Enterprise Software Licensing, New Choices-New Obligations
Software licensing options for large enterprises are evolving almost as quickly as the mission-critical software solutions those companies deploy. Where, with some exceptions, the touchstone of most software licensing in the recent past has been the software installation itself, businesses today have more options and flexibility to met their software needs. However, with that flexibility often comes complex software asset management (SAM) obligations. Licensing models that once would have required custom agreements with unique protocols (if they were technologically feasible in the first place) now are offered alongside the “traditional” licenses in increasingly dense menus of choices for IT teams to weigh. Businesses must equip themselves to recognize the unique challenges entailed with the various options in order to avoid unnecessary licensing exposure.The options available depend in large measure on the computers in question. For workstations, many businesses that once relied on a model of one license per installation now are migrating to thin-client architectures and to software delivered through the cloud, each of which presents unique infrastructure and licensing challenges. Server-based licensing options are even more complex, with many companies now facing the prospect of having to determine license requirements using intricate calculations that depend on the processing capacity of the computer or on some other metric associated with a particular software product. Unsurprisingly, many companies are finding unique solutions to those challenges – including the formation of “captive IT services providers” – but many of those solutions entail their own sets of challenges and risks.
Privacy & Security Risks in Cloud Computing
For attorneys handling technology transactions for their clients, it is virtually guaranteed that they have or will encounter a cloud computing agreement. On the surface, cloud agreements are similar to traditional technology licensing and services agreements; however, cloud computing engagements expose both the client and the service provider to risks not present in more traditional technology transactions. At the top of the list of unique cloud risks are the legislative topics-du-jour: privacy and security regulatory compliance. Because of the nature of cloud computing—wherein clients access and store data on service provider’s systems across a public Internet—both parties are forced to confront these regulatory risks, whether they want to or not. Robert J. Scott, Managing Partner, Scott & Scott, LLP, a Texas-based law firm with a privacy and security practice area, shares suggestions on how each party can mitigate, balance, or otherwise eliminate the privacy and security risks in cloud computing. Based on Rob Scott’s extensive experience negotiating cloud computing agreements, he addresses each element that contributes to privacy and security risk in cloud computing.
The HITECH ACT and Its Impact on MSPs
The HITECH ACT and Its Impact on MSPs The relatively recent revisions to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, known as the HITECH Act (Health Information Technology for Economic and Clinical Health Act), require both Covered Entities (health care provider who transmits health information in electronic format in connection with HIPAA covered transactions, a health plan, or health care clearinghouse) and Business Associates (entities that either perform a function or provide a service involving the use of PHI) to report any breaches of unsecured protected health information (PHI).As Business Associates, managed services providers are required to comply with the rules regarding security of the information. Health care organizations and other Covered Entities are increasingly demanding about assurances related to the safety and security of data that is outside of their control. In the event of a security incident, the Business Associate may be required to notify the individual whose PHI was leaked, the Secretary of the Department of Health and Human Services, and the media. Julie Machal-Fulks covers what MSPs should know about breach notification requirements and recommended procedures in the event of a breach.
Cloud Contracting for MSPs
Cloud Contracting for MSPs Robert Scott addresses the new legal challenges of cloud computing for MSPs. He identifies some of the areas that present the highest risk and offer suggestions for mitigating that risk. Rob highlights contract issues that should be covered in agreements, such asWhat happens if there is a data loss? How to evaluate term and termination provisions? What jurisdiction will prevail if there is litigation? What regulatory issues affect the business? How to protect confidential information? How to document who owns intellectual property? Dealing with regulatory compliance issues? How and in what format will data be kept? What tools will be available to access data? How to draft Service Level Agreements for the cloud services? How to limit liability through risk transfer instead contractual limitations of liability? What country will data be stored? What indemnification does the vendor offer for infringement of third-party intellectual property rights or data breach? How to deal with end-of-term transition issues?
