SlideShare una empresa de Scribd logo

Mining IT Summit Nov 6 2014

Descargar como PPT, PDF
L
Lisa Abe-Oldenburg, B.Comm., JD.
1 de 24
NEGOTIATING SUCCESSFUL IT CONTRACTS IN THE MINING INDUSTRY Lisa Abe-Oldenburg November 6, 2014 3rd Global Mining IT & Communication Summit 2014
Introduction • Software Licensing Top 10 Tips • Cloud Computing risks and how to avoid them • IT outsourcing best practices • Protecting confidential IT and data
Software Licensing Top 10 Tips 1. Do Your Due Diligence • Reps and warranties are a tool to manage risk after due diligence 2. Be clear about what rights are being licensed and to whom • Beware of the word "use" 3. Know the Difference Between Exclusive, Sole and Non-Exclusive • Competition and duties
4. Do Sweat The Small Stuff in the License Grant • perpetual, non-transferable, non-sublicensable, grant- backs 5. Don’t Blindly Agree to Restrictions on Licensing • Be careful with limitations on scope, location, copying, confidentiality 6. Beware of Reps & Warranties that look good from afar, but are far from good • E.g. Licensor ownership, third party qualifications, licensor's rights, non-infringement not tied to exercise of license rights, security
7. Do structure compensation strategically • Create the right incentives for royalties, e.g. minimums, de-escalating, calculation variables, tax exemptions, R&D credits 8. Do Consider Bankruptcy and Insolvency • Source code and other escrow, survival of license terms beyond termination, security interest, keep services separate, FMV option to purchase
9. Don’t Underestimate the Term & Termination • Start date, conditions, different, early, causes, remedies, renewals, transitioning, survival 10. Be Choosey About Choice of Law • Governing, forum, location, dispute resolution, IP rights, import/export controls, currency exchange
Cloud Computing Risks and How to Avoid Them • Overview of cloud computing • Cloud delivery, service and deployment models • Issue identification • Risk mitigation
Overview of Cloud Computing • National Institute of Standards and Technology (NIST) v. 15 • Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. • “Surge computing” analogous to electricity providers, where players intra cloud (or in cloud stacks) or inter-cloud, are essentially trading processing and storage capacity. Data, software and servers are able to be moved instantaneously to available computation resources • Rearden LLC v. Rearden Commerce, Inc., 597 F.Supp. 2d 1006 (N.D. Cal. Jan. 27, 2009) – “Cloud Computing” defined as a software as a service platform for the online delivery of products and services
Cloud Delivery/Service Models • Software as a Service (SaaS) • cloud provider supplies the software • user can set limited configuration of the software • Platform as a Service (PaaS) • cloud provider supplies the programming language and tools • user selects and controls applications and hosting environments • Infrastructure as a Service (IaaS) • cloud provider manages and controls underlying cloud infrastructure • user selects and configures operating systems, storage, applications, networking components (e.g. firewalls, load balancers) • Cloud service integrators bundle multiple services into a single offering, to appear as a seamless consolidated application • E.g. customer relationship and reservations system, e-signature/e- commerce app, payment processing, billing platform, etc.
Deployment Models • Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. • Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. • Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. • Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
Issue Identification • Where is the Cloud and which jurisdictions laws apply? • Governing law of the contract governs contractual terms, but still subject to local laws and regulations – cannot contract out of them • Ownership, control, preservation and return or destruction of data, especially in the cloud – cross-border transfer , eDiscovery and data retention issues • Risk of asset/data loss, security and privacy breaches more serious in the Cloud • How and where can you access your data? For compliance, correction, deletion, at end of service, if disaster or insolvency of cloud provider occurs, or for litigation purposes
Issue Identification • Where is the data??? Both data at rest and data in motion. Cloud is flexible and data (and software) can move easily across borders if network is big enough - moved around to where storage or processing is more cost effective, efficient or available • Provider may not have standards, controls or notification process that meet regulatory compliance and guidance requirements applicable to your business • Watch out for freezing of accounts and no access to data upon termination or breach – data could be deleted (hijacked until fees paid or dispute resolved)
Issue Identification • Backup and disaster recovery issues – risk and cost shifts customer • Risk of Copyright infringement if software or systems being migrated to the cloud - creation of virtual servers or applications could be making a “copy” and require additional license rights and payment of fees • Ownership complications if cloud used for any development – need to examine applicable copyright law and cloud service agreement
