SlideShare a Scribd company logo

Keeping Information Safe: Privacy and Security Issues

I
ipspat

By Francois Gilbert

TechnologyNews & Politics
1 of 15
Download to read offline
Intellectual Property Society Managing Intellectual Property Rights And Privacy Issues In Outsourcing Mountain View , CA - January 20, 20004 Keeping Information Safe: Privacy and Security Issues Françoise Gilbert Palo Alto, CA (650) 804-1235 fgilbert@itlawgroup.com © 2004 IT Law Group www.itlawgroup.com 1
INFORMATION PRIVACY AND SECURITY IN 2004 • Increased consumers’ awareness – need to protect privacy – risks of theft identity – burden of spam • Increasing number of laws or regulations • Increased government and private scrutiny – Government investigations (e.g. FTC, State agencies) – Private suits (individual or class action) – Actions by private organizations (e.g. TRUSTe) © 2004 IT Law Group www.itlawgroup.com 2
RISKS AND EXPOSURE • Public relations disasters • Damages and penalties • Payment of plaintiff's attorneys fee • Obligation to implement strict privacy, security procedures • Obligation to submit to audits and government scrutiny • Inability to pursue contemplated transaction © 2004 IT Law Group www.itlawgroup.com 3
TODAY’S PRESENTATION • Understand the restrictions and requirements before attempting BPO – Privacy and Security in the US • Selected US and State laws • Litigation – Global companies’ concerns • Understand the exposure in transferring data abroad – Data Protection outside of the US – Selected foreign laws • Tools and tips to reduce privacy and security risks in Outsourcing – Due diligence – Contract © 2004 IT Law Group www.itlawgroup.com 4
COMPLEX LEGAL FRAMEWORK • Sectoral approach; no legislation of general application • Some federal laws (e.g. financial information, health information, children on-line information) • Some state laws (e.g. California SB 1386) • Agency regulations (e.g. FTC, Office of Treasury) • Sect. 5 of FTC ACT and state “mini FTC Acts”, which address unfair or deceptive practices © 2004 IT Law Group www.itlawgroup.com 5
HIPAA A Covered Entity • May use and disclose Protected Health Information only as permitted or required • May disclose PHI to Business Associates and may allow a Business Associate to create of receive PHI on its behalf only if it obtains “satisfactory assurance” (documented in written agreement) that the Business Associate will appropriately safeguard the information • Will not be in compliance if Business Associate agreement is not adequate, not in place or not enforced © 2004 IT Law Group www.itlawgroup.com 6
GRAMM-LEACH-BLILEY ACT • Creates an affirmative duty for Financial Institutions to – Respect the privacy of its customers – Protect the security and confidentiality of Non Public Information • FI must give the customer clear and conspicuous notice of the FI’s privacy practices • FI may not disclose an individual’s Non Public Information to non affiliated third parties unless the FI has provided the individual with: – Prior written notice of its intent to disclose; and – Right to opt-OUT (direct that the information not be disclosed) © 2004 IT Law Group www.itlawgroup.com 7
CALIFORNIA LAW SB 1386 If a breach of security occurs, the affected entities must:   • disclose any breach of security of the system • following discovery or notification of the breach of security • in the most expedient time possible and without unreasonable delay • in writing • to any resident of California • whose unencrypted personal information – was, or – is reasonably believed to have been acquired by an unauthorized person © 2004 IT Law Group www.itlawgroup.com 8
PRIVACY POLICIES AND TRANSFER OF DATABASES Toysmart.com • Privacy policy stated: "you can rest assured that your information will never be shared by a third party" • Attempted sale of database of customer information • FTC and 39 state AGs filed injunction to prevent sale • Ultimately, Disney, which had a controlling interest in Toysmart.com, purchased the list for $50,000 and destroyed it © 2004 IT Law Group www.itlawgroup.com 9
PRIVACY & SECURITY ABROAD EXAMPLES OF COUNTRIES WITH DATA PROTECTION LAWS • 15 EU Members • Hungary • Argentina • Iceland • Australia • Israel • Brazil • New Zealand • Bulgaria • Norway • Canada • Paraguay • Chile • Poland • Czech Republic • Russia • Estonia • Slovakia • Hong Kong • Switzerland © 2004 IT Law Group www.itlawgroup.com 10
EXAMPLES OF COUNTRIES WITH LIMITED OR NO DATA PROTECTION • Most of Asia except • Philippines Russia • Singapore • China • Central America • India (in progress) • Mexico • Japan (in progress) • Middle East except Israel • Malaysia • Africa © 2004 IT Law Group www.itlawgroup.com 11
TRANSBORDER DATA FLOW IN EU/EEA • The EU Data Protection Directive requires that the laws of the member countries preclude transmission of data outside the EEA if the data are undergoing processing, or are intended for processing after the transfer, unless the non EEA country ensures an "adequate" level of protection • Exception: – Unambiguous consent by the data subject (i.e. OPT-IN) – Transfer is necessary for performance of a contract, to protect vital interest of the data subject or public interest – Data controller enters into a contract with the third party that ensures the same level of protection as provided under the EU state law © 2004 IT Law Group www.itlawgroup.com 12
DUE DILIGENCE BEFORE OUTSOURCING • Are there restrictions to giving access to data to a third party? • Which privacy/security laws or regulations govern Company’s activities? • What are Company’s privacy and information security requirements or needs? • What additional cost will result from responding to these needs? • Are Company’s needs and restrictions compatible with Vendor's operations? • Does Vendor (and subcontractors) have adequate information security procedures to protect Company's databases? • What data protection laws are in place in Vendor’s country? © 2004 IT Law Group www.itlawgroup.com 13
OUTSOURCING CONTRACT • Establish privacy and security policies and guidelines • Define limitations on collection, use, transfer of PII • Require Vendor’s assistance in complying with Company's obligations to clients, employees or law enforcement authorities • Address ownership of PII collected during the relationship • Address Vendor’s ability to subcontract services to third parties • Provide for warranties, indemnification with respect to privacy and security • Consider compliance audits • Address changes required by new law and jurisprudence • Define actions upon termination of the outsourcing relationship © 2004 IT Law Group www.itlawgroup.com 14
QUESTIONS? Françoise Gilbert fgilbert@itlawgroup.com (650) 804-1235 www.itlawgroup.com  © 2004 IT Law Group www.itlawgroup.com 15