Autodesk Licensing Guide
Autodesk products are used by more than 10 million architects, designers, engineers, manufacturers, and digital artists across multiple industries, including architecture, engineering, construction, manufacturing, automotive, media and entertainment, and utilities and telecommunications. To help combat pervasive piracy, Autodesk, along with other publishers, founded The Business Software Alliance (the BSA), an organization designed to investigate and punish businesses that are using software they cannot prove they own. The BSA claims that 42 percent of the software used in the global marketplace is pirated. For every legal copy of Autodesk software sold in the marketplace, five more illegitimate copies are distributed. What does all of this mean for the average business? If you are using Autodesk products, you should ensure that you fully understand your obligations under Autodesk’s sometimes confusing license terms and that you have dated documentation to demonstrate ownership of each product you are using. If you are being audited by Autodesk or the BSA, you should seek experienced counsel to guide you through the process.
HIPAA / HITECH Breach Notification Guide
As part of the American Recovery and Reinvestment Act of 2009, the federal legislature passed significant revisions to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. Entitled the Health Information Technology for Economic and Clinical Health Act, or HITECH Act, these revisions now require both Covered Entities and Business Associates to report any breaches of unsecured protected health information (“PHI”). Depending on the severity of the breach in question, the Covered Entity or Business Associate may be required to notify the individual whose PHI was leaked, the Secretary of the Department of Health and Human Services, and the media. In addition, Covered Entities or Business Associates can be subject to criminal charges of up to $250,000 in fines and 10 years imprisonment.
Data Privacy and Security in the Cloud
Cloud computing is exploding. Gartner estimates the cloud market will reach $150 billion by 2013. There is growing concern over how to meet regulatory privacy and security requirements. Robert J. Scott, Managing Partner, Scott & Scott, LLP, a Dallas-based law firm with a privacy and security practice area, will share suggestions on how to mitigate or eliminate the privacy and security risks in cloud computing. He will address the legal challenges of the cloud and highlight contract issues that should be covered in cloud computing agreements such as: What happens if there is a data loss? What broad or industry-specific regulatory issues affect the business? What jurisdiction will prevail if there is litigation? Will encryption be used in data storage and transmission? What indemnification does the vendor offer for infringement of third-party intellectual property rights or data breach?
The Cloud and the Law
The advantages of cloud computing are many, so it is easy to see why industry discussion about the cloud is reaching a feverish pitch. And while the number of businesses adopting cloud-based services, few understand the numerous legal issues associated with cloud computing. Rob Scott addresses the various legal challenges for businesses utilizing or providing cloud computing services.
How to Grow and Manage Your Online Reputation
Hot Topics in Privacy and Security Law
Presenters Robert J. Scott, Managing Partner, Scott and Scott, LLP, and Rachel Simon, Regional Underwriting Manager, Chartis, cover key areas of data breach exposure, the importance of benchmarking security practices to avoid liability, risk management techniques and liability insurance. This presentation details of various thefts and makes recommendations about how to minimize the organizational impact and negative consequences following a loss. Covers the lawyer’s role in counseling clients on privacy and security laws and regulations.
Successfully Defending Software Audits
Shrinking IT budgets and fierce competition among software publishers have created explosive growth in the incidence and frequency of software audits – a mechanism by which software publishers investigate their customers to determine if they are in compliance with software licenses and copyright laws. In addition to developing internal enforcement operations, many publishers have engaged trade associations to perform enforcement activity under power of attorney. Many companies are paying substantial fines and suffering negative publicity. Properly preparing for and responding to software audits can reduce the financial and organizational impact on your business. According to the BSA’s Sixth Annual Global Software Piracy Study, “…a large portion of non-compliant software is deployed by mistake, either by consumers buying cheap software that they do not realize is counterfeit, or by IT departments making mistakes in managing volume licenses.” Businesses that are most prepared and properly represented will have the greatest success in defending the inevitable software audit.
