BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Commercial Law

Date & Time
  • event Date

    Tuesday, October 8, 2024

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will offer strategies and best practices counsel can apply in negotiating and structuring agreements with IT service providers in the wake of the CrowdStrike incident. The panel will discuss the key contractual provisions and mechanisms to include in these agreements.

Faculty

Aaron K. Tantleff
Partner
Foley & Lardner LLP

Mr. Tantleff, CIPP/E, is a partner in Foley’s Technology Transactions, Cybersecurity, and Privacy; and the Environmental, Social, and Corporate Governance (ESG) practice groups. He represents companies in various technology, privacy, security, information management, open source, and intellectual property matters, such as the development of compliance policies, programs, cybersecurity breach preparation, incident response, big data, and data monetization initiatives. Mr. Tantleff also regularly represents clients in mergers and acquisitions, outsourcing transactions, strategic alliances, development and licensing arrangements, supply and distribution arrangements, and other strategic and collaborative transactions involving significant technology and intellectual property. He  is a frequent speaker on technology, security, privacy, and outsourcing matters, and is regularly quoted in The Wall Street Journal, Reuters, Politico, Fortune, and other top-tier publications on topics such as cyberattacks, privacy law developments, and data protection, including regarding the General Data Protection Regulation (GDPR) and the Asia Pacific Cross Border Privacy Rules. Mr. Tantleff has been retained for data protection, cybersecurity, monetization of big data/IoT programs, and data breach response, remediation, and simulations by companies across all industries and sizes, domestically and abroad, including several Fortune 100 companies. He has also counseled several state legislators on cybersecurity legislation.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Michael R. Overly
Partner
Foley & Lardner LLP

Mr. Overly focuses his practice on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law. He is the co-author of A Guide to IT Contracting: Checklists, Tools and Techniques (CRC Press, 2012).

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Ashley Kennedy
Attorney
Foley & Lardner LLP

Ms. Kennedy is a Technology, Transactions, Cybersecurity & Privacy Practice Group member within the firm’s Intellectual Property Department. She provides counsel on structuring and negotiating technology agreements to create strategic and advantageous business relationships between companies. Ms. Kennedy has experience drafting and negotiating commercial agreements, including intellectual property licenses, software-as-a-service agreements, distribution agreements, master services agreements, non-disclosure agreements, and technology transfer agreements. She also has experience structuring and addressing the intellectual property components of mergers and acquisitions and other corporate transactions.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

On July 19, 2024, organizations throughout the world experienced serious disruptions to their operations when businesses and individuals were unable to log onto devices and accounts for prolonged periods. The technology outage was traced back to a security update pushed out by CrowdStrike, a cybersecurity company, that caused the Microsoft Windows operating system to crash.

Business losses tied to the outage are anticipated to include disrupted operations, loss of revenue, loss of business opportunities, recovery costs, legal fees, and loss of customer and investor confidence, among others. All of these can lead to contractual and indemnity issues, and many organizations are examining the possibility of contractual recourse for the CrowdStrike incident.

The IT industry commonly limits or excludes liability for indirect, consequential, and special damages in agreements. And many IT contracts also do not allow third parties to benefit from any protections between the service provider and customer. CrowdStrike's terms and conditions contained these traditional exclusions, as well as other caps on liability. As a result, many anticipate that CrowdStrike's terms and conditions will largely protect it against damages claims brought in litigation.

In response, and to mitigate or avoid the serious impacts of service disruptions like the CrowdStrike outage in the future, counsel should review and strengthen service level agreements and contractual remedies to protect clients against devastating losses tied to future IT outages.

Listen as our panel of experts discusses the implications of the CrowdStrike outage for tech-reliant businesses and provides critical insight into the contractual mechanisms that can be used to protect clients against the impacts of future IT outages and failures.

Outline

  1. CrowdStrike incident overview
  2. Standard contract provisions in the IT industry
    1. Limitations of liability
    2. Exclusion of benefits to third parties
  3. Software litigation stemming from the CrowdStrike incident
    1. Case theories
    2. Anticipated outcomes
  4. Key SLA/contractual provisions
    1. Liability caps
    2. Remedies and compensation for service failures
    3. Force majeure and exclusions
    4. Ability to work around technology failures to ensure continuity of critical processes
    5. Acceptance testing and avoiding "deemed acceptance" clauses
    6. Indemnity
    7. Incident response and resolution tailored to customer's business and processes
    8. Disaster recovery plan requirement for IT service providers
  5. Business continuity plan requirement for IT service providers
    1. Termination rights and exit assistance

Benefits

The panel will discuss these and other key issues:

  • What complex legal and business issues should counsel consider when negotiating software agreements in the aftermath of the CrowdStrike outage?
  • How can counsel structure agreements with IT service providers to maximize protections to clients in the event of technology outages?
  • What are the critical provisions and requirements that should be included in agreements with IT service providers?