Photo of Lorna J. Tang

Lorna’s practice focuses on a variety of corporate transactions, including mergers and acquisitions via asset sale or stock sale, technology, outsourcing and general services transactions. She regularly reviews, drafts, analyzes and/or negotiates various contracts, including technology licensing agreements, asset purchase agreements, stock purchase agreements and ancillary acquisition documents, assignment agreements, intellectual property security agreements, hosting and software agreements, government contracts and subcontracts, and supply and other technology agreements.

Zoom’s video communications platform service and its data privacy issues and security vulnerabilities have been a very hot topic of late, covered by numerous media outlets and in our recent Password Protected post.  Due in part to the COVID-19 pandemic and resulting “stay-at-home” orders, as well as Zoom’s user-friendly set up and ability for large numbers of people to join a meeting for free, Zoom use has grown exponentially, from 10 million daily meeting participants pre-pandemic, to over 300 million daily meeting participants in April 2020. In an April 23, 2020 executive letter, Zoom touted use of its platform by over 100,000 schools and universities, U.S. and foreign governments, and numerous companies, including many Fortune 500 companies, located in over 226 countries and territories around the world.
Continue Reading Are We (Finally) Ready to Zoom?

Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the wake of the COVID-19 pandemic.  In response, senior Democratic members of the Senate and House of Representatives introduced their own framework for protecting the privacy of individuals in light of the development of tools for tracking and containing the spread of the virus.

The Public Health Emergency Privacy Act

Senators Richard Blumenthal (D-CT) (Ranking Member of the Senate Commerce Committee’s Manufacturing, Trade and Consumer Protection Subcommittee) and Mark Warner (D-VA) (Vice Chairman of the Senate Intelligence Committee) lead a bicameral group of 10 lawmakers on a Democratic version of federal consumer privacy legislation as it relates to the coronavirus pandemic.  The Public Health Emergency Privacy Act (the “PHEPA”), introduced on May 14, seeks to give individuals protection and control over their covered health data by adopting an express affirmative consent regime, along with enumerated requirements for businesses. For a helpful summary of the key similarities and differences between the PHEPA and the CCDPA, please see the Chamber Technology Engagement Center’s (C_TEC) COVID-19 Privacy Bill Comparison Chart.Continue Reading Privacy vs. Containment, Part 2: The Democratic Answer to a Framework for Federal Privacy Legislation on COVID-19

As the federal, state, and local governments and industry grapple with how to respond to and prevent the spread of COVID-19, a group of senior Republican senators recently announced consumer privacy legislation designed to protect personal “covered data” collected from consumers relating to personal health, geolocation, and proximity. The proposed legislation is a response to contact tracing solutions aimed at tracking the virus and those who may have been exposed to it.

The COVID-19 Consumer Data Protection Act of 2020

Senate Commerce Committee Chairman Roger Wicker (R-MS), Communications, Technology, Innovation, and the Internet Subcommittee Chairman John Thune (R-SD), Consumer Protection, Product Safety, Insurance, and Data Security Subcommittee Chairman Jerry Moran (R-KS), and Senator Marsha Blackburn (R-TN), who sits on both the Commerce and Judiciary Committees, introduced the COVID-19 Consumer Data Protection Act of 2020 (the “Act”) on May 7. According to the sponsors, the legislation is intended to provide consumers more transparency, choice, and control over the collection and use of their personal data, and to hold businesses accountable to consumers if these businesses use personal COVID-19-related data for purposes unrelated to the pandemic. As Subcommittee Chairman Moran stated, “while many businesses have taken well-intentioned steps to develop technological solutions to tracking, containing and ending the COVID-19 pandemic, Congress must address potentially harmful practices that could stem from these innovations if not held accountable.”Continue Reading Privacy vs. Containment: Federal Privacy Legislation Meets COVID-19

Personal information has become the prey of relentless poachers. In light of the influx of data breaches, state legislatures are taking action.  Not surprisingly, now every state has enacted data breach notification laws, which are triggered when personal information is breached.  Read below for a summary of relevant state legislation recently adopted or laws recently amended that pertaining to data breach notification.

Arizona

Arizona amended its data breach notification law, effective July 21, 2018. This amendment requires companies to notify affected consumers within a 45-day window upon discovery of a data breach. If the data breach impacts more than 1,000 consumers, companies must also notify the state attorney general as well as the three largest consumer credit reporting agencies. The state attorney general can also impose up to $500,000 in penalties for a company’s non-compliance.Continue Reading Updates to State Data Breach Laws

U.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017.

Most DoD contracts now include clauses imposing obligations on contractors’ protection of government information and reporting of cyber incidents. These obligations include a requirement for contractors to comply with the cybersecurity standards set forth in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.

Contractors must comply with the NIST standards no later than the end of calendar year 2017. Submission of a proposal to DoD now serves as a specific representation that the offeror meets these compliance requirements. Failure to meet the NIST standards potentially opens the door to more stringent government enforcement actions and liability under the False Claims Act.
Continue Reading DoD Cyber Compliance Deadline Fast Approaching – Here’s What Government Contractors Need to Know

Government agencies collect and hold massive amounts of personally identifiable information (PII), creating valuable targets for cybercrime. Recently proposed legislation would impose baseline standards for cyber hygiene on federal agencies. State and local governments, as well as private industry, should measure themselves against the same federal standards to protect against catastrophic loss of PII.

Security