Preparing your Managed Service Practice for Sale
Robert Scott’s Presentation at MSP World 2009 Las Vegas covers valuation metrics for Managed Services, keys to increasing the value of customer contracts, what buyers look for in your agreements with partners and employees, how to cash in on your brand and other intellectual property, increasing your sale price through prudent risk management, the role of real estate leases when selling a managed services practice, as well as common deal structures for equity and debt financing for acquisitions.
State Data Breach Notification Laws
Scott & Scott, LLP's chart of state data breach notification laws. If you have experienced a data breach, call Scott & Scott, LLP for help.
Negotiating License Agreements with Oracle and Microsoft
Shrinking IT budgets, fierce competition and a mature software market have increased the motivation for software publishers (such as Microsoft Corp., Adobe Systems Inc., Oracle) to conduct software licensing audits – demanding that their customers demonstrate ownership of licenses for all software installed on their computers. Many companies are paying substantial fines and suffering negative publicity. Even average, unintentional infringement can have significant legal and financially material implications. Properly preparing for and responding to software audits can reduce the financial and organizational impact on your business.
Successfully Defending Software Audits - Webinar
Litigating Copyright Infringement Claims Whitepaper
Software copyright infringement litigation, frequently software anti-piracy claims, involve disputes between software publishers and their end-user customers. Suits by one software publisher against another over trade secrets and copyright ownership generally involve competing works. However, “competing works litigation” typically requires substantially more effort from the parties and the tribunal than anti-piracy software disputes. In these cases, the developer or owner of one program complains that a different product created or distributed by the defendant consists, in whole or in part, of the work in which the plaintiff holds the copyright. These cases on average involve significantly higher stakes than other software copyright disputes. The legal analyses and factual development in such matters can approach the level of complexity usually associated with patent disputes, and, indeed, many of the judicial frameworks regarding infringement analysis are similar to patent jurisprudence.
Mergers & Acquisitions for Managed Service Providers
While 2009 is poised to be a stellar year for managed services, there are a lot of IT companies that will be bought and sold this year. There are a lot of opportunities this year in the IT channel but only a few will make wise decisions. Learn about business valuation basics, risk avoidance best practices, M&A negotiation tactics for both sellers and buyers, and legal issues to be considered for M&A transactions.
Summary of DMCA
Educause DMCA Site
Secret Service Network Incident Report
Litigating Copyright Infringement Claims
Software copyright infringement litigation, frequently software anti-piracy claims, involve disputes between software publishers and their end-user customers. Suits by one software publisher against another over trade secrets and copyright ownership generally involve competing works. However, “competing works litigation” typically requires substantially more effort from the parties and the tribunal than anti-piracy software disputes. In these cases, the developer or owner of one program complains that a different product created or distributed by the defendant consists, in whole or in part, of the work in which the plaintiff holds the copyright. These cases on average involve significantly higher stakes than other software copyright disputes. The legal analyses and factual development in such matters can approach the level of complexity usually associated with patent disputes, and, indeed, many of the judicial frameworks regarding infringement analysis are similar to patent jurisprudence.
Webinar: Protecting Your Managed Services Practice Part 1
Part 1 of a webinar discussing effective risk management as an integrated approach to identifying and addressing the various sources of risk and on implementing consistent, intuitive, and easily repeatable processes to manage and mitigate risk.
Database Copyright Registrations
This publication provides an introduction to Copyright Registration for Database applications. If you have developed a software program of any type, it is important to consider seeking registration including protection for databases.
Investigating and Preserving Evidence in Data Security Incidents
This presentation covers legal developments in the area of network security and data privacy. Topics include a review of federal regulations, state data breach laws, privacy court cases, and evidence preservation strategies.
Protecting your Managed Services Practice: Are you at Risk?
Effective risk management relies on an integrated approach to identifying and addressing the various sources of risk and on implementing consistent, intuitive, and easily repeatable processes to manage and mitigate risk. Ensuring consistency across all risk management responses is as important as the details pertaining to each risk source.
