Data privacy means much more than just cyber-security. All over the world, customers, vendors, and governments are demanding more (and more detailed) attention to how consumer data is collected, stored, used, shared and monetized. Definitions and requirements often conflict. Penalties are increasingly severe. Because so many requirements are emerging and changing so quickly, aiming for today’s “compliance” needs will likely fall short tomorrow. We believe it is wise to incorporate “privacy by design” and “data protection by default” principles into a business now, with future trends and directions in mind. Open the Future℠.
This is where we come in.
We enjoy doing the precise, demanding work of analyzing what impact a business’ policies will have on its customers’ privacy; tracking “upstream” through layers and branches of vendor and sub-vendor contracts to confirm that they will carry out our clients’ commitments; working through the detailed requirements and statements of work; and helping our clients structure their operations not just for today’s regulatory compliance, but for tomorrow’s business success – not simply meeting their responsibilities under the European GDPR; the U.S. HIPAA, GLBA, FRCA, FERPA, and FTC Acts, and FAR, DFAR, and SEC regulations; California’s upcoming Consumer Privacy Act; New York DFS’ requirements; and many other state, federal, and international privacy statutes and regulations, but also doing so in ways that are efficient, forward-thinking, and above all, that work smoothly in the business of that particular client.
From the most straightforward service business, to the most complex “eco-system” platforms, we perform privacy impact assessments; analyze; and advise on whole structures in healthcare, financial institutions, background screening, energy, and many other industries.
Most companies rely on third-parties for the delivery of the technologies on which their businesses are built. We advise our clients on information technology outsourcing (ITO), business process outsourcing (BPO), procurement, licensing, commercial contracting, including “cloud” services like Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
We regularly write, review, and negotiate almost every kind of agreement for technology transactions, from the most straightforward to the extremely complex:
· licenses for incoming and outgoing technologies;
· customer- and developer-side software and technology development agreements;
· personnel agreements, for short-term and long-term engagements for employees and contractors, with particular attention to intellectual property rights and restrictive covenants;
· detailed data-use agreements for valuable but tightly restricted databases; and
· service agreements of the widest variety, including master services agreements (MSAs), statements of work (SOW), service level agreements (SLA), terms of service, terms and conditions, acceptable use policies, and more.
In addition, we provide pragmatic, privacy-focused advice in connection with information technology contracts, which includes:
· due diligence and other business acquisitions; and
· counseling in enterprise resource planning projects.
RIGHTS OF PUBLICITY AND PERSONAL IMAGE
Closely related to privacy are personal “rights of publicity,” including rights of endorsement. We are experienced with endorsement agreements, photo releases, agency agreements, and many other areas of personal publicity, in life and posthumously, under common law, state statutes, and FTC regulation.
TRADE SECRETS & Confidential INFORMATION
“Privacy” mostly concerns consumer data and other personal information. These may be among a business’ most valuable trade secrets – sometimes they are a business’ most important asset – but other information assets, which are not identifiable to specific individuals, may also be of supreme importance.
We are also adept at helping clients identify, protect, develop, and exploit “impersonal” trade secrets and confidential and proprietary information of all kinds, across as many as 60 different industries.
Our experience includes not only the Uniform Trade Secrets Act, which has finally been adopted in Texas as well as in most other states, but also the Restatement of Torts (1939), which is still in place in New York. Our variety of experiences includes drafting and negotiating agreements; litigating on each side of disputes, including obtaining and deflecting fast-moving lawsuits over injunctions and other extraordinary relief; service as the mediator and arbitrator in complex trade-secret disputes; and developing, exploiting, and working at the highest levels of technology development, within the boundaries of restrictive agreements which have already been negotiated.
CopyrightS & TrademarkS
Copyrights, which protect creative expressions of ideas though not the ideas themselves; trademarks, which identify the sources of goods and services and prevent consumer confusion; and trade secrets, which protect secrets, are often involved in technology transactions. We have lived and worked in these distinct areas of the law for many years – identifying, protecting, and conveying rights in each, both in business practice and in litigation.
