SlideShare une entreprise Scribd logo

Legal Issues Impacting Data Center Owners, Operators and Users

M
MMMTechLaw
1  sur  17
Télécharger pour lire hors ligne
Legal Issues Impacting Data Center Owners, Operators and Users by John Yates & Larry Kunin December 9, 2010
Presenters Larry Kunin Partner, Litigation Practice Telephone: 404.504.7798 E-mail: lkunin@mmmlaw.com John Yates Partner, Corporate Technology Practice Telephone: 404.504.5444 E-mail: jyates@mmmlaw.com 2
Goals MMM’s goal is to work with data center owners, operators and users to identify key legal issues and their related claims, and to provide ways to minimize liability. 3
Key Legal Areas of Concern 1. Contracts 2. Tort/Fraud 3. Products Liability 4. Regulatory Compliance 5. Privacy/Security 6. Safe Harbors 7. Post-Hacking/Security Breach Issues 4
Key Questions What are the key concerns of the data center owner, user, operator? 1. Is there adequate security to avoid security and privacy breaches? 2. How are external forces such as power outage, natural disaster, and terrorism controlled? What if contractor/subcontractors don’t perform adequately? 3. What if there are hardware/software failures resulting in down time? 4. How can a user be compensated for non-performance by the data center owner or operator? 5. What steps need to be taken if there is a security breach? 6. Are there safe harbors? 5
Power Outages 1. What are the terms of your agreement with the power company? 2. Do you have a claim against the power company in case of an outage? 3. Do you have an adequate back-up system? 4. How do you determine the adequacy of a back-up system - - what is reasonable under the circumstance? 5. What is your liability? 6. Power outage – liability i. Have you taken steps that are reasonable under the circumstances to provide for the contingencies of a power outage? ii. Do you have a contractual arrangement with the power company to provide certain levels of performance? iii. Do you have a contractual arrangement with a back-up power source? Does it include liquidated damages? iv. Do your customers’ contracts provide for uptime warranties? v. Do they include representations and warranties regarding uptime? vi. Do they include liquidated damage clause? 6
What is a Liquidated Damage Clause? 1. The elements of a liquidated damage clause: - The parties desire to avoid the cost of proving damages in the event of future breach. - Damages will be incapable or very difficult to accurately estimate at the time the contract was made. - Liquidated damages are a reasonable forecast of what damages might be in the event of breach. 2. Liquidated damages are not penalties: A liquidated damage clause that is found to punish rather than provide reasonable compensation will be declared an invalid penalty and will be stricken. 3. Note, however, that the inability of individuals to prove actual damages has been a block to sustaining a lawsuit. 7
Sample Liquidated Damage Clause The parties agree that in the event of data loss [or security breach], damages will be difficult to calculate. To avoid the cost and effort to attempt to calculate such damages, the parties agree that in the event of a proven data loss [or such breach] a reasonable forecast of resulting damage is $_________, which COMPANY shall pay to CUSTOMER within 20 days of confirmation of such breach. Such payment shall be the exclusive remedy and shall satisfy all liability for such data loss [or security breach]. 8
Force Majeure Clauses A force majeure clause prevents liability for harm caused by issues beyond a party’s reasonable control, such as an act of God (hurricanes, fire, etc.) - Might not protect against failure to back-up data. It is unlikely that a force majeure clause will protect against third party illegal hacking if there is evidence that the hacking could have or should have been prevented through better security measures (i.e., the act was preventable). 9
Sample Force Majeure Clause A party will not be liable to the other party for any failure, delay, or disruption of telecommunications services, caused by a Force Majeure Event, whether or not such matters were foreseeable, and such failure or delay will not constitute a material breach of this Agreement. “Force Majeure Event” means any cause beyond the reasonable control of a party that could not, by reasonable diligence, be avoided, including acts of God, acts of war, terrorism, riots, embargoes, acts of civil or military authorities, denial of or delays in processing of export license applications, fire, floods, earthquakes, accidents, or strikes. 10
