Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online.

Slides:



Advertisements
Similar presentations
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP What Is an Identity Trust.
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
Red Flags Rule & Municipal Utilities
BUSINESS LAW TERMS. LAW Rule of conduct enforced by controlling authority; provides order, stability, and justice.
Identification of Antitrust Issues Associated with Insurer Ratemaking and Rate-Related Issues Michael L. McCluggage (312)
NEGLIGENCE Law 12 – MUNDY Negligence  Tort law is based on mostly case precedents and certain provincial and federal legislation;  Hence, our.
Understanding Legal Liability to Avoid Legal Liability Nigel Trevethan Steven Abramson Mortgage Brokers Association of British Columbia Kelowna – October.
CHAPTER 7 TORTS DAVIDSON, KNOWLES & FORSYTHE Business Law: Cases and Principles in the Legal Environment (8 th Ed.)
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and.
Comprehensive Volume, 18 th Edition Chapter 7: The Legal Environment of International Trade.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Rome II Regulation Conflict rules for torts. Rome II Regulation The Regulation defines: the conflict-of-law rules applicable to non- contractual obligations.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
National Smartcard Project Work Package 8 – Security Issues Report.
© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP The Emerging Legal Framework for Identity and Access Management Thomas J. Smedinghoff.
Copyright © 2008 by Robert B. Carton Selected Business Law Topics.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Copyright © 2005 Pearson Education Canada Inc. Business Law in Canada, 7/e, Chapter 3 Business Law in Canada, 7/e Chapter 3 Government Regulation and the.
Classification of Laws
Chapter 4 Agency Law. Chapter Objectives After reading this chapter, you will know the following: How agency relationship work and the authority that.
Marketing Ethics and Social Responsibility
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
Identity Ecosystem Framework and Charter Gap Analysis.
Public law governs:  relationships between individuals and the state/government; and  the structure, administration and operation of the state/government.
Part 2 – The Law of Torts Chapter 6 – Special Tort Liabilities of Business Professionals Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson.
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
Prepared by Douglas Peterson, University of Alberta 6-1 Part 2 – The Law of Torts Chapter 6 Special Tort Liabilities of Business Professionals.
Copyright © 2008 Pearson Education Canada4-1 Chapter 4: Intentional Torts.
McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Torts and Product Liability.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
1 Some Risks Associated With Research and Development Under Federal Government Contracts Charles R. “Rod” Marvin, Jr., Esq. Venable, LLP Washington, DC.
Unfair Trade Practices: Conceptualisation, Significance and Regional Perspectives March 11, 2011.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)
Chapter 4: Laws, Regulations, and Compliance
Published by Flat World Knowledge, Inc. © 2014 by Flat World Knowledge, Inc. All rights reserved. Your use of this work is subject to the License Agreement.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Copyright © 2017 Pearson Education, Inc. All rights reserved. Chapter 9 Fundamental Legal Principles.
Chapter 7 The Legal Environment of International Trade Twomey, Business Law and the Regulatory Environment (14th Ed.)
Legal Aspects of Nursing
Contracts – the small print
Medical Records and Managed Care
Legal and Ethical Dimensions of Sport Public Relations
European Union Law Week 10.
Jamie McPherson Partner – MVM Legal
CHAPTER 22 Warranties and Product Liability.
6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.
Health Policy: The Role of the Courts
HOGAN & HARTSON, L.L.P. “Publications” “Health”
E&O Risk Management: Meeting the Challenge of Change
Privacy and Security in the Employment Relationship
Bob Siegel President Privacy Ref, Inc.
GENERAL DATA PROTECTION REGULATION (GDPR)
Legal and Regulatory Risk
G.D.P.R General Data Protection Regulations
Presentation transcript:

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online Identity Legal Framework American Bar Association Federated Identity Management Legal Task Force Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon, LLP Chicago Co-Chair, ABA Federated Identity Management Legal Task Force

© 2010 Wildman, Harrold, Allen & Dixon LLP. 2 Background ABA Task Force established January 2009 Co-Chairs Thomas J. Smedinghoff, Wildman, Harrold, Allen & Dixon LLP Jane K. Winn, University of Washington School of Law It’s an open project. Participants include: Lawyers, non-lawyers, IdM technology experts, businesspersons, and other interested persons From businesses, associations, and government agencies From U.S., Canada, EU, and Australia so far Website (and sign up for listserv) at – Alt. URL:

© 2010 Wildman, Harrold, Allen & Dixon LLP. 3 Goals Identify and analyze the legal issues that arise in connection with the development, implementation and use of federated identity management systems; Identify and evaluate appropriate legal models to address issues; Develop model terms and contracts that can be used by parties

© 2010 Wildman, Harrold, Allen & Dixon LLP. 4 Work Groups Definitions Legal issues Privacy ID Proofing / Notaries Legal structures Model Contracts

© 2010 Wildman, Harrold, Allen & Dixon LLP. 5 Interim Projects Include... Liability for what? – Identify what could go wrong Identify existing laws related to identity management Identify potential liability models ID Proofing – Impact on legal issues Notaries as ID proofers Common definitions Levels of Assurance – Impact on legal issues Collecting sample contracts

© 2010 Wildman, Harrold, Allen & Dixon LLP. 6 Legal Landscape – The Rules Private rules created by or for the participants – e.g., performance obligations of the participants Preexisting statutory/regulatory rules that impact performance of participants in the IdM system E.g., privacy laws, security laws, FFIEC, etc Preexisting legal rules (statutes, regulations, common law) that impact liability of participants in the IdM system E.g., warranty law, negligence law, etc. Sometimes private rules and existing laws clash

