1 / 31

Yes. You’re in the right room.

Yes. You’re in the right room. Hi!. I’m David (Hi David!). I’m a lawyer. I’m a lawyer. Today we’re going to talk about:. Roadmap. Major laws Legal guide Contract issues Toolkit. Major laws. Computer Fraud and Abuse Act - 18 USC 1030 Wiretapping – 18 USC 2511

caraf
Download Presentation

Yes. You’re in the right room.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Yes. You’re in the right room.

  2. Hi!

  3. I’m David (Hi David!)

  4. I’m a lawyer.

  5. I’m a lawyer.

  6. Today we’re going to talk about:

  7. Roadmap • Major laws • Legal guide • Contract issues • Toolkit

  8. Major laws • Computer Fraud and Abuse Act - 18 USC 1030 • Wiretapping – 18 USC 2511 • Stored Communications Act (email) – 18 USC 2701 • Destruction of communication devices – 18 USC 1362 • Patriot Act – amends many laws • RICO • Foreign Intelligence Surveillance Act (FISA) • Medical Computer Crime Act • State laws

  9. Major laws Knowledge Exceeding authority Infrastructure that is not public / open Disclosure / retention of data

  10. Major laws CFAA – up to 20 years SCA – 5 years in the absence of malice Wiretapping – 5 years

  11. Major laws Penalty considerations • Potential and actual loss • Sophistication and planning involved • Purpose of offense • Intent • Impact on privacy rights • National security • Interference with critical infrastructure • Threat to public health

  12. Legal guide Scope Permission Third parties Access

  13. Legal guide Scope • What is the customer trying to protect? • Systems to be protected • Limitations on testing • Types of information processed

  14. Legal guide Permission • Methods to be used • Types of customers serviced • Categories of information held • Data to be retained • Data to be purged

  15. Legal guide Third parties • Who are customer’s third party vendors? • Does customer contract allow testing? • Will you use third parties? • Consider law enforcement and prosecutorial priories

  16. Legal issues Access • Document data to which you have access • Limit the number of employees who have access to data • Create and implement access policies • Require written notice

  17. Contract Permission Scope of access Indemnification Termination issues

  18. Contract Permission and Scope of Access Customer grants Company full and unlimited access to the information and systems set out on the Statement of Work (Access). Access is only limited by the express statements set out in the Statement of Work. Company agrees to keep complete and accurate records of its activities related to Access. Company shall be entitled to produce these records should it be alleged that Company has exceeded the Access authorized by Customer. You must have express permission

  19. Contract Indemnification Customer hereby releases and agrees to indemnify and defend Company, and any and all directors, officers, employees, contractors and agents of Indemnitee (collectively, the “Indemnitees”) from and against any and all liabilities, claims, losses, damages, costs, and expenses, including reasonable attorneys’ fees arising out of or in any way relating to the activities set out on the Statement of Work. This indemnification obligation shall extend to claims brought by customers of Customer and any third party claiming injury of any sort from the activities set out in the Statement of Work. In addition, the indemnification obligation shall extent to any charges brought against Company by a law enforcement or regulatory entity of any type based on the activities contemplated in this Agreement. Indemnification must be broad and extend to end users / law enforcement

  20. When agreement terminates, your rights terminate. Contract Termination Upon termination or expiration of this Agreement, Company shall delete all data and provide Customer with written confirmation of this deletion. Company shall also instruct any entities who have had access to the data to also delete it and provide Customer with written certification of this deletion. The security obligations set out in this Agreement relating to the data shall survive termination or expiration of this Agreement until such time as the data is completely deleted by Company. Company shall require this provision, or one similarly protective of Customer’s rights in all its contracts with suppliers or other vendors who provide aspects of the Services. Company may keep copies of data created pursuant to this Agreement, subject to this paragraph

  21. Toolkit Determine how services will be used Evaluate customer’s data structure Understand end user’s data Determine the type of data you may retain High risk regulatory areas Disposition of data on termination

  22. surveymonkey/source12

  23. Thanks for coming! W: dsnead.com T: @wdsneadpc

More Related