Hardware/Software Failures 1. Do you have a contract with your software/hardware vendors? 2. Does it include warranties and representations? 3. Does it include indemnification to protect you in case you get sued by third parties (for example, users of your system)? 4. Do you have insurance to cover the liability? Have you reviewed the policy to determine the scope of coverage? 11
Privacy/Security 1. Do you store personally identifiable information? 2. Are you aware of the security breach notification statutes on the State level? Do you have policies in place to comply with them? 3. What damages could you incur by a security breach that results in disclosure of personally identifiable information? - Safe Harbor under State breach laws? 4. What other liability could be incurred as a result of a security or privacy breach? 5. Is data encrypted? 12
Sample Security Notification Breach Law California Security Breach Information Act, SB 1386: Companies that possess or store personal information (SSN, Drivers license, account number, etc.) must provide notice to each person in their database upon discovery of a security breach involving such personal information. Applies to government agencies, companies, and nonprofit organizations regardless of geographic location. 13
Practical Pointers 1. Review existing contracts and license agreements with hardware and software vendors, especially with regard to representations and warranties, indemnification provisions, liquidated damage provisions, performance criteria, etc. 2. Review your existing user agreements with regard to limitations of liability, representations and warranties, performance criteria, etc. 3. Review existing insurance policies, especially exceptions. 4. Review existing policies and procedures in case of security or privacy breaches, especially with regard to restate breach notification laws. 5. Review existing case law on an ongoing basis to determine reasonable steps required of a data center owner/operator and standards of care. 14
Recent Court Cases In re TJX Companies Retail Sec. Breach Litigation (1st Cir.): Bank represented class in a claim for violation of Mass. unfair trade practices statute following security breach. Damages were amount of fraudulent charges resulting from the security breach. Settled for over $40 million. Krottner v. Starbucks and Lalli v. Starbucks (W.D. Wash.): Two class action lawsuits alleged that theft of laptops contained personal information of Starbucks employees. Starbuck gave notice to all employees. One plaintiff alleged that his bank account was opened, but the bank closed the account and there was no monetary loss. Plaintiff also failed to show a nexus between the security breach and the access to his account. The court dismissed both cases. 15
Recent Court Cases Ruiz v. Gap (N.D. Cal.): In this class action, a burglar broke into the offices of Gap's job application processing vendor and stole two laptops that contained unencrypted personal information about thousands of job applicants. The only alleged harm was an alleged “increased risk of identity theft." The court dismissed, holding that this is not a loss. Hendricks v. DSW Shoe Warehouse (D.Mich.): Damages were cost of credit monitoring service. But in this case, there was no Michigan authority that this is a recoverable damages and case was dismissed. Carbonite lawsuit: Sued two vendors alleging loss of data owned by up to 7,500 Carbonite customers (cloud storage) due to failed disk arrays and failure in back-up procedures. Vendors responded that only a de minimus number of customers were affected. Lawsuit appears settled. 16
Bios John C. Yates – Tele.: 404.504.5444 – E-mail: jyates@mmmlaw.com Partner-in-charge of the Technology Practice. Mr. Yates is one of the pioneers of the technology law field and has been practicing exclusively in this area for over 27 years. The firm’s technology practice has represented hundreds of technology companies and provided legal services in such areas as IPOs, mergers and acquisitions, patent prosecution, Internet law, biotech and medical devices, ecommerce/distribution, corporate finance and venture capital, international law and dispute resolution. Larry Kunin – Tele.: 404.504.7798 – E-mail: lkunin@mmmlaw.com Partner in the Litigation Practice with a concentration in technology and intellectual property litigation, including software performance, trade secret, trademark and copyright litigation, as well as general commercial and business tort litigation. Mr. Kunin is also serves as a special master or mediator in disputes involving technology or e-discovery. 17

