Data Privacy and Security Agreements: Allocating and Mitigating Risks of a Breach; Maintaining Regulatory Compliance

Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law. Michael is a member of the Technology Transactions, Cybersecurity, and Privacy and Privacy, Security Information Management Practices. Michael is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC), and Certified Outsourcing Professional (COP) certifications. Mr. Overly’s numerous articles and books have been published in the United States, Europe, Korea, and Japan. He has been interviewed by a wide variety of print and broadcast media (e.g., the New York Times, Los Angeles Times, Business 2.0, Newsweek, ABCNEWS.com, CNN, and MSNBC) as a nationally recognized expert on technology and security related matters. In addition to conducting seminars in the United States, Norway, Japan, and Malaysia, Mr. Overly has testified before the U.S. Congress regarding online issues.

Ms. Ross’ practice focused on technology and U.S. privacy matters. Her extensive experience with technology and technology contracts includes negotiating, drafting, and interpreting over 10,000 computer hardware and software, SaaS, consulting, outsourcing, Internet, electronic signatures, web hosting, application service providers and non-disclosure agreements, many of which were for a federal government contractor. Ms. Ross also handles U.S. privacy matters, including security breach laws, as well as assisting clients with their questions and compliance efforts relating to Red Flag Rule, Health Insurance Portability and Accountability Act Privacy and Security Rules, Gramm-Leach-Bliley, Telephone Consumer Protection Act, CAN-SPAM, California Consumer Privacy Act, and Fair and Accurate Credit Transactions Act. Sue has assisted clients with privacy and information security questions relating to the Payment Card Industry standards, provided counseling on a wide variety of matters that raised privacy issues, and created privacy policies (including Binding Corporate Rules) for corporations, as well as for websites. Ms. Ross is part of the firm's FinTech team, frequently speaking and writing on cryptocurrency, blockchain, and smart contract issues.