Issue Identification • Limits on provider's liability may be too low - disclaimers, exclusions, short limitation periods; risk of liability shifts to customer • What is your recourse if provider is in breach? There is a service interruption/outage, errors, damages, loss, disclosure ? • Cloud providers providing public services will not give indemnities and will ask for broad indemnities from the customer – must renegotiate • Contracts or services in foreign jurisdictions could have problems with local laws, storage, handling of disputes, exports • Cross-referenced terms must be agreed to in advance of procurement • Watch out for terms that could be unilaterally amended by service provider, deemed accepted by use
Mitigating Issues with Cloud Computing Agreements • Due diligence – insist on transparency • Scope of services, location, data management, logical partitioning • SLAs – minimums, measurement, periods, frequency, downtimes, connectivity, uptime percentage calculations, review and assessment, reporting, audit, exclusions (customer, 3rd party, etc.) • Customer responsibilities – data, licenses, compliance, users • Data issues- cleansing, storage, retrieval, transitioning • Termination implications, business continuity • Confidentiality and Security terms, audits – financial, physical, technical, security, controls and standards, compliance • Liability and disclaimer clauses to be negotiated
Risk Mitigation • Maintain control over critical data or services and access to them • Consider choosing a private cloud or community cloud with services within the province • Revise employee technology policies to ensure BYOD doesn't translate into BYOC – ensure employees are trained on the risks of cloud computing and not using publicly available free services for work related matters, e.g. conference calls, gmail, contact list management, slide sharing, web-based presentations
IT Outsourcing Best Practices • In-scope, out of scope, critical operations, SLAs, dependencies • Hardware, software, data, infrastructure, websites, R&D, testing, maintenance, backup, disaster recovery, business continuity, transitioning • Change management – regulatory, business operations, disputes • Governance – committees (Executive, Project), key persons, reporting, meeting, voting, dispute resolution • Ownership of IT, IP, prior and new, data and licensing • Remedies for default, minor vs. material • Representations, warranties and indemnities • Term and termination, survival of obligations and rights • Renewal terms – automatic or not, notice periods, term, COLA clauses
Allocating Risk and Minimizing Liability • Defining "Losses" becomes important • All damages including internal costs • Just those resulting from third party claims • Legal fees and disbursements • Costs of investigation, audit • Security breaches, third party hacking, theft • Standards of care and responsibilities • Representations and warranties as to compliance and security • Breach disclosure obligations – to parties, regulators, public? • Caps on liability and exclusions, e.g. for privacy, confidentiality and security breaches • Who is best able to mitigate risk?
Revenue Structures • Basis for calculating fees and payment terms • For services, products, data transfer, backup, disaster recovery, updates and upgrades, licenses (royalties) • Fees and rates • fixed • variable • unit of measure (time, output/input) • Transition services • Pass-through costs • Set-offs (e.g. credits, third party fees) • Timing of payments – deliverables, testing, deployment
Revenue Structures • Adjustments, e.g. cost-of-living and inflation escalators, consumer price indices • Credits (remedies for breaches or failures in performance) – Sole and exclusive remedy? Liquidated damages? Triggers? Caps? Applied against specific service/SOW or entire agreement? • Taxes • Invoicing – frequency, interest, currency • Reporting, officers' certificates (MFN) and audit – restrictions
Protecting Confidential IT and Data • Prevention of competition, leakage of trade-secrets, ideas and know how • non-competition covenants • non-solicitation covenants • Employment and subcontractor contracts • NDAs • Which way does the confidential information flow? • Define "Confidential Information" - scope of protection • Exclusion examples: • Information independently developed • Information licensed from third parties • Publicly available information without breach
Protecting Confidential IT and Data • obligations: • non-disclosure - other party’s confidential info • security/retention • technologically isolate customer data and records at all times • location of records and data storage • return/destruction • exclusions, e.g. permitted disclosures • notification and mitigation of breaches (potential or actual) • term for each obligation • liability for losses if security breach • injunctive remedies
Practical Tips • Limit disclosure only to those persons who have a “need to know”, establish "clean rooms" • Disclosure of confidential information to any third party, e.g. an outsourced service provider, may be prohibited under certain software licenses • Security standards, controls, audits – SOX, technical, systems and compliance • Confidentiality obligations to survive for so long as information remains confidential or trade secret
Questions? Lisa K. Abe- Oldenburg, B.Comm., J.D. Abe-oldenburgL@bennettjones.com Tel.: 1-416-777-7475 www.bennettjones.com • This presentation contains statements of general principles and not legal opinions and should not be acted upon without first consulting a lawyer who will provide analysis and advice on a specific matter.

