy Act, and the Privacy Laws of the Netherlands
- Advising on compliance with the Australian Privacy Laws
- Working with clients doing business on a regular basis in Mexico, Canada and South America
Insurance Coverage Issues
- We have substantial experience evaluating the need for cybersecurity coverage and requirements for vendors
- Counseling on additional insurance coverage that could potentially cover a cyberattack, ransomware attack or data breach
Record Retention
- Determine how to store and how long to store data that is subject to privacy laws
- Electronic data retention practices
- E-discovery and litigation holds
Section Leader
Information Technology, Data Privacy and Security Professionals
Related News
1/20/2020 | Legal Update
Offered Free Cyber Services? You May Not Need to Look That Gift Horse in the Mouth Any Longer.
5/25/2016 | Legal Update
Addressing Cybersecurity in Your Retirement Plan TPA Contract
3/4/2013 | Legal Update
Protect Your CEO's Tweets and Posts from SEC Enforcement Action
12/28/2011 | Legal Update
Health Care Entities Using Social Media: Guidance from the Division of Quality Assurance
Other News
View allOct 03 2024
Filing Obligations and Deadlines for The Corporate Transparency Act
Aug 22 2024
Federal Court Strikes Down FTC's Ban On Non-Competes
Aug 15 2024
81 von Briesen Attorneys Named to the Best Lawyers in America® 2025
Aug 06 2024
Dane County Circuit Court Judge Denies Motion to Dismiss and Hints at Issuing Decision Overturning Act 10
Jul 24 2024
Title IX Regulations
Jul 01 2024
von Briesen Announces the Promotion of Michael R. Sherer to Shareholder
Jun 11 2024
von Briesen Welcomes Julie Piper-Kitchin
May 22 2024
How Can You Help Pay for Your Student’s Education?
May 13 2024