BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Commercial Law

Date & Time
  • event Date

    Thursday, November 30, 2023

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00

This CLE webinar will guide corporate and technology counsel in negotiating data processing agreements (DPAs). DPAs are an essential but often overlooked part of data security for businesses. The panel will break down the pain points when negotiating DPAs and will provide compromise tips to help ensure a path to execution.

Faculty

Whitener Michael
Shareholder
VLP Law Group, LLP

Mr. Whitener’s practice focuses on technology transactions and corporate compliance. In the area of technology transactions, he has experience in software licensing and alliances, cloud computing, web hosting and outsourcing agreements. Mr. Whitener’s data privacy expertise includes Big Data analytics, mobile applications, privacy by design, cybersecurity and cross-border data transfers. He drafts corporate policies concerning social media, “bring your own device” and other privacy-related issues.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Kahana Eran
Shareholder
Maslon LLP and Stanford Law School

Mr. Kahana is an experienced technology and IP lawyer, and also a Research Fellow at Stanford Law School. He counsel clients on a wide variety of matters related to intellectual property and cyber security and serves in a variety of cyber security thought-leadership roles. He works closely with the FBI, DOJ and colleagues from the private and academic sectors to promote and sustain cyber security best practices. At Stanford, he writes and lectures on the intersect between law and artificial intelligence. He has been interviewed on the BBC, KABC radio, Minnesota Public Radio, TheStreet.com and Stanford University Radio, KZSU FM.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

It's hard to imagine a business today that doesn't need a DPA--or rather several--of such contracts to cover data processing activities outsourced to web hosting, cloud storage, customer relationship management, and a roster of other service providers. Generally, under the EU's GDPR, California's Consumer Privacy Protection Act, and other state laws, if you're processing the personal data of individuals, you must have a DPA. Failure to comply with these requirements can result in significant penalties.

DPAs are a contract between the company that needs personal data to be processed (the data controller) and the company that processes data on behalf of other companies (the data processor). A DPA establishes the roles and responsibilities of both the data processor and the data controller, and it sets out the terms under which data will be processed. The problem is that DPA templates, whether provided by a data controller or a data processor, rarely stick to the bare bones of what the relevant laws require. Thus, negotiating various non-essential terms can greatly prolong the path to execution.

Listen as our authoritative panel breaks down best practices for drafting effective and compliant DPAs, and how to work through the pain points of negotiating the non-essential terms. The panel will also provide tips for compromising on various terms from the perspective of both the data processor and the data controller.

Outline

  1. Purpose of a DPA
  2. When is a DPA required
  3. Compliance with regulatory requirements
    • GDPR
    • CCPA
    • Other U.S. states that have laws governing DPAs
  4. Penalties for noncompliance
  5. Negotiating key terms of a DPA
    • Limitation of liability
    • Use of subprocessors
    • Security measures
    • Responding to data breaches
    • Audit rights

Benefits

The panel will review these and other relevant issues:

  • Which data protection laws require DPAs?
  • What are the required terms of a DPA?
  • What are the privacy and security considerations for DPAs?
  • What are the key considerations and what to watch out for when signing a DPA?
  • Do processors have to sign a DPA with their sub-processors?
  • What are the top pain points when negotiating DPAs, and what are some key compromise tips?
  • What are the penalties for noncompliance with the DPA requirements of the GDPR, CCPA, and other state privacy laws?

An encore presentation featuring Q&A.