© 2010 Wildman, Harrold, Allen & Dixon LLP. 7 Why Do We Care About Legal Issues? We need to create a legal framework to make it work Need rules to ensure participant performance of obligations necessary to make it work Need ability to enforce those rules We need to understand impact of existing laws We need to understand how existing law will determine liability when losses occur What laws we can change by contract (and how) What laws we can’t change, and must comply with Need to understand how to legally mitigate risks and allocate liability Need enforcement mechanism

© 2010 Wildman, Harrold, Allen & Dixon LLP. 8 Consider the Sources of the Legal Issues Statutes and regulations (in all relevant jurisdictions) Common law / judicial decisions Standards Industry associations (e.g., PCI DSS) System rules – e.g., Visa rules, ATM system rules Self-imposed requirements Unilateral undertakings, such as privacy policy or CPS Contracts among the parties Trust frameworks Bilateral agreements

© 2010 Wildman, Harrold, Allen & Dixon LLP. 9 Consider Categories of Law Contract law Warranty law Tort law Negligent performance Negligent misrepresentation Fraudulent misrepresentation Defamation Third party beneficiary law E-transactions law Consumer protection law Security law Privacy / data protection law Identity theft law Antitrust law Unfair competition law False endorsement False advertising IP law Copyright law Trade secrets law Trademark law Patent law Statutory/regulatory law Governing the IdM process Imposing IdM compliance obligations Liability for the conduct of others Governmental immunity law Other

© 2010 Wildman, Harrold, Allen & Dixon LLP. 10 Consider Factors that Affect Application of the Law Nature of the person involved e.g., Individual, consumer, business, corporate entity, government entity Expertise of the person involved e.g., unsophisticated vs. professional / in the business, etc. Nature of the information involved e.g., sensitivity of personal information (e.g., name vs. SSN) Nature of the use involved e.g., login to garden club website vs. launch nuclear missiles Nature of any resulting harm e.g., embarrassment, economic loses, property damage, personal injury Level of assurance involved

© 2010 Wildman, Harrold, Allen & Dixon LLP. 11 Other Factors Who created the legal rule? The participants – e.g., contracts? Government statutes or regulation? Court decision – common law? Where does the legal rule apply? What jurisdiction’s law controls transaction? How to handle cross jurisdiction transactions? How can we change the legal rule? Can statutes, regulation, or common law be varied by contract? What happens when laws conflict between jurisdictions?

© 2010 Wildman, Harrold, Allen & Dixon LLP. 12 Some Possible Approaches to the Legal Analysis Focus on obligations and concerns of each role E.g., what is the IdP obligated to do to make it work? E.g., what is the IdP concerned about re performance by others? Focus on actions that occur at each point in the IdM process E.g., for issuance of credential... What could go wrong and give rise to liability? What are potential liabilities of each participant (IdP, Subject, Relying Party, etc.) that could flow from such an action? Focus on categories of legal risk E.g., performance risk, privacy risk, security risk, identification risk, technology risk, authentication risk, etc.

© 2010 Wildman, Harrold, Allen & Dixon LLP. 13 Recognize That “Liability” Per Se Is Not the Issue “Liability” is just the penalty when you, or someone else, does something wrong We need to define when something is wrong What are you required to do? What are you prohibited from doing? What are you committing to (e.g., representations)? What standard is applied to your conduct? We need to identify the legal issues of concern We can’t address the issue unless we know the potential source of the liability – e.g., warranty, antitrust, tort, contract, duty to authenticate, etc. We need to consider mitigation strategies

© 2010 Wildman, Harrold, Allen & Dixon LLP. 14 Some Liability Models DMV model – no IdP liability; other roles bear risk Credit card model – no Subject liability; other roles bear risk Contractual model – negotiated risk allocation Strict liability – regardless of fault Liability caps model EV SSL model – restrictions on ability of IdP to limit liability Warranty model – focus on guarantees Tort model – focus on standards of conduct; negligence

© 2010 Wildman, Harrold, Allen & Dixon LLP. 15 Common Problems to Consider The non-waivable statute problem Some laws impact IdM systems Can’t be changed by contract The cross-border problem Addressing the problem of differing legal regimes Requirements in one jurisdiction may not exist in another Requirements in one jurisdiction may conflict with requirements in another

© 2010 Wildman, Harrold, Allen & Dixon LLP. 16 Addressing/Controlling Legal Issues Some legal issues cannot be controlled Law governs – cannot be altered; must comply So must understand impact Some legal issues can be controlled by contract Law governs, but can be altered by contract, or No law, so parties can determine by contract or other method For some legal issues its unclear whether the issue can be controlled Governing law cannot be altered in some jurisdictions, but can be altered (or doesn’t exist) in others E.g., SSN transfer must be encrypted in some jurisdictions, but not regulated in others E.G., Consent to transfer of personal data valid in some jurisdictions, not valid in others

© 2010 Wildman, Harrold, Allen & Dixon LLP. 17 The Goal Developing an acceptable legal framework that – Provides rules for a workable ecosystem Fairly allocate risk and responsibilities among the parties Works in conjunction with existing law Works cross-border

© 2010 Wildman, Harrold, Allen & Dixon LLP. 18 Further Information Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon LLP 225 West Wacker Drive Chicago, Illinois

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.