Recomendados

Loughtec cloud computing
Loughtec cloud computing Loughtec cloud computing
Loughtec cloud computing
Loughtec
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
Applied mobile chaos theory
Applied mobile chaos theoryApplied mobile chaos theory
Applied mobile chaos theory
SecureITExperts
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
Janine Anthony Bowen, Esq.
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
lisaabe
 

Recomendados

Loughtec cloud computing
Loughtec cloud computing Loughtec cloud computing
Loughtec cloud computing
Loughtec
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
Valencell, Inc.
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
Cloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTSCloud computing - Risks and Mitigation - GTS
Cloud computing - Risks and Mitigation - GTS
Anchises Moraes
 
Applied mobile chaos theory
Applied mobile chaos theoryApplied mobile chaos theory
Applied mobile chaos theory
SecureITExperts
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
Janine Anthony Bowen, Esq.
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
lisaabe
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
centralohioissa
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenya
Tonny Omwansa
 
Disaster recovery enw
Disaster recovery enwDisaster recovery enw
Disaster recovery enw
Joseph Manzelli Jr
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Joanna Hendricks
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
IOSR Journals
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton Communications
Clear Technologies
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
Etienne Liebetrau
 
Legal Case Management Software For Lawyers and Law Firms - Legodesk
Legal Case Management Software For Lawyers and Law Firms - LegodeskLegal Case Management Software For Lawyers and Law Firms - Legodesk
Legal Case Management Software For Lawyers and Law Firms - Legodesk
Legodesk - Legal Practice Management Software
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counsel
Dan Michaluk
 
Meaningful Use Forecast: Cloud Computing and Disaster Preparedness
Meaningful Use Forecast: Cloud Computing and Disaster PreparednessMeaningful Use Forecast: Cloud Computing and Disaster Preparedness
Meaningful Use Forecast: Cloud Computing and Disaster Preparedness
William Buddy Gillespie ITIL Certified
 
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
OCBA Cloud 9: Cloud Computing and Ethics for Florida AttorneysOCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
Daniel Whitehouse
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
Ritambhara Agrawal
 
Victorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case StudyVictorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case Study
Rebecca O'Dwyer
 
IT Foundation Management Security
IT Foundation Management SecurityIT Foundation Management Security
IT Foundation Management Security
TDiTechnologies
 
Material5 sem inv_2015-16
Material5 sem inv_2015-16Material5 sem inv_2015-16
Material5 sem inv_2015-16
Keila Contreras Romero
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
David Kearney
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
Hossam Hassanien
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
Giuseppe Paterno'
 
10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance
EliseT2015
 
Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...
Mining Oil and Gas Jobs
 
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and StrategyIMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
IMGS
 

Más contenido relacionado

La actualidad más candente

MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
centralohioissa
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenya
Tonny Omwansa
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Joanna Hendricks
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton Communications
Clear Technologies
 
Victorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case StudyVictorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case Study
Rebecca O'Dwyer
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
David Kearney
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
Hossam Hassanien
 