Recommandé

Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksDavid Chase
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 
Navigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsNavigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsMMMTechLaw
 
Homework assignment torts
Homework assignment tortsHomework assignment torts
Homework assignment tortsDonna Kesot
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Winter 2014-2015
Winter 2014-2015Winter 2014-2015
Winter 2014-2015Jonathan Belek
 
Ready for Takeoff- Insurance 101 for Entrepreneurs
Ready for Takeoff- Insurance 101 for EntrepreneursReady for Takeoff- Insurance 101 for Entrepreneurs
Ready for Takeoff- Insurance 101 for EntrepreneursTheIdeaVillage
 

Recommandé

Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksDavid Chase
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyIFLP
 
Navigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsNavigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsMMMTechLaw
 
Homework assignment torts
Homework assignment tortsHomework assignment torts
Homework assignment tortsDonna Kesot
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Winter 2014-2015
Winter 2014-2015Winter 2014-2015
Winter 2014-2015Jonathan Belek
 
Ready for Takeoff- Insurance 101 for Entrepreneurs
Ready for Takeoff- Insurance 101 for EntrepreneursReady for Takeoff- Insurance 101 for Entrepreneurs
Ready for Takeoff- Insurance 101 for EntrepreneursTheIdeaVillage
 
Bad Faith & Coverage Newsletter
Bad Faith & Coverage NewsletterBad Faith & Coverage Newsletter
Bad Faith & Coverage NewsletterdmurrayTH
 
1588245852 epdf
1588245852 epdf1588245852 epdf
1588245852 epdfSaadiaMobeen1
 
0314067329 57037
0314067329 570370314067329 57037
0314067329 57037alaa rashed
 
Whistleblower law and retaliation claims
Whistleblower law and retaliation claimsWhistleblower law and retaliation claims
Whistleblower law and retaliation claimsZuckerman Law Whistleblower Protection Law Firm
 
CBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory DefinitionsCBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory DefinitionsJasonSchupp1
 
Software Contract and Liability
Software Contract and LiabilitySoftware Contract and Liability
Software Contract and LiabilityMohamad Sani
 
Technology: maintaining a cutting edge
Technology: maintaining a cutting edgeTechnology: maintaining a cutting edge
Technology: maintaining a cutting edgeLSG
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryDavid Sweigert
 
eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"J. David Morris
 
CBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency ActCBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency ActJasonSchupp1
 
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance CoverageUnintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverageamystewart
 
Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...Financial Poise
 
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...NationalUnderwriter
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 

Contenu connexe

Tendances

Bad Faith & Coverage Newsletter
Bad Faith & Coverage NewsletterBad Faith & Coverage Newsletter
Bad Faith & Coverage NewsletterdmurrayTH
 
0314067329 57037
0314067329 570370314067329 57037
0314067329 57037alaa rashed
 
CBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory DefinitionsCBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory DefinitionsJasonSchupp1
 
Software Contract and Liability
Software Contract and LiabilitySoftware Contract and Liability
Software Contract and LiabilityMohamad Sani
 
Technology: maintaining a cutting edge
Technology: maintaining a cutting edgeTechnology: maintaining a cutting edge
Technology: maintaining a cutting edgeLSG
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryDavid Sweigert
 
eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"J. David Morris
 
CBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency ActCBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency ActJasonSchupp1
 
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance CoverageUnintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverageamystewart
 
Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...Financial Poise
 
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...NationalUnderwriter
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 

Tendances (14)

Bad Faith & Coverage Newsletter
Bad Faith & Coverage NewsletterBad Faith & Coverage Newsletter
Bad Faith & Coverage Newsletter
 
1588245852 epdf
1588245852 epdf1588245852 epdf
1588245852 epdf
 
0314067329 57037
0314067329 570370314067329 57037
0314067329 57037
 
Whistleblower law and retaliation claims
Whistleblower law and retaliation claimsWhistleblower law and retaliation claims
Whistleblower law and retaliation claims
 
CBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory DefinitionsCBI Comments on Proposed TRIA Regulatory Definitions
CBI Comments on Proposed TRIA Regulatory Definitions
 
Software Contract and Liability
Software Contract and LiabilitySoftware Contract and Liability
Software Contract and Liability
 
Technology: maintaining a cutting edge
Technology: maintaining a cutting edgeTechnology: maintaining a cutting edge
Technology: maintaining a cutting edge
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card Industry
 
eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"eDiscovery for Dummies "The Book"
eDiscovery for Dummies "The Book"
 
CBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency ActCBI Comments on FATF Implementation of Corporate Transparency Act
CBI Comments on FATF Implementation of Corporate Transparency Act
 
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance CoverageUnintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
Unintended Consequences, Impact Of The Financial Crisis On Insurance Coverage
 
Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...Understanding Risk Management Basics for Business Owners (Series: Insurance f...
Understanding Risk Management Basics for Business Owners (Series: Insurance f...
 
