Information Technology, Data and Privacy

Information Technology, Data and Privacy


Fluent in IT Transactions

Schiff Hardin’s Information Technology, Data & Privacy group helps our clients navigate the ins-and-outs of information technology issues. We have extensive experience with traditional software licenses as well as modern alternatives such as Software as a Service (SaaS), Application Service Provider (ASP) and cloud computing arrangements. 

We represent both licensors and providers of IT resources as well as the customers who use them. We’ve helped clients work out contracts with major software vendors such as Computer Associates, SAP, IBM and Microsoft, as well as with major providers of cloud or web services, including Salesforce, Compuware and Oracle. We helped our client Do it Best negotiate a complex SaaS license for a new e-commerce platform. Under the arrangement, the provider agreed to customize the core ecommerce software for the client’s needs and then host the software for use by Do it Best’s customers. The agreement dealt with complex issues relating to customization, maintenance, support and hosting of the ecommerce platform as a service offering.

Thoughtful Negotiation of Service and Software Agreements

We help our clients think through and identify issues relating to their own service and software offerings in order to make their agreements as comprehensive as possible but to also make them signable without the need for extensive negotiation with individual customers.

Our payroll services client provides a variety of workforce management tools and services to its business customers, including payroll processing, HR management, benefits and retirement plan processing. These offerings are provided on a service bureau basis and accessed online by the client’s customers. We helped the client negotiate agreements with different SaaS vendors for parts of the client’s service offering. Our counsel helped the client navigate the issues typically found in cloud computing agreements, including terms relating to service level agreements, uptime guarantees, indemnities, data access, disaster recovery and auditing.

Due to the sensitive nature of the personal data being processed, we provided advice on terms in the agreements relating to data security, privacy and liability for data breaches. In addition to working on the in-licensing issues, we also helped to draft the subscription agreement under which the client licensed out services to its customers. This involved being sensitive to (and passing through) certain terms relating to service levels, limits of liability and restrictions that were imposed by underlying service vendors.

Practical Help with Consulting Projects

We offer clients a comprehensive suite of services related to information technology. Our work has included the preparation of numerous agreements commonly used for various IT and consulting services, including development, implementation, training and testing services. We are fluent in issues relating to project management and acceptance criteria and approach these issues from the standpoint of the client’s business objectives. We collaborate with our clients to find tailored solutions in the complex arenas of intellectual property ownership, exclusivity, limitations of liability and indemnification. Often called on to help clients deal with issues involving the distribution and use of open source software, we regularly analyze open source licenses and provide practical solutions to mitigate identified risks.

We have extensive experience negotiating consulting agreements for technical services, management consulting, and software development with major consulting companies such as IBM, KPMG and Accenture. We regularly prepare development agreements for the creation of custom software systems, implementation agreements for the installation of software systems (including Enterprise Resource Planning systems), maintenance and support agreements (including Service Level Agreements), confidentiality agreements and source code escrow agreements.   

We helped a mid-size consulting services company standardize all of its forms for consulting and development services. Our work involved meeting with the client to identify important issues, such as reuse of developed software routines and infringement indemnification, in order to develop a simplified contract that could speed up the project bidding and negotiating process.

Full Service E-Commerce Counseling

We advise clients on the full range of transactional needs for setting up, operating and maintaining e-commerce businesses. Our lawyers are known for their success in helping online businesses with their key asset – their website.  We routinely help clients draft and negotiate agreements to develop websites and license content. We have extensive experience negotiating website hosting and Internet access agreements with a variety of telecom providers including Sprint, MCI/Verizon and AT&T. Our team regularly drafts online terms for the operation of websites, including terms of sale, terms of use and privacy policies.  We are fluent in issues relating to online and electronic contracting, including click wrap and shrinkwrap licenses, online purchase orders and subscription agreements. We also counsel clients on branding issues, and help them obtain patent, trademark and copyright protection for their e-commerce assets.

Once the client’s website is up and running, we provide comprehensive counseling relating to the operation and protection of their website and the enforcement of their intellectual property rights. We help clients police the use of trademarks online and deal with infringement claims, including those arising from misuse of a client’s copyrighted website materials. We offer astute advice on e-commerce issues relating to meta tag and keyword usage, spam, domain name disputes, defamation and encryption. We routinely negotiate a variety of commercial agreements relating to the purchase and supply of products and services for online companies including payment processor, distributor, supply, value added reseller, and OEM agreements.

For example, we represent QuikOrder, which provides the systems that operate the Pizza Hut online ordering Web site, private labeled "Powered by QuikOrder" for Pizza Hut. We worked with QuikOrder to negotiate a complex agreement that involved Web services, custom application development, hosting, and translation, for taking and routing orders to domestic and Canadian Pizza Hut stores. We provided e-commerce patent advice to QuikOrder regarding all aspects of their proprietary system, including issued and pending patent applications.

We represent Collections Etc., Inc. with respect to privacy issues, intellectual property ownership issues, and negotiating contracts with a variety of e-commerce vendors, including software licensors and implementers.

In-Depth Advice on Privacy Protection

Our Cybersecurity and Data Privacy lawyers come from a variety of substantive practice areas to assist clients in understanding and complying with the various international, federal, state and local laws and regulations that govern the collection, protection and sharing of personal information. Our work in this area includes:

  • Preparation and enforcement of privacy policies and procedures
  • Negotiation of appropriate contracts to protect and share personal information
  • Counseling on data security measures and standards, including compliance with Payment Card Industry (PCI) Data Security Standards and the NIST Cybersecurity Framework
  • Advising clients on online data collection and crafting website privacy policies
  • Drafting data retention and deletion policies
  • Providing clients with periodic alerts concerning data privacy issues and developments
  • Compliance with industry-specific privacy laws, such as those applicable to medical data (HIPAA) and financial data (Gramm-Leach-Bliley)


We regularly advise clients about data breaches, such as those that occur through hacking, lost laptops or theft of data. We coordinate forensics investigations of breach incidents. We help clients navigate the maze of applicable state laws to craft a response and provide appropriate notification of the data breach to affected persons. Our advice on the appropriate use of personal data for commercial email and direct mailings, includes guidance on compliance with spam laws.

Our work in the privacy area has been for clients of various sizes in a variety of industries, including large manufacturers, multinational corporations, online retailers, not-for-profits, and online service providers. We counsel multinational clients concerning compliance with international data privacy regimes, including the EU Privacy Directive and the related Safe Harbor and model data sharing contracts.

We advised a national professional organization in responding to a national security breach involving the unauthorized disclosure of names and personal information. We helped to investigate the incident, conducted training, and drafted compliance policy procedures to address privacy, data security and notification laws. In helping an international company respond to a national security breach involving the unauthorized disclosure of credit card numbers and customers, we drafted an incident report that outlined the security breach, identified security weaknesses and recommended remedial measures.