©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Slides:

Advertisements

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

Advertisements

© 2012 McNees Wallace & Nurick LLC CONTRACT ESSENTIALS Diane M. Tokarsky Chair, Construction Law 100 Pine Street, PO Box 1166 Harrisburg, PA

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

NEGOTIATING INFORMATION TECHNOLOGY SERVICE AGREEMENTS TOP TIPS TO CONSIDER © 2013, WILSON VUKELICH LLP. ALL RIGHTS RESERVED. Diane L. Karnay September.

CARLIN LAW GROUP, APC (619) Know Your Indemnity Obligation Know Your Risk Know Your Insurance Company by KEVIN R. CARLIN, ESQ.

Condominium Liens For Aggressive & Essential Collection of Unit Owner Arrears Prepared by Michael Clifton, M.A., LL.B., ACCI (Law), partner, Clifton Kok.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA

Law 20 Conflicts of Interest. o Based on duties of o Loyalty o Confidentiality o Rules cover: o Concurrent representation of adverse clients o Representation.

Identity Theft & Data Security Concerns Are You Meeting Your Obligations to Protect Customer Information? Finance & Administration Roundtable February.

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

WORKING RELATIONSHIPS A short presentation to Swim Ontario September 2009.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Burnslev.com © 2013 Burns & Levinson LLP Allocating and Mitigating Contractual Risk ACC – NE Corporate Counsel Institute June 12, 2013 Alan M. Block, John.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

ICSA Professional Indemnity, Directors & Officers Insurance for Financial Institutions Magnus McGurk, Business Development Manager, SME Professional Lines.

GSBlaw.com DATA SECURITY: LEGAL LANDSCAPE AND BEST PRACTICES November 16, 2011 Scott G. Warner Garvey Schubert Barer Seattle, Portland,

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Middleware Promises Warranties that Don’t Indemnities that Won’t Stephen Rubin, Esquire

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

September - November 2011 Slide 1 tml МГИМО – СТРУКТУРА – МИУ – АНОНСЫ.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.

Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

Yes. You’re in the right room.. Hi! I’m David (Hi David!)

HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

The Law Offices of Sheila Deselich Cohen. Generally subject to the Employee Retirement Income Security Act of 1974 (“ERISA”). Two main types of plans:

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Retail & Service 1. 2 The Retail & Service industry encompasses a wide variety of businesses. This segment includes: Businesses engaged in selling goods.

INDEMNITY The University of Texas System Office of General Counsel Dana Hollingsworth, Attorney.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Insurance - Risk Exposures and Strategic Solutions

Nassau Association of School Technologists

Enforcement, Business Associates and Breach Notification. Oh my!

Obligations of Educational Agencies: Parents’ Bill of Rights

Cyber Risk Management Through Vendor Contracts

Cyber Insurance Overview

Chapter 3: IRS and FTC Data Security Rules

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

Current Privacy Issues That May Affect Your Credit Union

Find the Problems with the Provisions May 11, 2016 Presented By:

Business Associate Contracts: Time Is Running Out . . .

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Colorado “Protections For Consumer Data Privacy” Law

Presentation transcript:

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008

©2008 Perkins Coie LLP Since January 2005 over 218 million data records of U.S. residents have been exposed due to security breaches. Source: Privacy Rights Clearinghouse,

©2008 Perkins Coie LLP What are the Costs?  Ponemon Institute's 2007 Annual Study: U.S. Cost of a Data Breach  pgp.com/downloads/research_reports/index.html

©2008 Perkins Coie LLP What is the Legal Landscape?  Regulatory and payment rules (FTC, breach notice laws, ECPA, PCI, GLB, etc.)  Privacy policy  Privacy framework—what is happening in the organization?

©2008 Perkins Coie LLP Privacy Framework

©2008 Perkins Coie LLP Retail Cases: Some Lessons Learned  Protections are not just privacy policy based: BJs  Merchants and financial institutions are not on the same side: TJ Maxx

©2008 Perkins Coie LLP Preparation  Breach response plan  Contract strategies

©2008 Perkins Coie LLP Minimum Contract Strategies: For third party sources of risk: data hosts, processors, advertisers, marketing partners, storage companies, etc.  Define and deal with "personal information"  Due diligence  Past audits  Past breaches  Ongoing audits

©2008 Perkins Coie LLP Minimum Contract Strategies  Notice  Vendor shall immediately notify Retailer of any actual, probable or reasonably suspected breach of security of the Vendor Systems and of any other actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any Confidential Information of Retailer, including without limitation any Personal Information (each, a "Security Breach").

©2008 Perkins Coie LLP  Cooperation  In any notification to Retailer required under this Addendum, Vendor shall designate a single individual employed by Vendor who must be available to Retailer 24-hours per day, 7-days per week as a contact regarding Vendor's obligations under this Addendum. Vendor shall (a) assist Retailer in investigating, remedying and taking any other action Retailer deems necessary regarding any Security Breach and any dispute, inquiry or claim that concerns the Security Breach; and (b) shall provide Retailer with assurance satisfactory to Retailer that such Security Breach or potential Security Breach will not recur. Unless prohibited by an applicable statute or court order, Vendor shall also notify Retailer of any third- party legal process relating to any Security Breach, including, but not limited to, any legal process initiated by any governmental entity (foreign or domestic). Minimum Contract Strategies

©2008 Perkins Coie LLP  Standard of Care  Vendor is fully responsible for any authorized or unauthorized collection, storage, disclosure and use of, and access to, Personal Information.  Vendor shall implement and maintain administrative, physical and technical safeguards ("Safeguards") that prevent any collection, use or disclosure of, or access to, Personal Information that this Agreement does not expressly authorize, including, without limitation, an information security program that meets the highest standards of best industry practice to safeguard Personal Information. Minimum Contract Strategies

©2008 Perkins Coie LLP  Indemnity  Vendor will defend and indemnify Retailer, its parent, subsidiaries and affiliates, and each of their respective officers, shareholders, directors and employees from and against any third party claims, losses, liabilities and expenses (including, without limitation, reasonable attorneys' fees and expenses) that relate to any failure to comply with any obligation enumerated in this (1) Agreement relating to Personal Information, or (2) this Addendum.  Which costs are covered? Minimum Contract Strategies

©2008 Perkins Coie LLP  Limitation on Liability  Vendors typically seek to exclude indirect and consequential damages. These damages are, however, precisely the type of damages that Retailer might incur from the disclosure, theft or destruction of data.  Therefore, seek to carve out (i) all damages arising from breaches of this Addendum and (ii) all indemnification obligations (or, if absolutely cannot get (ii), all indemnification obligations arising out of breaches of confidentiality or security provisions--i.e., all breaches of this Addendum).  Similarly, carve out (i) all damages arising from breaches of this Addendum and (ii) all indemnification obligations (or, if absolutely cannot get (ii), all indemnification obligations arising out of breaches of confidentiality or security provisions—i.e., all breaches of this Addendum) from the overall cap on damages. Minimum Contract Strategies

©2008 Perkins Coie LLP New Developments  "Rebate" cards  Loyalty programs  eCommerce partners: Whose customer is it?

©2008 Perkins Coie LLP Questions?  Tom Bell  