Dino Tsibouris (614) 360-3133 Cloudy with a Chance of Lawyers: Legal issues in Cloud Computing Contracts.

Slides:



Advertisements
Similar presentations
A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
SERVICE LEVEL AGREEMENTS The Technical Contract Within the Master Agreement.
NEGOTIATING INFORMATION TECHNOLOGY SERVICE AGREEMENTS TOP TIPS TO CONSIDER © 2013, WILSON VUKELICH LLP. ALL RIGHTS RESERVED. Diane L. Karnay September.
Topics Changes Risk Assessments Cloud Data Security / Data Protection Licenses, Copies, Instances Limits of Liability and Indemnification Requests for.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Dino Tsibouris (614) Information Security – Changes in the Law, Cost, and Complexity of Responding to Breaches.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
Fosterswift.com PROTECTING AGAINST THE UNKNOWN : How to Successfully Review IT Contracts to Increase Your Rights and Avoid Potential Liability Samuel Frederick.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Chapter 18 Defective Products. What are Express and Implied Warranties? Warranty -A statement about the product’s qualities or performance that the seller.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Recent Trends and Insurance Considerations March 2015
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Dino Tsibouris (614) Information Security – What’s New In the Law?
Navigating and Negotiating Contracts Presented by Krista L. Newkirk, Associate General Counsel.
Dino Tsibouris (614) Technology Contracting 101 What to watch out for in your contracts.
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.
Legal Issues Recording Contracts Producer Contracts.
Mergers & Acquisitions For Managed Service Providers Robert J. Scott Scott & Scott, LLP
Legal Audits for E-Commerce Copyright (c) 2000 Montana Law Review Montana Law Review Winter, Mont. L. Rev. 77 by Richard C. Bulman, Jr., Esq. and.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
PRIVACY, SECURITY, ACCESS, AND OWNERSHIP: LEGAL ISSUES IN CLOUD COMPUTING SW/WC 2012 Technology Conference March 8-9, 2012.
Pre-Project Activities Text Chapters 5 and 6. Pre-Project Activities 1.Contract Review 2.Development Plan 3.Quality Plan.
Software License Agreement Negotiation 101 Ray Hsu, C.P.M. Assistant Director, Procurement Services University of Washington.
Middleware Promises Warranties that Don’t Indemnities that Won’t Stephen Rubin, Esquire
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
18 th Annual Canadian IT Law Association Conference Insider View from the EU Expert Group on Cloud Computing Dr Sam De Silva Partner, Head of IT & Outsourcing.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
Contracting and Negotiation DOQ-IT Education Session Contracting and Negotiations.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
Reasonable is in Eye of the Beholder Vendor, Customer, & Litigator Perspectives on Software License Provisions Aaron Brodsky Greg Leibold Peter Gergely.
Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011.
+ Web Site Contract Negotiations Gold Coast General Hospital and Acme Startup LLC.
Negotiating Software as a Service Contracts Guidance for Corporate and Technology Counsel for Structuring Effective SaaS Agreements Presented by Kristie.
Roundtable: Best Practice for Cloud Sourcing Daniel Shap, Managing Counsel CIBC Dr Sam De Silva, Partner, Penningtons Manches LLP.
Robert J. Scott. Agenda Licensing Models Perpetual vs. Subscription User vs. Device Agreement Types Microsoft Business and Services Agreement Online Subscription.
Yes. You’re in the right room.. Hi! I’m David (Hi David!)
Luke Montoya. Vendor Services Agreement Description and Structure Agreement for vendor to provide services (and often deliverables) (e.g., maintain website,
Privacy and Data Breach Issues Kirk Herath, VP, Chief Privacy Officer, Nationwide & Dino Tsibouris, Founding Principal, Tsibouris & Associates.
Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Securitization of Insurance Liabilities IP-34 CIA Annual Meeting Vancouver, June 29, 2007 Allan Brender.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
THE TOP TEN PITFALLS OF SOFTWARE CONTRACTING Texas K-12 CTO Council – Fall Meeting 2015 Lena Engel, Attorney.
Hot Topics in Technology Transactions Presented by: Robert J. Scott
Mark Kaufmann. Objectives Share and discuss common tips and traps and ways to address Identify strategies for various vendor “ploys” Reality Check Negotiations.
Four Ways Suppliers Limit Their Risk Contractually
2013 LBA Bank Counsel Conference
Contracting for the Cloud
Negotiations: Gotchas That Can Getcha
Vendor Statements of Work: Your Role as an IT Professional
Auditing Cloud Services
Current ‘Hot Topics’ in Information Security Governance Auditing
Service Organization Control (SOC)
CHAPTER 21 Warranties and Product Liability
Vendor Management & Business Value
Cyber Risk Management Through Vendor Contracts
Representations and Warranties Indemnification Liability Caps
Business Associate Contracts: Time Is Running Out . . .
Presentation transcript:

Dino Tsibouris (614) Cloudy with a Chance of Lawyers: Legal issues in Cloud Computing Contracts

Cloud Issues are Business Issues… Providing a service Owning the data Owning the IP Availability Refunds Moving somewhere else

Cloud Issues Include More Business Issues… Time of use Number of users Number of transactions Resources used Other criteria

…But Certain Laws Apply Banks, Credit Unions: FFIEC Information Technology Examination handbook /Outsourced Cloud Computing Statement 07/10/12 NIST Special Publication “Guidelines on Security and Privacy in Public Cloud Computing” HIPPA (sealed box/open box/conduit) FTC Section 5 (Data security standards) EU Data Protection Directive

Data Ownership and Privacy Make data confidential – especially personal data Define ownership of data – personal vs. non-personal State the provider does not own the data Limit data use only to perform services Geographical limits – Vancouver, BC

Data Security Reasonable security? Industry standard security? Equal to what they use? (or not) Select the standard (ISO, NIST, PCI-DSS, COBIT) Audits Notice of potential breach

Service Levels Guaranteed minimum uptime Escalation process for downtime Service credits Is free really free?

Disclaimer of Warranties Infringement of third-party IP rights? AS-IS? Will it conform to specifications? Service interruptions? Get warranties in detail

Indemnification by the Vendor Infringement claims by others Breach of confidentiality/data breach Physical injury Reckless/intentional conduct

Indemnification by the Customer End user use Regulatory noncompliance Recklessness/Willful misconduct

Audit Rights Scheduled annually Immediately upon certain events Facility audit IT audit Shared audits SSAE 16 and ISAE 3402 Books and records?

Weblinked Terms “Customer agrees to our Terms of Use and any amendments we make from time to time.”

Weblinked Terms How do you know when they change? What if the change removes key terms you rely on? Technical standards vs. contract changes Get notice of changes before implemented with a chance to terminate if not approved Risk of stale links

Limitation of Liability Direct damages only? Lost profits? Refund of prior ___ months of fees paid Increased caps for breach of confidentiality or IP infringement

Termination Immediate? Notice of breach and right to cure? Do protections survive?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.