La actualidad más candente (20)

MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
 
Cloud and challenges isacakenya
Cloud and challenges isacakenyaCloud and challenges isacakenya
Cloud and challenges isacakenya
 
Disaster recovery enw
Disaster recovery enwDisaster recovery enw
Disaster recovery enw
 
Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580Cloud computing web 2.0 By Joanna Hendricks BMT 580
Cloud computing web 2.0 By Joanna Hendricks BMT 580
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton Communications
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Legal Case Management Software For Lawyers and Law Firms - Legodesk
Legal Case Management Software For Lawyers and Law Firms - LegodeskLegal Case Management Software For Lawyers and Law Firms - Legodesk
Legal Case Management Software For Lawyers and Law Firms - Legodesk
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counsel
 
Meaningful Use Forecast: Cloud Computing and Disaster Preparedness
Meaningful Use Forecast: Cloud Computing and Disaster PreparednessMeaningful Use Forecast: Cloud Computing and Disaster Preparedness
Meaningful Use Forecast: Cloud Computing and Disaster Preparedness
 
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
OCBA Cloud 9: Cloud Computing and Ethics for Florida AttorneysOCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
OCBA Cloud 9: Cloud Computing and Ethics for Florida Attorneys
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Victorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case StudyVictorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case Study
 
IT Foundation Management Security
IT Foundation Management SecurityIT Foundation Management Security
IT Foundation Management Security
 
Material5 sem inv_2015-16
Material5 sem inv_2015-16Material5 sem inv_2015-16
Material5 sem inv_2015-16
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
 
Business Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach FinalBusiness Intelligence In Cloud Computing A Tokenization Approach Final
Business Intelligence In Cloud Computing A Tokenization Approach Final
 
Identity theft in the Cloud and remedies
Identity theft in the Cloud and remediesIdentity theft in the Cloud and remedies
Identity theft in the Cloud and remedies
 
10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance10 Differences Between eDiscovery & Information Governance
10 Differences Between eDiscovery & Information Governance
 

Destacado

Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...
Mining Oil and Gas Jobs
 
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
meinhard
 

Destacado (8)

Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...Social Media and Privacy - Education Across the Nation - Australian Computer ...
Social Media and Privacy - Education Across the Nation - Australian Computer ...
 
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and StrategyIMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
IMGS Geospatial User Group 2014: Hexagon Geospatial Vision, Mission and Strategy
 
IT Outsourcing Contract Renegotiation (infographic)
IT Outsourcing Contract Renegotiation (infographic)IT Outsourcing Contract Renegotiation (infographic)
IT Outsourcing Contract Renegotiation (infographic)
 
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
Pocket Bitcoin ATM, presented at Mobile POS Hackathon Berlin February 2014
 
Challenges, Risks & Opportunities For the Mining Industry in the Americas
Challenges, Risks & Opportunities For the Mining Industry in the Americas Challenges, Risks & Opportunities For the Mining Industry in the Americas
Challenges, Risks & Opportunities For the Mining Industry in the Americas
 
New Technology & Innovation in mining
New Technology & Innovation in miningNew Technology & Innovation in mining
New Technology & Innovation in mining
 
Opportunities for Innovation, presented by John Thompson at 2013 CMIC Signatu...
Opportunities for Innovation, presented by John Thompson at 2013 CMIC Signatu...Opportunities for Innovation, presented by John Thompson at 2013 CMIC Signatu...
Opportunities for Innovation, presented by John Thompson at 2013 CMIC Signatu...
 
