Data Management & Contract Review

Important data issues arise in a variety of transactions, from general commercial contracts to mergers and acquisitions, and expose companies to substantial cybersecurity risks. Personal information and data are a strategic asset for companies and issues concerning the use, sharing or acquisition of data can have a long-term impact on a company’s business. For a company undergoing significant corporate change, assessing security risks is important to understand not only the information technology infrastructure and operational risks to the company, but also the security risks associated with breaches and data loss.

We counsel clients on data security and risk issues related to mergers, acquisitions, divestitures, restructurings, joint ventures, strategic alliances, outsourcing, licenses, software, websites, application development agreements, data processing agreements, and other commercial agreements. We assist clients in drafting contracts with cybersecurity requirements, as well as vendor contracts involving shared information and system access.

For transactions that involve contract review and drafting, we address the following issues:

• Control and processing of data
• Ownership and licensing of data
• Definition of protected information
• Minimum security safeguards
• Oversight of security compliance (customer audits, auditing by service provider, security questionnaire)
• Obligations regarding notice/disclosure of security breaches or privacy-related compliance issues
• Security breach procedures
• Expenses of breach remediation
• Return/destruction of personal information
• Vendor/developer/licensor contracts involving shared information and system access