Privacy and Security Laws for Health Care Organizations
Presentation slides from Rob Scott’s presentation to the AMGA’s Leadership Council on the topic of recent developments in privacy injury liability for the healthcare industry. The presentation discusses legal developments and trends affecting healthcare providers.
Managed Services: Service Level Agreements
How to develop service level agreements for managed services presented at the MSP Alliance Fall Conference. Topics include service level agreements, master services agreements, and project engagement contracts for managed service providers.
Hot Topics in Open Source Licensing
Open Source Software licensing hot topics slide presentation. Although there are dozens of open source licenses, the terms in copyleft licenses such as GPLv2 and GPLv3 seem to cause the most angst for enterprises using open source. Companies are concerned that they are putting their own IP at risk when using these licenses. In this presentation, you’ll gain a better understanding of copyleft licenses and how to manage the risks for your organization.
Software License Dispute Negotiation
If your business is involved in a software licensing dispute, will you know the best way to strategy to employ? In this session you’ll learn key strategies resolving software licensing disputes. Topics covered include: overcoming legal obstacles, restoring trust & communication, sharing information without jeopardizing your legal position, and understanding both sides business and emotional drivers to document new license agreements that fit both parties’ current business requirements.
Privacy Law: Recent Trends
Privacy law presentation discussing legal developments in the area of network security and data privacy. Topics include data breach, breach notification, privacy legislation, privacy court cases, and risk management.
Data Breach: Investigating Security Incidents
Data Breach presentation slides from Rob Scott's presentation to the Dallas Bar Association regarding the attorney's role in investigating and responding to network secuirty incidents involving data breach.
Media & Technology Litigation
This presentation discusses the legal issues involved in common media and technology insurance claims. Scott & Scott, LLP represents insureds in claims arising under media and technology business insurance.
Copyright Registration for Online Works
This publication discusses basic concepts related to the copyright registration of websites. Most internet law disputes turn on either trademark or copyright law. Failure to timely register your website with the U.S. Copyright Office will dramtically effect your ability to enforce your rights in court.
Copyright Registrations for Software Programs
This publication provides an introduction to Copyright Registration for Software Programs. If you have developed a software program of any type, it is important to consider seeking registration.
Internet Law: PPC and SEM
Internet Law presentation slides discussing the trademark and copyright issues that arise in internet marketing and search engine optimization campaign. Topics include trademark infringement, copyright infringement, domain name disputes, and DMCA takedown.
Software Audit Tool
Scott & Scott’s Compliance Manager™ remotely audits your network and provides an immediate and accurate view of your software assets. It automatically documents the software deployed on your network, helping you to gage your current license compliance status; and effectively manage, control and protect software assets throughout your enterprise.
Business Impact of a Data Breach
Presentation highlighting the results from a study performed by the Ponemon Institute, sponsored by Scott & Scott, regarding the business impacts of data breach occurs. Topics researched include the causes of data breach, spending on data breach prevention, use of encryption, and breach notification strategy.
Managing Software Disputes
Software audit defense presentation presented by Rob Scott, Scott & Scott, LLP. Topics include bsa audit, siia audit, software arbitration, software litigation, and software licensing.
SEC- Proposed Data Breach Rule
The Securities and Exchange Commission ("Commission") is proposing amendments to Regulation S-P, which implements certain provisions of the Gramm-Leach-Bliley Act ("GLBA") and the Fair Credit Reporting Act ("FCRA") for entities regulated by the Commission.
Data Breach Survey Results
Scott & Scott, LLP and Ponemon Institute are pleased to report the results of a national survey that seeks to understand how a data breach affects an organization. The study focuses on the organization’s response to the data breach, the most common causes of the breach and what measures are put in place to prevent a future breach based on lessons learned. We also compare the prevention practices of organizations that had a breach to those that have been spared. This independently conducted study queried a representative sample of 702 adult-aged respondents who are presently employed within U.S. organizations.