Recommended

Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsAdrian Dumitrescu
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 

Recommended

Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsAdrian Dumitrescu
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Cloud primer
Cloud primerCloud primer
Cloud primerZeno Idzerda
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
S719a
S719aS719a
S719aecommerce
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPRICCA (International Congress and Convention Association)
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_ProvidersJon-Michael C. Brook, CISSP
 
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz PatrickDigital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz PatrickTealium
 
AIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAlan Pelz-Sharpe
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Personal Data Protection Law
Personal Data Protection LawPersonal Data Protection Law
Personal Data Protection LawHatice Zümbül, LL.M.
 
Privacy 101
Privacy 101Privacy 101
Privacy 101Trish McGinity, CCSK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Raymond Cunningham
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 

More Related Content

What's hot

Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_ProvidersJon-Michael C. Brook, CISSP
 
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz PatrickDigital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz PatrickTealium
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 

What's hot (20)

Cloud primer
Cloud primerCloud primer
Cloud primer
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
S719a
S719aS719a
S719a
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing persons
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
 
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz PatrickDigital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
 
AIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAIIM 2015 - Data Privacy
AIIM 2015 - Data Privacy
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Personal Data Protection Law
Personal Data Protection LawPersonal Data Protection Law
Personal Data Protection Law
 
Privacy 101
Privacy 101Privacy 101
Privacy 101
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Legal update
Legal updateLegal update
Legal update
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
 

Similar to Keeping Information Safe: Privacy and Security Issues

Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Raymond Cunningham
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxJhaiJhai6
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 

Similar to Keeping Information Safe: Privacy and Security Issues (20)

Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 

More from ipspat

The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent ValuationThe Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuationipspat
 
Building Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the InternetBuilding Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the Internetipspat
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protectionsipspat
 
Outsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by AgilentOutsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by Agilentipspat
 
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent ValuationThe Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuationipspat
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Social Networking Software
Social Networking SoftwareSocial Networking Software
Social Networking Softwareipspat
 
Overview of Legal Structures for Outsourcing
Overview of Legal Structures for OutsourcingOverview of Legal Structures for Outsourcing
Overview of Legal Structures for Outsourcingipspat
 