In copyrights, we frequently analyze the extent to which copyright is involved in a transaction, product, service, or relationship; apply for registration as appropriate, including histories and earlier versions; arrange for “work for hire” and/or assignment agreements to be made; license and convey them as required; and assert or defend them when necessary. We also assist in clearing, registering, maintaining, licensing, conveying, and defending or enforcing trademarks, at all stages of their lives.
Unusually among privacy and technology lawyers, our long experience with copyrights and trademarks has included extensive work in organizing and supervising investigations and anti-counterfeiting work.
DIGITAL TRANSFORMATION AND ARTIFICIAL INTELLIGENCE
Websites, Apps, Portals and Platforms. Knowing how and what data is collected, processed and stored in connection with your companies’ websites, apps and online portals and platforms is as essential to compliance with law as it is to responsible data stewardship. We regularly help clients map their data, perform privacy impact assessments, and provide counsel with respect to data minimization, data retention and data protection for personal data controlled or processed by our clients’ businesses.
Smart Cities. Smart cities use data captured by Internet of Things (IoT) sensors embedded across public space. That data is processed by geographical information systems (or GIS software) and artificial intelligence (AI) to gain insights into the interactions of people with their physical locations, among other things.
But smart-city projects also pose extreme privacy and cybersecurity risks. We help governmental entities understand exactly what they are contracting for in their smart-city projects, and embed privacy and data-protection-by-design into those projects.
Robotic Process Automation. RPA is a software solution, usually called a “bot,” that creates efficiency by performing repetitive tasks. Many companies are seeking to replace human labor with these bots. We help our corporate clients ensure that their RPA vendors deliver by performing due diligence on those vendors and negotiating the contracts that underlie their provision of RPA.
Services for Law Firms
We enjoy serving as “privacy support” for other law firms, filling in the missing “privacy piece” in their deals or transactions. We are adept at serving in a subsidiary role, blending in while they keep the primary contact with their clients, assisting through limited engagements in specific transactions.
We are also pleased to assist other law firms themselves. Many excellent firms believe they are reliable stewards of their clients’ information, fully compliant in privacy matters -- and are horrified to discover they are not. We assist in gap analysis and adjustment of law firms’ systems, with a goal of leaving our client-firms even stronger, wider-focused, and even better able to serve their clients than they already were.
Over many years, our work has been so varied – often serving, in effect, as a “fractional general counsel” for closely-held businesses -- that it has given us a remarkable range of experience in many different kinds of odd circumstances and unusual transactions. Many of these have required us to advise clients on difficult issues that cut across many different areas of law, often on short (or no) notice. Many others have required us to draft agreements not from forms, but “from scratch.”
While our focus is on privacy and technology transactions, we bring to our work a perspective and judgment formed from years of a remarkable variety of experiences.
While our preference is to avoid litigation, it sometimes finds our clients.
When it does, we bring many years’ experience in trial work, not only in conventional business litigation but also in very specialized circumstances, in both state and federal court.
Our collective trial experience includes significant TRO and preliminary injunction practice, with other extraordinary remedies;service as an arbitrator (singly and as part of a panel) with repeated opportunities to experience the decision-making process and see “what works” and what absolutely doesn’t; and in an age when many litigators have never tried a case, we have tried successfully “bet the company” matters which the clients could not afford to lose.
CYBER-SECURITY & EARLY-STAGE BREACH RESPONSE
Reasonable diligence in cyber-security, appropriate to the sensitivity of the personal information involved, is required by law and is a central tenet of privacy law.
What constitutes “reasonable” security is constantly evolving, and clients are well advised to have cyber-security experts design, implement, maintain, and regularly assess their systems against recognized industry frameworks and standards; to maintain vigilant education and awareness programs among staff and vendors at all times; to map their data thoroughly so they can respond quickly to individual concerns; and to secure reasonable cyber-insurance coverage from specialty insurance carriers.
We prefer to assist our clients in preventing breaches, and contracting in such a way as to manage the risks. Even in the best of circumstances, however, security breaches do happen. When they do, we are prepared to assist immediately in the first steps of responding to a breach.