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
Under the Right Circumstances, an Insured Entitled to "Independent Counsel" i...
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security Regulations
 

Similaire à Legal Issues Impacting Data Center Owners, Operators and Users

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Anticipating an Attack: A Pre-Breach Checklist
Anticipating an Attack: A Pre-Breach ChecklistAnticipating an Attack: A Pre-Breach Checklist
Anticipating an Attack: A Pre-Breach ChecklistMorrison & Foerster
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 

Similaire à Legal Issues Impacting Data Center Owners, Operators and Users (20)

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Anticipating an Attack: A Pre-Breach Checklist
Anticipating an Attack: A Pre-Breach ChecklistAnticipating an Attack: A Pre-Breach Checklist
Anticipating an Attack: A Pre-Breach Checklist
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 

Plus de MMMTechLaw

Invest georgia
Invest georgiaInvest georgia
Invest georgiaMMMTechLaw
 
2012 M&A Deal Terms Study
2012 M&A Deal Terms Study2012 M&A Deal Terms Study
2012 M&A Deal Terms StudyMMMTechLaw
 
Cloud Insights 2012
Cloud Insights 2012Cloud Insights 2012
Cloud Insights 2012MMMTechLaw
 
Hyde Park Capital Technology Report
Hyde Park Capital Technology ReportHyde Park Capital Technology Report
Hyde Park Capital Technology ReportMMMTechLaw
 
Financial Technology July Market Analysis
Financial Technology July Market AnalysisFinancial Technology July Market Analysis
Financial Technology July Market AnalysisMMMTechLaw
 
Six Healthcare Trends
Six Healthcare TrendsSix Healthcare Trends
Six Healthcare TrendsMMMTechLaw
 
Risk Factor Report
Risk Factor ReportRisk Factor Report
Risk Factor ReportMMMTechLaw
 
2012 MSEC Legal Update
2012 MSEC Legal Update2012 MSEC Legal Update
2012 MSEC Legal UpdateMMMTechLaw
 
BDO Private Equity Study 2012
BDO Private Equity Study 2012BDO Private Equity Study 2012
BDO Private Equity Study 2012MMMTechLaw
 
Infrastructure software 2011 2012
Infrastructure software 2011 2012Infrastructure software 2011 2012
Infrastructure software 2011 2012MMMTechLaw
 
Open Mobile Survey 2012
Open Mobile Survey 2012Open Mobile Survey 2012
Open Mobile Survey 2012MMMTechLaw
 
M&A education report
M&A education reportM&A education report
M&A education reportMMMTechLaw
 
Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012MMMTechLaw
 
Industrials M&A Report
Industrials M&A ReportIndustrials M&A Report
Industrials M&A ReportMMMTechLaw
 
Grant Thornton/Pitchbook PE Exits Report
Grant Thornton/Pitchbook PE Exits ReportGrant Thornton/Pitchbook PE Exits Report
Grant Thornton/Pitchbook PE Exits ReportMMMTechLaw
 
Technology m&a report
Technology m&a reportTechnology m&a report
Technology m&a reportMMMTechLaw
 
Q11 Healthcare Report
Q11 Healthcare ReportQ11 Healthcare Report
Q11 Healthcare ReportMMMTechLaw
 
What Every Tech Company Needs to Know
What Every Tech Company Needs to KnowWhat Every Tech Company Needs to Know
What Every Tech Company Needs to KnowMMMTechLaw
 
Msec conference save the date
Msec conference save the dateMsec conference save the date
Msec conference save the dateMMMTechLaw
 

Plus de MMMTechLaw (20)

Invest georgia
Invest georgiaInvest georgia
Invest georgia
 
2012 M&A Deal Terms Study
2012 M&A Deal Terms Study2012 M&A Deal Terms Study
2012 M&A Deal Terms Study
 
Cloud Insights 2012
Cloud Insights 2012Cloud Insights 2012
Cloud Insights 2012
 
Hyde Park Capital Technology Report
Hyde Park Capital Technology ReportHyde Park Capital Technology Report
Hyde Park Capital Technology Report
 
Financial Technology July Market Analysis
Financial Technology July Market AnalysisFinancial Technology July Market Analysis
Financial Technology July Market Analysis
 
Six Healthcare Trends
Six Healthcare TrendsSix Healthcare Trends
Six Healthcare Trends
 
Risk Factor Report
Risk Factor ReportRisk Factor Report
Risk Factor Report
 
2012 MSEC Legal Update
2012 MSEC Legal Update2012 MSEC Legal Update
2012 MSEC Legal Update
 
BDO Private Equity Study 2012
BDO Private Equity Study 2012BDO Private Equity Study 2012
BDO Private Equity Study 2012
 
Infrastructure software 2011 2012
Infrastructure software 2011 2012Infrastructure software 2011 2012
Infrastructure software 2011 2012
 
Open Mobile Survey 2012
Open Mobile Survey 2012Open Mobile Survey 2012
Open Mobile Survey 2012
 
