Transactions that involve the exchange of sensitive business, technological, or personal information raise important privacy and data security issues. Pierce Atwood’s privacy and data security team is closely integrated with our licensing and technology transactions practice to ensure that privacy and cybersecurity considerations are addressed at every stage of a transaction. Importantly, our clients include buyers of technology solutions as well as software licensors and software-as-a-service vendors. With a 360-degree perspective, we know how to find pragmatic solutions to privacy and data security challenges.

Our attorneys combine a practical and business-centric understanding of information technology with a deep knowledge of the complex and multi-layered regulatory landscape. In the early stages of procurement, we assist clients with pre-contract due diligence and review of the counter-party's information security practices. Based on the nature of the transaction and the sensitivity of the information involved, we negotiate appropriate contract terms designed to manage and mitigate information-related risks, including audit rights, information security requirements, data breach response and mitigation obligations, regulatory compliance warranties, indemnification, insurance requirements, and appropriate liability limits and risk allocation provisions.

Clients in the financial services, healthcare, and utility industries rely upon Pierce Atwood’s expertise to stay apprised of and manage regulatory compliance obligations. For example, we regularly help banks and other financial services companies ensure that vendor contracts meet the requirements of applicable laws, regulations and industry standards, including the Gramm-Leach-Bliley Act; state laws; FFIEC, OCC, and Fed guidances; and the PCI Data Security Standard. For companies that do not face such regulatory oversight, we apply industry standards (e.g., ISO 2700 Series, NIST and OMB standards and guidelines) to hold technology vendors to a measurable standard of care with respect to information security practices.

Representative Experience

We developed a licensing program and supporting agreements for a holder of health care claims data in connection with out-licensing de-identified data sets to universities and organizations for research purposes.

Licensing Big Data