Be careful what you’ve promised your customers … or what has been promised about data you buy! In today’s world, consumer data is a huge asset for companies across all industries, in particular those in technology-focused spaces like social media, apps, wearables, and retailers involved in e-commerce. The value of…
As more and more companies of all sizes ranging across a wide spectrum of industries have been exposed to network and data security breaches in recent years, the market for insurance products dedicated to cover cyber risks has grown just as fast. With policies sold under names like “cyberinsurance,” “privacy…
Part 2: How are Limits of Liability Evolving, with Respect to the Issue of Data Breaches? Ten years ago, most “buyers/customers” expected their suppliers to absorb unlimited contractual liability if the supplier was responsible for a breach affecting the customer’s data. Today, while customers may continue to insist upon such…
Part 1: Contractual Protections With Respect to Data Breaches Given the unrelenting, it seems, news reports of cyber attacks and data breaches affecting customer records and data, the issue of what are the appropriate contractual provisions that should govern data breaches in a contract between customers and suppliers remains timely,…
Any company that uses information technology is a potential target for data theft, advanced malware and other cyber threats. Cyber threats have emerged as a growing systemic risk particularly to the financial sector in which Financial Market Infrastructures (“FMIs”) are increasingly under attack from a wide range of players, at…
The security community has been abuzz this week with the US. District Court of New Jersey’s April 7 ruling in Federal Trade Commission v. Wyndham Worldwide Corporation, et al. (see http://www.adlawaccess.com/wp-content/uploads/sites/137/2014/04/Opinion.pdf). Wyndham had asserted in a motion to dismiss that the Federal Trade Commission (“FTC”) did not have the authority…
Much has been said about the EU “Cookie” laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011. Companies with European customers (including those in the US) have grappled with the law’s requirement to obtain informed consent from visitors to their websites before cookies can be…
This article was originally published on February 27, 2014 and is reprinted with permission from Corporate Compliance Insight. Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to wrestle with these…
On February 12, 2014, the National Institute of Standards and Technology (“NIST“) released the final version of its Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework” or “Framework“) and the companion NIST Roadmap for Improving Critical Infrastructure Cybersecurity (the “Roadmap“). The final version is the result of a year-long…
Customers increasingly are taking advantage of Software as a Service (SAAS) and other cloud-based solutions available in the marketplace. There are of course many legal and commercial issues that customers should consider when evaluating contracts provided by suppliers of these solutions. This post focuses specifically on issues arising when SAAS…