M&A education report
M&A education reportM&A education report
M&A education report
 
Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012
 
Industrials M&A Report
Industrials M&A ReportIndustrials M&A Report
Industrials M&A Report
 
Grant Thornton/Pitchbook PE Exits Report
Grant Thornton/Pitchbook PE Exits ReportGrant Thornton/Pitchbook PE Exits Report
Grant Thornton/Pitchbook PE Exits Report
 
Technology m&a report
Technology m&a reportTechnology m&a report
Technology m&a report
 
Q11 Healthcare Report
Q11 Healthcare ReportQ11 Healthcare Report
Q11 Healthcare Report
 
What Every Tech Company Needs to Know
What Every Tech Company Needs to KnowWhat Every Tech Company Needs to Know
What Every Tech Company Needs to Know
 
Wma bab 2012
Wma bab 2012Wma bab 2012
Wma bab 2012
 
Msec conference save the date
Msec conference save the dateMsec conference save the date
Msec conference save the date
 

Legal Issues Impacting Data Center Owners, Operators and Users

  • 1. Legal Issues Impacting Data Center Owners, Operators and Users by John Yates & Larry Kunin December 9, 2010
  • 2. Presenters Larry Kunin Partner, Litigation Practice Telephone: 404.504.7798 E-mail: lkunin@mmmlaw.com John Yates Partner, Corporate Technology Practice Telephone: 404.504.5444 E-mail: jyates@mmmlaw.com 2
  • 3. Goals MMM’s goal is to work with data center owners, operators and users to identify key legal issues and their related claims, and to provide ways to minimize liability. 3
  • 4. Key Legal Areas of Concern 1. Contracts 2. Tort/Fraud 3. Products Liability 4. Regulatory Compliance 5. Privacy/Security 6. Safe Harbors 7. Post-Hacking/Security Breach Issues 4
  • 5. Key Questions What are the key concerns of the data center owner, user, operator? 1. Is there adequate security to avoid security and privacy breaches? 2. How are external forces such as power outage, natural disaster, and terrorism controlled? What if contractor/subcontractors don’t perform adequately? 3. What if there are hardware/software failures resulting in down time? 4. How can a user be compensated for non-performance by the data center owner or operator? 5. What steps need to be taken if there is a security breach? 6. Are there safe harbors? 5
  • 6. Power Outages 1. What are the terms of your agreement with the power company? 2. Do you have a claim against the power company in case of an outage? 3. Do you have an adequate back-up system? 4. How do you determine the adequacy of a back-up system - - what is reasonable under the circumstance? 5. What is your liability? 6. Power outage – liability i. Have you taken steps that are reasonable under the circumstances to provide for the contingencies of a power outage? ii. Do you have a contractual arrangement with the power company to provide certain levels of performance? iii. Do you have a contractual arrangement with a back-up power source? Does it include liquidated damages? iv. Do your customers’ contracts provide for uptime warranties? v. Do they include representations and warranties regarding uptime? vi. Do they include liquidated damage clause? 6
  • 7. What is a Liquidated Damage Clause? 1. The elements of a liquidated damage clause: - The parties desire to avoid the cost of proving damages in the event of future breach. - Damages will be incapable or very difficult to accurately estimate at the time the contract was made. - Liquidated damages are a reasonable forecast of what damages might be in the event of breach. 2. Liquidated damages are not penalties: A liquidated damage clause that is found to punish rather than provide reasonable compensation will be declared an invalid penalty and will be stricken. 3. Note, however, that the inability of individuals to prove actual damages has been a block to sustaining a lawsuit. 7
  • 8. Sample Liquidated Damage Clause The parties agree that in the event of data loss [or security breach], damages will be difficult to calculate. To avoid the cost and effort to attempt to calculate such damages, the parties agree that in the event of a proven data loss [or such breach] a reasonable forecast of resulting damage is $_________, which COMPANY shall pay to CUSTOMER within 20 days of confirmation of such breach. Such payment shall be the exclusive remedy and shall satisfy all liability for such data loss [or security breach]. 8
  • 9. Force Majeure Clauses A force majeure clause prevents liability for harm caused by issues beyond a party’s reasonable control, such as an act of God (hurricanes, fire, etc.) - Might not protect against failure to back-up data. It is unlikely that a force majeure clause will protect against third party illegal hacking if there is evidence that the hacking could have or should have been prevented through better security measures (i.e., the act was preventable). 9
