Aggregated Data and the Threat of Re-Identification
April 18, 2012
I have written before about the risks of clauses in technology contracts giving the vendor broad and, usually, undefined rights in aggregated data of their customers. Specifically, I have talked about the need for specificity as to what constitutes “aggregation” (e.g., combination with other...
Offshoring in Cloud Engagements Presents New Risks
March 21, 2012
This week a note caution regarding an unusual trend in some cloud engagements. In several recent transactions, I have seen provisions that put the customer on notice that the provider has one or more offshore affiliates who may assist in performing the agreement. This, in and of itself, is not...
Beware Aggregated Data Clauses in Vendor Contracts
February 09, 2012
A growing number of cloud and other technology agreements include grants to the vendor of broad and generally undefined rights to take “aggregated data” derived from the engagement and use it for unspecified purposes. Businesses should be aware of these clauses and revise them to accomplish two...
Encryption Controversy Continues
January 25, 2012
As you may have heard, the controversy over whether a court can compel an individual to disclose the encryption key for an encrypted drive continues. In this latest chapter, a district court in Colorado ruled that the Fifth Amendment prohibition against self-incrimination does not preclude a court...
A New Year's Resolution
December 27, 2011
Happy holidays to everyone. As we end another year, I have thought about ways businesses can improve their vendor and supplier relationships – specifically, ensuring vendor performance conforms to the requirements of the relevant contract documents. It is in this area that many businesses have...
The Bring Your Own Device(BYOD) Craze Rages On
December 05, 2011
It's Monday, do you know where your data is? If you are one of the many companies testing the waters in the BYOD space, you likely may not. According to a Dell Kace Study, 87% of companies surveyed feel they are unable to effectively protect corporate data and intellectual property because of...
Mitigating Risk in Shrink-Wrap and Click-Wrap Agreements – Part III
November 11, 2011
A few weeks ago, I wrote about the various methods used by businesses in addressing shrink-wrap, Web-wrap, and click-wrap agreements. As discussed, there are essentially three methods of addressing the risk of shrink-wrap agreements: blind acceptance, knowing acceptance, and mitigation. In my last...
Beware "Phone Home" Functionality in Software
October 13, 2011
A growing number of software applications come complete with a means by which the software periodically transmits usage information to the licensor. The information may be nothing more than statistical information about the software, error codes, etc. However, it may also include information...
Patriot Act Hang-up In the Cloud
September 26, 2011
The Dutch and Canadian governments have something in common: they both don’t like the Patriot Act when it comes to cloud services. The Patriot Act permits, under various broad and somewhat undefined circumstances, the government to access the records and data of, among others, cloud service...
Previous Page
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
