Earlier this month, we discussed the significance of the transformation workstream in outsourcing transactions and outlined important topics and points to consider when documenting the overall transformation methodology...more
The July 1 enforcement of the California Consumer Privacy Act (CCPA) is one week away. Despite calls by the business community and trade associations to push back the enforcement date to January 2021 due to the coronavirus...more
6/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government ,
State Attorneys General
Transition services agreements (TSAs) are often an integral part of a transaction when a buyer or a seller needs to use the other’s services, infrastructure, or resources for an agreed-upon period of time after an...more
Transformation is often a critical component of outsourcing and managed services transactions. The transition of core or non-core functions to a third-party provider can provide an opportunity for the customer to leverage the...more
The EU Council Presidency on September 18 put forward to member states an 88-page compromise proposal on the Eprivacy Regulation with considerable changes and amendments. There are several proposed changes to the provisions...more
The January 1, 2020, deadline to comply with the California Consumer Privacy Act (CCPA) is fast approaching. Signed into law in the summer of 2018, the CCPA creates a variety of new consumer privacy rights and will require...more
There is no “one size fits all” solution when drafting and negotiating the liability provisions relating to data protection obligations and security incidents. Every contract has unique business drivers that will shape the...more
In Part 1 and Part 2 of this Contract Corner, we discussed the importance of assessing and defining the types of data involved in a services agreement, and highlighted issues to consider with respect to the ownership and...more
In Part 1 of this Contract Corner, we discussed the importance of evaluating the types of data to be processed or accessed by a service provider at the beginning of the contracting process and key considerations to address...more
Drafting and negotiating the data protection provisions in services agreements can be one of the trickier and more time-consuming aspects of the contracting process. One of our prior Contract Corner series from 2014 discussed...more
In Part 1 of this Contract Corner on Software as a Service (SaaS) agreements, we discussed ownership and use issues in SaaS transactions where the application is provided and hosted as a dedicated instance with common base...more
In the typical SaaS scenario, the SaaS vendor provides, maintains, and hosts (either itself or through a hosting SaaS vendor) the desired application layer, and grants the customer and its authorized users access to the...more
An assignment and delegation provision is the clause that specifies a party’s ability to assign its rights or delegate its duties under an agreement. It is a provision that is often placed in the “miscellaneous” or “general”...more
Data owners and processors are working hard to make sure they have compliance programs in place by the time the European Union’s General Data Protection Regulation (GDPR) goes into force on May 25, 2018. To that end, a new...more
Artificial intelligence (AI) is the hot topic on everyone’s mind. Technology providers are researching and developing how they can exploit AI, companies in a wide range of industries are seeking to understand how AI will...more
The North American Electric Reliability Corporation (NERC) recently petitioned the Federal Energy Regulatory Commission (FERC) to approve its proposed “Reliability Standards” addressing cybersecurity risks in critical...more
In a positive development for companies relying on transatlantic data transfers, the European Commission (the Commission) recently announced that one year into the program, the EU-US Privacy Shield framework is functioning as...more
On February 15, the Geolocation Privacy and Surveillance Act (GPS Act) was introduced by a bipartisan group of US Congress members. Designed to enact comprehensive rules for both government agencies and commercial service...more
A recent action by the Federal Trade Commission (FTC) against an internet of things (IoT) device manufacturer in the Northern District of California is a significant development in the IoT space and data security law. The...more
By voice vote on February 6, the US House of Representatives passed the Email Privacy Act that would, among other things, require the federal government to obtain a warrant before compelling service providers to hand over...more