print letterhead

E-Business, Privacy & Data Security

Regardless of whether a business is well established or emerging, all businesses today look to the Internet to expand their customer base, explore new distribution channels, integrate new technologies into existing business opportunities, and increase productivity. Our clients range from established global companies to innovative start-up companies commercializing disruptive edge technologies. Miles & Stockbridge lawyers have the expertise to counsel clients of any size and stage of growth in all aspects of electronic commerce and web-based technology and services. Our experience in all phases of business-to-business and business-to-consumer online commerce enables us to strategize with our clients as to the most effective ways to support online retailing or develop the means to conduct wholesale, distributor and supply relationships from a totally online platform.

We regularly advise clients and litigate issues on domain names and trademark piracy, intentionally misspelled domain names, the use of metatags and keywords by competitors, and the related trademark issues. We work with lawyers throughout the firm in overcoming challenges faced by traditional businesses when doing business over the Internet. Our lawyers stay up to date on the current technologies applicable to electronic commerce and have practical experience in the analysis and design, programming, configuration management, testing and quality assurance, and product/project management, enabling us to help clients achieve any online objective.

Identifying, protecting and enforcing rights in personal data and intellectual property (IP) is critical in the e-business environment. We routinely work with clients to implement strong contractual frameworks, vendor relationships, structuring strategic alliances and joint ventures, complex licensing transactions, sponsorships, contests, multi-media and advertising relationships common to transacting business over the Internet internationally in such a manner as to maximize the client’s objectives with a minimum of legal risk. This means understanding the legal and practical benefits and drawbacks of doing business in various jurisdictions, governmental regulations, warranty and liability issues, limitations on disclaimers, liability limits and non-competition provisions, tax implications and the best means of protecting and enforcing patents, copyrights and trademarks in the digital environment in applicable jurisdictions. We also advise our clients to look inward, establishing and enforcing policies with respect to use of company resources, such as on-site and remote equipment, software, PDAs, the company email system, Internet usage, participation in bulletin boards, blogging, and the ongoing challenge of maintaining confidentiality. We encourage clients to use available technology for company stores, to inform employees and new hires of existing and updated company policies and rules and to make training programs with respect to human resources issues, sales techniques, product updates and use of technology readily available to employees through the company intranet site.

Our diverse experience includes advising clients with respect to:

  • Assisting with online marketing, licensing, and advertising objectives with service providers, partners, and independent contractors
  • Proper data collection methods and analysis
  • Advising on and negotiating traditional and Software as a Service (SaaS) software agreements
  • Mobile app development and maintenance
  • Social media analytics and integration
  • Data back-up, including cloud-based solutions
  • Technology commercial contracts
  • Copyright and trademark issues related to the Internet generally and the Digital Millennium Copyright Act in particular
  • Viral email and other advertising campaigns and SPAM
  • Contests, sweepstakes, rebates, games, product promotions, sponsorships and preparing related rules and winner affidavits
  • Co-branding and linking
  • Online contracting and the Uniform Electronic Transactions and Computer Information Transactions Acts
  • Electronic signatures, public key infrastructure and the various Digital Signatures Acts
  • Content development and licensing
  • Protecting IP rights related to website design and software development
  • Creating strong legal terms, service level commitments, and data security requirements for hosting and application service provider agreements
  • Developing and enforcing meaningful website terms of use, acceptable use policies, privacy statements and legal disclaimers
  • Performing periodic audits of client websites to ensure continued compliance with industry regulations, such as those in banking and insurance
  • Reviewing interactive portions of client websites, such as blogs and bulletin boards for copyright or trademark abuse, harassing or other wrongful behavior and potential product liability issues
  • Payment Card Industry (PCI) Data Security Standards
  • Development of rules and regulations for clients seeking to streamline their procurement processes through use of electronic proposal, bid and auction technologies
  • Protection of business method inventions

Customer information is one of a company’s e most valuable assets. However, with the loss of just one computer, a company can find itself mired in a morass of data security and privacy regulations, incurring thousands of dollars in unbudgeted sums, the wrath of its customers, and significant damage to its reputation and good will – regardless of whether identity theft results. Data security breaches make for great headlines, but not very positive ones. Stolen confidential business and personal information may be disseminated over the Internet in a matter of hours. Consumer and legislative focus on this high-profile issue necessitates that businesses understand and comply with numerous complex U.S. and international laws governing data security and privacy laws. Few businesses exist that would not be subject to laws, such as the Gramm-Leach-Bliley Act, Fair Credit Reporting Act or the Health Insurance Portability and Accountability Act, and the European Union’s Directive on Data Protection and requirements of the various Data Protection Authorities in each country in which clients may have employees as well as customers.

Miles & Stockbridge lawyers understand and advise clients with respect to the varying legal issues involved in handling information, including data collection, data access and security, data storage, data sharing and transfer. Clients often find themselves addressing the issue for the first time after a breach has occurred. With our assistance, clients are able to formulate a response --both from a public relations and technological perspective – deal with the regulatory requirements and develop and implement response procedures for the future. The following examples indicate situations in which personal data may have been compromised for which we provided advice and counsel:

  • Providing data collection, storage, sharing and transfer advice to a major manufacturer with multiple facilities worldwide, including preparation of template agreements.
  • Assisting with development of privacy policies and statements for clients collecting and storing data pursuant to their websites’ eCommerce capabilities and with respect to promotional campaigns, sweepstakes and contests. Advising clients with respect to compliance with the Children’s Online Privacy Protection Act.
  • A technical glitch resulted in assigning the same passwords to multiple users of an online provider, resulting in access to financial and academic information of fellow users.
  • A website hacking incident in which customer orders and credit card information were compromised.

We provide the best service when we are able to assess clients’ information collection and sharing practices prior to a breach. Through an assessment, we can educate and train clients with respect to privacy basics, identify areas of risk, assist clients in development and implementation of policies relative to their information collection and privacy practices, and provide appropriate contract terms for data sharing, i.e., for marketing and advertising campaigns, as well as service providers who may access client data while providing services to the client.

While implementation of data protection policies and procedures cannot completely shield a client, it will prepare the client for the challenges accompanying the inevitable data security breach.