Bring Your Own Device (BYOD) – Be Smart

At the dawn of portable electronic devices, they were primarily work-related productivity tools.  Often, employers would purchase (or lease) devices and distribute them to their need-to-have employee base.  It’s not so long ago that we can remember when the Blackberry transitioned from a business device to a consumer device.  Everybody wanted a Blackberry (weren’t those the days for RIM?) and free email providers like Yahoo and Gmail offered accessibility of their email content through the Blackberry.

Then, mobile devices got smart.  They became phones and productivity tools and the footprint shrunk from two devices to one.  One smart device that was both phone and email.  And, of course, all those cool new apps.


Encryption: Ensuring the Right to Privacy in the Information Age?

concept of computer securityOn December 2nd, 2015, a tragic mass shooting occurred in San Bernardino, California. The attack resulted in 14 deaths and severe injuries to 22 others. The attackers, a married couple, targeted the husband’s workplace – the Department of Public Health. After the shooting the couple fled the scene of the crime, but the police eventually caught up with them. The couple was subsequently killed in a shootout.

As part of the FBI investigation, an Apple iPhone became the center of a security showdown between the Silicon Valley giant and the federal government. The Apple iPhone 5C, a work-issued phone given to the male perpetrator—Syed Farook —was equipped with operating software that protected the data on the phone through the use of 256-bit AES encryption. Because the phone was secured with this encryption and locked with a passcode to which only Farook was privy, the FBI approached Apple to develop software to crack open the iPhone. Apple declined.


Cyber Insurance: Common Pitfalls of the Insured

Insurance Application Risk Management Safety ConceptAs we have noted in a number of recent posts, tech companies need cyber insurance. The risk of not having it is simply not worth it.  But cyber insurance policies can be confusing to understand because the policies vary depending on your type of business, business needs, and how your customers are serviced. Some companies might need a combination of cyber policies in order to have complete cyber insurance coverage. It is very important to do your due diligence, think critically about the cyber insurance needs of your company, and find a policy that covers all of your company’s cyber risk.

Companies must pay attention to the details of the cyber insurance policy and be both clear and accurate about the representations they are making in the application for coverage. The insurance industry makes money by collecting premiums and minimizing claims. This creates a natural tension between the policyholder and carrier.  When a company makes a claim, it would like to get the benefit of the bargain it made with the insurer. That benefit is for the insurer to pay for the claim. The insurer agrees to pay, as long as the claimant has met all of its obligations under the policy.


Outsourcing Lessons from an “Uber” Uber-Rider

UberIn July 2015, my 12-year-old SUV, with 220,000 miles, finally breathed its last breath.  It was time for me to buy a new car.  But, instead, I decided to try a little personal experiment with the “sharing economy.”  Based on a back-of-the-napkin calculation, I determined that it might actually be cheaper to completely outsource my driving to Uber (or its competitor, Lyft).  Using a source like, it’s easy to find out the “true cost of ownership” of any car you might have your eye on.  Looking at comparable replacement vehicles, my “true cost to own”– fees, fuel, insurance, maintenance and repairs – was around $4,000 annually, not even counting the actual cost of the car.  $4,000 is a lot of Uber rides!  I wondered: could I completely outsource my driving and come out ahead?  I decided to conduct an experiment for three months, chart it all out on a spreadsheet, and test my theory.

That was almost 14 months ago, and I can report that, as of today, I don’t own a car.  But recent stories about Uber’s $1.27 billion loss in the first half of 2016 caused me to wonder whether my outsourcing provider will be around for the long haul.  And that got me thinking about some of the other lessons I’ve learned about outsourcing, which may be helpful to pass along.


Revisiting Cyber Insurance: Are You Covered?

Online Security Technology background

Increasingly, companies are looking to insurance to help manage their cybersecurity risks and defray losses sustained from data breaches.  Losses can range from reputational damage, business interruption, and professional fees for computer forensic services and attorneys to handle regulatory inquiries or lawsuits.  In the event of a data breach or other cyber incident, recent rulings suggest that traditional insurance policies, like a company’s Commercial General Liability Policy (CGL), may provide coverage, or, at the very least, a defense to lawsuits spawned by cyber events.

How do you know if you are covered under traditional policies?  First, carefully review the language of traditional insurance policies, such as CGL policies, to see if a data breach or the release of personally identifiable information (PII) fits within the policy’s definition of a covered event.  Even if it looks like the language is broad enough to include data breaches or other errors that result in the release of PII, it still may not be enough.  Some courts have delved into the parties’ intent and declined to find coverage where the parties did not clearly intend to cover cyber incidents.  Other courts have strictly interpreted the language in the policy, finding coverage regardless of whether the parties anticipated cyber events at the time the policy was issued. 


Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

Lock and Key (Small)

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies suffering data breaches:

  1. Storing sensitive data in readable text;
  2. Any system that permits the use of easily-guessed passwords;
  3. Failure to use firewalls between internal systems, the corporate network and the Internet;
  4. Lack of adequate administrative security policies and procedures;
  5. Failure to adequately restrict third-party vendors from network and corporate servers;
  6. Failure to employ reasonable measures to detect and prevent unauthorized access; and,
  7. Failure to follow proper incident response procedures.


Private Bankrolling of Defamation and Privacy Suits

Peter Thiel v. Gawker MediaThe New York Times recently reported that famed Silicon Valley investor and PayPal co-founder Peter Thiel has been secretly bankrolling “Hulk Hogan’s” (real name Terry Bollea) invasion of privacy suit against Gawker Media. The lawsuit concerns the publication of a sex tape involving Mr. Bollea and the then-wife of one of his friends. Yuck. Double yuck that Gawker saw fit to publish the tape on its site.

The yuck factor and legal merits of the suit aside, Mr. Thiel’s involvement could be a game changer. For more than 50 years, American defamation law has been tilting decidedly in favor of media defendants and libel trials have correspondingly slowed to a trickle. There has, however, been an uptick in newsgathering torts asserted against media entities and such cases usually involve trespassing allegations, or unwarranted invasions of personal privacy. Mr. Bollea’s sex tape suit falls into that category.


Re-Thinking the “Standard” Arbitration Clause in Cloud Agreements (Part III): Taking Full Advantage of ADR in Cloud Agreements

Cloud Tech Alternative Dispute ResolutionPart I of this three-part article included some history about how it came to be so common that modern technology agreements – including “cloud agreements” – often include a “standard” arbitration clause. Part II asked and answered the question: Is arbitration “cheaper, faster and better” than a traditional lawsuit?

This final installment will focus on some of the clear disadvantages of arbitration and make some suggestions regarding how to better take advantage of the availability of ADR.

Sometimes, It’s Not How You Play the Game, It’s Whether You Win or Lose
The one aspect of arbitration that is perhaps most starkly different from a traditional lawsuit is that an arbitration award is, for all practical purposes, final. It is extremely difficult to overturn an arbitration award on appeal. Generally, an arbitration award will be overturned only if there is some evidence of corruption, fraud or other misconduct on the part of the arbitrator. Buttressing the legal principles upholding the finality of arbitration awards are two practical realities. First, arbitration proceedings are rarely transcribed (which can save substantial costs). Second, arbitrators do not always analyze the reasons for their decision in writing, making it difficult for any reviewing court to determine whether, in fact, the arbitrator made a mistake. If there is simply no record, it’s nearly impossible to convince a court to overturn an award in arbitration.


Rethinking the “Standard” Arbitration Clause in Cloud Agreements (Part II)

Cloud AgreementsPart I of this article included a little bit of history about how it came to be so common that modern technology agreements – including “cloud agreements” – often include a rather ubiquitous, sort of “standard” arbitration clause. The first article in this three-part series also put forth the question of whether some of the common assumptions about arbitration – namely, that arbitration is cheaper, faster and better than a traditional lawsuit – are true.

This middle article in the series aims to try to answer that question: Is arbitration truly “cheaper, faster or better?” A close examination of these common assumptions reveals that, while there are indeed some clear advantages to arbitration, some of the claimed advantages may be lost if parties simply agree to a “standard” arbitration clause, without giving the matter any considered thought on the front end of a transaction. This kind of inertia often leads to an arbitration proceeding that looks very much like a traditional lawsuit. The parties who agree to an arbitration provision without giving it any thought will find that arbitration is often just as expensive as a traditional lawsuit, that it may not be any faster, and that a “more rational result” does not necessarily work to every party’s advantage.


Rethinking the “Standard” Arbitration Clause in Cloud Agreements

Cloud TechnologyTwenty or so years ago, arbitration began to gain wide acceptance among lawyers as a viable alternative for the effective resolution of civil disputes.  Clients were beginning to view “alternative dispute resolution” (ADR) as the best hope for avoiding the expensive morass that litigation in court can sometimes be.  As a result, many trial lawyers began to jump on the bandwagon and tout their skills not only as trial lawyers, but also as experts in “all forms of dispute resolution.”  Certainly, very few lawyers ever attempted to talk their client out of inserting an arbitration clause into an agreement.  Indeed, many lawyers began to insert “standard” arbitration clauses into every agreement they drafted.  This is the first of a three-part article on why using a “standard” arbitration clause in all of your cloud agreements is not such a great idea.

Among many clients and lawyers, “ADR” – pretty soon after its advent – became almost synonymous with what is only one of its forms – arbitration.  Moreover, the “standard” arbitration clause has become more and more “plain vanilla” over the past twenty years.  As a result, ADR may have lost many of the attractive qualities that made it appear to so many two decades ago as a panacea.  The one advantage of ADR clauses in agreements is that they provide the opportunity for creativity and flexibility.  However, when drafting contracts these days, many lawyers and clients blindly insert into each new agreement the same arbitration clause they used in the last agreement.