Licensing & IP Valutation
Licensing & IP ValutationLicensing & IP Valutation
Licensing & IP Valutationipspat
 
Current Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. StrategiesCurrent Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. Strategiesipspat
 
Bridging the Gap: Securing IP
Bridging the Gap: Securing IPBridging the Gap: Securing IP
Bridging the Gap: Securing IPipspat
 
Intellectual Property Rights in Nanotechnology
Intellectual Property Rights in NanotechnologyIntellectual Property Rights in Nanotechnology
Intellectual Property Rights in Nanotechnologyipspat
 
Developing a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP ConsiderationsDeveloping a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP Considerationsipspat
 
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...ipspat
 

More from ipspat (14)

The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent ValuationThe Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
 
Building Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the InternetBuilding Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the Internet
 
California Privacy Law: Resources & Protections
California Privacy Law: Resources & ProtectionsCalifornia Privacy Law: Resources & Protections
California Privacy Law: Resources & Protections
 
Outsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by AgilentOutsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by Agilent
 
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent ValuationThe Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Social Networking Software
Social Networking SoftwareSocial Networking Software
Social Networking Software
 
Overview of Legal Structures for Outsourcing
Overview of Legal Structures for OutsourcingOverview of Legal Structures for Outsourcing
Overview of Legal Structures for Outsourcing
 
Licensing & IP Valutation
Licensing & IP ValutationLicensing & IP Valutation
Licensing & IP Valutation
 
Current Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. StrategiesCurrent Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. Strategies
 
Bridging the Gap: Securing IP
Bridging the Gap: Securing IPBridging the Gap: Securing IP
Bridging the Gap: Securing IP
 
Intellectual Property Rights in Nanotechnology
Intellectual Property Rights in NanotechnologyIntellectual Property Rights in Nanotechnology
Intellectual Property Rights in Nanotechnology
 
Developing a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP ConsiderationsDeveloping a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP Considerations
 
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
 

Recently uploaded

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Keeping Information Safe: Privacy and Security Issues