Digging deep - the digital transformation of mining
Digging deep - the digital transformation of miningDigging deep - the digital transformation of mining
Digging deep - the digital transformation of mining
 

Similar a Mining IT Summit Nov 6 2014

Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Lisa Abe-Oldenburg, B.Comm., JD.
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
Ahmad Abdalla
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
movinghats
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and facts
Arun Ganesh
 

Similar a Mining IT Summit Nov 6 2014 (20)

Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of TradeSecuring Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
Securing Apps and Data in the Cloud - July 23 2014 Toronto Board of Trade
 
Securing Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & NetskopeSecuring Apps & Data in the Cloud by Spyders & Netskope
Securing Apps & Data in the Cloud by Spyders & Netskope
 
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
 
Cloud Computing & IT in the Boardroom
Cloud Computing & IT in the BoardroomCloud Computing & IT in the Boardroom
Cloud Computing & IT in the Boardroom
 
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011IT Series: Cloud Computing Done Right CISOA 2011
IT Series: Cloud Computing Done Right CISOA 2011
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?
 
Mediating with Technology.: Opportunities and Risks
Mediating with Technology.: Opportunities and RisksMediating with Technology.: Opportunities and Risks
Mediating with Technology.: Opportunities and Risks
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Cloud-Computing_USA.ppt
Cloud-Computing_USA.pptCloud-Computing_USA.ppt
Cloud-Computing_USA.ppt
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and facts
 
Secure Cloud Issues
Secure Cloud IssuesSecure Cloud Issues
Secure Cloud Issues
 
NARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud ComputingNARA's FAQ and Bulletin on Cloud Computing
NARA's FAQ and Bulletin on Cloud Computing
 

Más de Lisa Abe-Oldenburg, B.Comm., JD.

Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Lisa Abe-Oldenburg, B.Comm., JD.
 
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment SystemsLEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
Lisa Abe-Oldenburg, B.Comm., JD.
 
Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014
Lisa Abe-Oldenburg, B.Comm., JD.
 

Más de Lisa Abe-Oldenburg, B.Comm., JD. (10)

13756360_1.PPT
13756360_1.PPT13756360_1.PPT
13756360_1.PPT
 
13594800_2.PPT
13594800_2.PPT13594800_2.PPT
13594800_2.PPT
 
13530912_2.PPT
13530912_2.PPT13530912_2.PPT
13530912_2.PPT
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
LEXPERT Payments Oct 29 2014 - Mobile Payments Regulation
LEXPERT Payments Oct 29 2014 - Mobile Payments RegulationLEXPERT Payments Oct 29 2014 - Mobile Payments Regulation
LEXPERT Payments Oct 29 2014 - Mobile Payments Regulation
 
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment SystemsLEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
LEXPERT Payments Oct 29 2014 - CASL Implications for Payment Systems
 
Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014
 
Copyright Monetization (IPIC McGill Aug 8 2014)
Copyright Monetization (IPIC McGill Aug 8 2014) Copyright Monetization (IPIC McGill Aug 8 2014)
Copyright Monetization (IPIC McGill Aug 8 2014)
 
CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014CIPS ON CASL presentation Mar 20 2014
CIPS ON CASL presentation Mar 20 2014
 
Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014Cardware Conference presentation on BIG DATA June 17-18 2014
Cardware Conference presentation on BIG DATA June 17-18 2014
 