  • 10. Sample Force Majeure Clause A party will not be liable to the other party for any failure, delay, or disruption of telecommunications services, caused by a Force Majeure Event, whether or not such matters were foreseeable, and such failure or delay will not constitute a material breach of this Agreement. “Force Majeure Event” means any cause beyond the reasonable control of a party that could not, by reasonable diligence, be avoided, including acts of God, acts of war, terrorism, riots, embargoes, acts of civil or military authorities, denial of or delays in processing of export license applications, fire, floods, earthquakes, accidents, or strikes. 10
  • 11. Hardware/Software Failures 1. Do you have a contract with your software/hardware vendors? 2. Does it include warranties and representations? 3. Does it include indemnification to protect you in case you get sued by third parties (for example, users of your system)? 4. Do you have insurance to cover the liability? Have you reviewed the policy to determine the scope of coverage? 11
  • 12. Privacy/Security 1. Do you store personally identifiable information? 2. Are you aware of the security breach notification statutes on the State level? Do you have policies in place to comply with them? 3. What damages could you incur by a security breach that results in disclosure of personally identifiable information? - Safe Harbor under State breach laws? 4. What other liability could be incurred as a result of a security or privacy breach? 5. Is data encrypted? 12
  • 13. Sample Security Notification Breach Law California Security Breach Information Act, SB 1386: Companies that possess or store personal information (SSN, Drivers license, account number, etc.) must provide notice to each person in their database upon discovery of a security breach involving such personal information. Applies to government agencies, companies, and nonprofit organizations regardless of geographic location. 13
  • 14. Practical Pointers 1. Review existing contracts and license agreements with hardware and software vendors, especially with regard to representations and warranties, indemnification provisions, liquidated damage provisions, performance criteria, etc. 2. Review your existing user agreements with regard to limitations of liability, representations and warranties, performance criteria, etc. 3. Review existing insurance policies, especially exceptions. 4. Review existing policies and procedures in case of security or privacy breaches, especially with regard to restate breach notification laws. 5. Review existing case law on an ongoing basis to determine reasonable steps required of a data center owner/operator and standards of care. 14
  • 15. Recent Court Cases In re TJX Companies Retail Sec. Breach Litigation (1st Cir.): Bank represented class in a claim for violation of Mass. unfair trade practices statute following security breach. Damages were amount of fraudulent charges resulting from the security breach. Settled for over $40 million. Krottner v. Starbucks and Lalli v. Starbucks (W.D. Wash.): Two class action lawsuits alleged that theft of laptops contained personal information of Starbucks employees. Starbuck gave notice to all employees. One plaintiff alleged that his bank account was opened, but the bank closed the account and there was no monetary loss. Plaintiff also failed to show a nexus between the security breach and the access to his account. The court dismissed both cases. 15
  • 16. Recent Court Cases Ruiz v. Gap (N.D. Cal.): In this class action, a burglar broke into the offices of Gap's job application processing vendor and stole two laptops that contained unencrypted personal information about thousands of job applicants. The only alleged harm was an alleged “increased risk of identity theft." The court dismissed, holding that this is not a loss. Hendricks v. DSW Shoe Warehouse (D.Mich.): Damages were cost of credit monitoring service. But in this case, there was no Michigan authority that this is a recoverable damages and case was dismissed. Carbonite lawsuit: Sued two vendors alleging loss of data owned by up to 7,500 Carbonite customers (cloud storage) due to failed disk arrays and failure in back-up procedures. Vendors responded that only a de minimus number of customers were affected. Lawsuit appears settled. 16
  • 17. Bios John C. Yates – Tele.: 404.504.5444 – E-mail: jyates@mmmlaw.com Partner-in-charge of the Technology Practice. Mr. Yates is one of the pioneers of the technology law field and has been practicing exclusively in this area for over 27 years. The firm’s technology practice has represented hundreds of technology companies and provided legal services in such areas as IPOs, mergers and acquisitions, patent prosecution, Internet law, biotech and medical devices, ecommerce/distribution, corporate finance and venture capital, international law and dispute resolution. Larry Kunin – Tele.: 404.504.7798 – E-mail: lkunin@mmmlaw.com Partner in the Litigation Practice with a concentration in technology and intellectual property litigation, including software performance, trade secret, trademark and copyright litigation, as well as general commercial and business tort litigation. Mr. Kunin is also serves as a special master or mediator in disputes involving technology or e-discovery. 17