  • 1. Intellectual Property Society Managing Intellectual Property Rights And Privacy Issues In Outsourcing Mountain View , CA - January 20, 20004 Keeping Information Safe: Privacy and Security Issues Françoise Gilbert Palo Alto, CA (650) 804-1235 fgilbert@itlawgroup.com © 2004 IT Law Group www.itlawgroup.com 1
  • 2. INFORMATION PRIVACY AND SECURITY IN 2004 • Increased consumers’ awareness – need to protect privacy – risks of theft identity – burden of spam • Increasing number of laws or regulations • Increased government and private scrutiny – Government investigations (e.g. FTC, State agencies) – Private suits (individual or class action) – Actions by private organizations (e.g. TRUSTe) © 2004 IT Law Group www.itlawgroup.com 2
  • 3. RISKS AND EXPOSURE • Public relations disasters • Damages and penalties • Payment of plaintiff's attorneys fee • Obligation to implement strict privacy, security procedures • Obligation to submit to audits and government scrutiny • Inability to pursue contemplated transaction © 2004 IT Law Group www.itlawgroup.com 3
  • 4. TODAY’S PRESENTATION • Understand the restrictions and requirements before attempting BPO – Privacy and Security in the US • Selected US and State laws • Litigation – Global companies’ concerns • Understand the exposure in transferring data abroad – Data Protection outside of the US – Selected foreign laws • Tools and tips to reduce privacy and security risks in Outsourcing – Due diligence – Contract © 2004 IT Law Group www.itlawgroup.com 4
  • 5. COMPLEX LEGAL FRAMEWORK • Sectoral approach; no legislation of general application • Some federal laws (e.g. financial information, health information, children on-line information) • Some state laws (e.g. California SB 1386) • Agency regulations (e.g. FTC, Office of Treasury) • Sect. 5 of FTC ACT and state “mini FTC Acts”, which address unfair or deceptive practices © 2004 IT Law Group www.itlawgroup.com 5
  • 6. HIPAA A Covered Entity • May use and disclose Protected Health Information only as permitted or required • May disclose PHI to Business Associates and may allow a Business Associate to create of receive PHI on its behalf only if it obtains “satisfactory assurance” (documented in written agreement) that the Business Associate will appropriately safeguard the information • Will not be in compliance if Business Associate agreement is not adequate, not in place or not enforced © 2004 IT Law Group www.itlawgroup.com 6
  • 7. GRAMM-LEACH-BLILEY ACT • Creates an affirmative duty for Financial Institutions to – Respect the privacy of its customers – Protect the security and confidentiality of Non Public Information • FI must give the customer clear and conspicuous notice of the FI’s privacy practices • FI may not disclose an individual’s Non Public Information to non affiliated third parties unless the FI has provided the individual with: – Prior written notice of its intent to disclose; and – Right to opt-OUT (direct that the information not be disclosed) © 2004 IT Law Group www.itlawgroup.com 7
  • 8. CALIFORNIA LAW SB 1386 If a breach of security occurs, the affected entities must:   • disclose any breach of security of the system • following discovery or notification of the breach of security • in the most expedient time possible and without unreasonable delay • in writing • to any resident of California • whose unencrypted personal information – was, or – is reasonably believed to have been acquired by an unauthorized person © 2004 IT Law Group www.itlawgroup.com 8
  • 9. PRIVACY POLICIES AND TRANSFER OF DATABASES Toysmart.com • Privacy policy stated: "you can rest assured that your information will never be shared by a third party" • Attempted sale of database of customer information • FTC and 39 state AGs filed injunction to prevent sale • Ultimately, Disney, which had a controlling interest in Toysmart.com, purchased the list for $50,000 and destroyed it © 2004 IT Law Group www.itlawgroup.com 9
  • 10. PRIVACY & SECURITY ABROAD EXAMPLES OF COUNTRIES WITH DATA PROTECTION LAWS • 15 EU Members • Hungary • Argentina • Iceland • Australia • Israel • Brazil • New Zealand • Bulgaria • Norway • Canada • Paraguay • Chile • Poland • Czech Republic • Russia • Estonia • Slovakia • Hong Kong • Switzerland © 2004 IT Law Group www.itlawgroup.com 10
  • 11. EXAMPLES OF COUNTRIES WITH LIMITED OR NO DATA PROTECTION • Most of Asia except • Philippines Russia • Singapore • China • Central America • India (in progress) • Mexico • Japan (in progress) • Middle East except Israel • Malaysia • Africa © 2004 IT Law Group www.itlawgroup.com 11
  • 12. TRANSBORDER DATA FLOW IN EU/EEA • The EU Data Protection Directive requires that the laws of the member countries preclude transmission of data outside the EEA if the data are undergoing processing, or are intended for processing after the transfer, unless the non EEA country ensures an "adequate" level of protection • Exception: – Unambiguous consent by the data subject (i.e. OPT-IN) – Transfer is necessary for performance of a contract, to protect vital interest of the data subject or public interest – Data controller enters into a contract with the third party that ensures the same level of protection as provided under the EU state law © 2004 IT Law Group www.itlawgroup.com 12
  • 13. DUE DILIGENCE BEFORE OUTSOURCING • Are there restrictions to giving access to data to a third party? • Which privacy/security laws or regulations govern Company’s activities? • What are Company’s privacy and information security requirements or needs? • What additional cost will result from responding to these needs? • Are Company’s needs and restrictions compatible with Vendor's operations? • Does Vendor (and subcontractors) have adequate information security procedures to protect Company's databases? • What data protection laws are in place in Vendor’s country? © 2004 IT Law Group www.itlawgroup.com 13
  • 14. OUTSOURCING CONTRACT • Establish privacy and security policies and guidelines • Define limitations on collection, use, transfer of PII • Require Vendor’s assistance in complying with Company's obligations to clients, employees or law enforcement authorities • Address ownership of PII collected during the relationship • Address Vendor’s ability to subcontract services to third parties • Provide for warranties, indemnification with respect to privacy and security • Consider compliance audits • Address changes required by new law and jurisprudence • Define actions upon termination of the outsourcing relationship © 2004 IT Law Group www.itlawgroup.com 14
  • 15. QUESTIONS? Françoise Gilbert fgilbert@itlawgroup.com (650) 804-1235 www.itlawgroup.com  © 2004 IT Law Group www.itlawgroup.com 15