Mining IT Summit Nov 6 2014

  • 1. NEGOTIATING SUCCESSFUL IT CONTRACTS IN THE MINING INDUSTRY Lisa Abe-Oldenburg November 6, 2014 3rd Global Mining IT & Communication Summit 2014
  • 2. Introduction • Software Licensing Top 10 Tips • Cloud Computing risks and how to avoid them • IT outsourcing best practices • Protecting confidential IT and data
  • 3. Software Licensing Top 10 Tips 1. Do Your Due Diligence • Reps and warranties are a tool to manage risk after due diligence 2. Be clear about what rights are being licensed and to whom • Beware of the word "use" 3. Know the Difference Between Exclusive, Sole and Non-Exclusive • Competition and duties
  • 4. 4. Do Sweat The Small Stuff in the License Grant • perpetual, non-transferable, non-sublicensable, grant- backs 5. Don’t Blindly Agree to Restrictions on Licensing • Be careful with limitations on scope, location, copying, confidentiality 6. Beware of Reps & Warranties that look good from afar, but are far from good • E.g. Licensor ownership, third party qualifications, licensor's rights, non-infringement not tied to exercise of license rights, security
  • 5. 7. Do structure compensation strategically • Create the right incentives for royalties, e.g. minimums, de-escalating, calculation variables, tax exemptions, R&D credits 8. Do Consider Bankruptcy and Insolvency • Source code and other escrow, survival of license terms beyond termination, security interest, keep services separate, FMV option to purchase
  • 6. 9. Don’t Underestimate the Term & Termination • Start date, conditions, different, early, causes, remedies, renewals, transitioning, survival 10. Be Choosey About Choice of Law • Governing, forum, location, dispute resolution, IP rights, import/export controls, currency exchange
  • 7. Cloud Computing Risks and How to Avoid Them • Overview of cloud computing • Cloud delivery, service and deployment models • Issue identification • Risk mitigation
  • 8. Overview of Cloud Computing • National Institute of Standards and Technology (NIST) v. 15 • Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. • “Surge computing” analogous to electricity providers, where players intra cloud (or in cloud stacks) or inter-cloud, are essentially trading processing and storage capacity. Data, software and servers are able to be moved instantaneously to available computation resources • Rearden LLC v. Rearden Commerce, Inc., 597 F.Supp. 2d 1006 (N.D. Cal. Jan. 27, 2009) – “Cloud Computing” defined as a software as a service platform for the online delivery of products and services
  • 9. Cloud Delivery/Service Models • Software as a Service (SaaS) • cloud provider supplies the software • user can set limited configuration of the software • Platform as a Service (PaaS) • cloud provider supplies the programming language and tools • user selects and controls applications and hosting environments • Infrastructure as a Service (IaaS) • cloud provider manages and controls underlying cloud infrastructure • user selects and configures operating systems, storage, applications, networking components (e.g. firewalls, load balancers) • Cloud service integrators bundle multiple services into a single offering, to appear as a seamless consolidated application • E.g. customer relationship and reservations system, e-signature/e- commerce app, payment processing, billing platform, etc.
  • 10. Deployment Models • Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. • Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. • Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. • Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
  • 11. Issue Identification • Where is the Cloud and which jurisdictions laws apply? • Governing law of the contract governs contractual terms, but still subject to local laws and regulations – cannot contract out of them • Ownership, control, preservation and return or destruction of data, especially in the cloud – cross-border transfer , eDiscovery and data retention issues • Risk of asset/data loss, security and privacy breaches more serious in the Cloud • How and where can you access your data? For compliance, correction, deletion, at end of service, if disaster or insolvency of cloud provider occurs, or for litigation purposes
  • 12. Issue Identification • Where is the data??? Both data at rest and data in motion. Cloud is flexible and data (and software) can move easily across borders if network is big enough - moved around to where storage or processing is more cost effective, efficient or available • Provider may not have standards, controls or notification process that meet regulatory compliance and guidance requirements applicable to your business • Watch out for freezing of accounts and no access to data upon termination or breach – data could be deleted (hijacked until fees paid or dispute resolved)
  • 13. Issue Identification • Backup and disaster recovery issues – risk and cost shifts customer • Risk of Copyright infringement if software or systems being migrated to the cloud - creation of virtual servers or applications could be making a “copy” and require additional license rights and payment of fees • Ownership complications if cloud used for any development – need to examine applicable copyright law and cloud service agreement
