The significant growth in business process outsourcing creates ever-growing privacy and data security concerns. We routinely handle technology services agreements involving the outsourcing of, or access to, personally identifiable information and highly sensitive and regulated data, including negotiating and preparing (i) appropriate use and security parameters and protocols, (ii) liability and risk allocation schemes for each party‘s applicable use of data and (iii) response mechanisms in the event of security breach incidents. Our attorneys assist companies in developing comprehensive cloud strategies and identifying legal issues and solutions for integrating the cloud methodologies into traditional business models while ensuring appropriate contractual provisions to comply with privacy concerns.
Our attorneys assist clients in contracts for enterprise resource planning (ERP) systems and development and implementation of information security platforms, including negotiating network security agreements, technology contracts and vendor contracts. Our attorneys also counsel clients seeking to establish or improve internal data confidentiality provisions and to control access to confidential information. We help clients develop answers to software and data security questions including security controls, disaster recovery, backup and restoration, and finally, assist with dispute resolution, including litigation, when conflicts surface.
Our experience includes:
- Assisted in developing and implementing information security platforms for entire networks, including developing internal privacy policies, negotiating network security agreements and technology contracts, reviewing and revising employee policies and procedures, and negotiating vendor contracts and business associate agreements. Advised regarding database marketing outsourcing where personal consumer information is housed on servers external to the client's business, including contractual requirements for data security and information technology safeguards, allocation of risk, insurance and indemnity provisions.
- Advised regarding personal use by employees and third party collaborators of cloud computing services, corporate policies to ensure personal information is not used, and auditing internal compliance.
- Regularly assess privacy issues in Software as a Service (SaaS) and Cloud Computing contracts to ensure adequate protections for protection of personal data.