  • 14. Issue Identification • Limits on provider's liability may be too low - disclaimers, exclusions, short limitation periods; risk of liability shifts to customer • What is your recourse if provider is in breach? There is a service interruption/outage, errors, damages, loss, disclosure ? • Cloud providers providing public services will not give indemnities and will ask for broad indemnities from the customer – must renegotiate • Contracts or services in foreign jurisdictions could have problems with local laws, storage, handling of disputes, exports • Cross-referenced terms must be agreed to in advance of procurement • Watch out for terms that could be unilaterally amended by service provider, deemed accepted by use
  • 15. Mitigating Issues with Cloud Computing Agreements • Due diligence – insist on transparency • Scope of services, location, data management, logical partitioning • SLAs – minimums, measurement, periods, frequency, downtimes, connectivity, uptime percentage calculations, review and assessment, reporting, audit, exclusions (customer, 3rd party, etc.) • Customer responsibilities – data, licenses, compliance, users • Data issues- cleansing, storage, retrieval, transitioning • Termination implications, business continuity • Confidentiality and Security terms, audits – financial, physical, technical, security, controls and standards, compliance • Liability and disclaimer clauses to be negotiated
  • 16. Risk Mitigation • Maintain control over critical data or services and access to them • Consider choosing a private cloud or community cloud with services within the province • Revise employee technology policies to ensure BYOD doesn't translate into BYOC – ensure employees are trained on the risks of cloud computing and not using publicly available free services for work related matters, e.g. conference calls, gmail, contact list management, slide sharing, web-based presentations
  • 17. IT Outsourcing Best Practices • In-scope, out of scope, critical operations, SLAs, dependencies • Hardware, software, data, infrastructure, websites, R&D, testing, maintenance, backup, disaster recovery, business continuity, transitioning • Change management – regulatory, business operations, disputes • Governance – committees (Executive, Project), key persons, reporting, meeting, voting, dispute resolution • Ownership of IT, IP, prior and new, data and licensing • Remedies for default, minor vs. material • Representations, warranties and indemnities • Term and termination, survival of obligations and rights • Renewal terms – automatic or not, notice periods, term, COLA clauses
  • 18. Allocating Risk and Minimizing Liability • Defining "Losses" becomes important • All damages including internal costs • Just those resulting from third party claims • Legal fees and disbursements • Costs of investigation, audit • Security breaches, third party hacking, theft • Standards of care and responsibilities • Representations and warranties as to compliance and security • Breach disclosure obligations – to parties, regulators, public? • Caps on liability and exclusions, e.g. for privacy, confidentiality and security breaches • Who is best able to mitigate risk?
  • 19. Revenue Structures • Basis for calculating fees and payment terms • For services, products, data transfer, backup, disaster recovery, updates and upgrades, licenses (royalties) • Fees and rates • fixed • variable • unit of measure (time, output/input) • Transition services • Pass-through costs • Set-offs (e.g. credits, third party fees) • Timing of payments – deliverables, testing, deployment
  • 20. Revenue Structures • Adjustments, e.g. cost-of-living and inflation escalators, consumer price indices • Credits (remedies for breaches or failures in performance) – Sole and exclusive remedy? Liquidated damages? Triggers? Caps? Applied against specific service/SOW or entire agreement? • Taxes • Invoicing – frequency, interest, currency • Reporting, officers' certificates (MFN) and audit – restrictions
  • 21. Protecting Confidential IT and Data • Prevention of competition, leakage of trade-secrets, ideas and know how • non-competition covenants • non-solicitation covenants • Employment and subcontractor contracts • NDAs • Which way does the confidential information flow? • Define "Confidential Information" - scope of protection • Exclusion examples: • Information independently developed • Information licensed from third parties • Publicly available information without breach
  • 22. Protecting Confidential IT and Data • obligations: • non-disclosure - other party’s confidential info • security/retention • technologically isolate customer data and records at all times • location of records and data storage • return/destruction • exclusions, e.g. permitted disclosures • notification and mitigation of breaches (potential or actual) • term for each obligation • liability for losses if security breach • injunctive remedies
  • 23. Practical Tips • Limit disclosure only to those persons who have a “need to know”, establish "clean rooms" • Disclosure of confidential information to any third party, e.g. an outsourced service provider, may be prohibited under certain software licenses • Security standards, controls, audits – SOX, technical, systems and compliance • Confidentiality obligations to survive for so long as information remains confidential or trade secret
  • 24. Questions? Lisa K. Abe- Oldenburg, B.Comm., J.D. Abe-oldenburgL@bennettjones.com Tel.: 1-416-777-7475 www.bennettjones.com • This presentation contains statements of general principles and not legal opinions and should not be acted upon without first consulting a lawyer who will provide analysis and advice on a specific matter.