Published on:

The phrase “e-commerce transactions” invokes thoughts of a complicated and technical phenomenon.  In fact, many people partake in e-commerce transactions every day.

What is an e-commerce transaction?

An electronic commerce (a/k/a “e-commerce”) transaction involves a commercial transaction that takes place over the Internet. So, any trading of products or services over any electronic network, including, but not limited to, the Internet, is considered a part of e-commerce. The e-commerce transactions covered by the term include, business-to-business, business-to-consumer, consumer-to-consumer, and consumer-to-business.  There are three categories of e-commerce transactions. There are agreements with: (1) Shrinkwrap terms—when a tangible product is delivered to a physical address usually in shrinkwrap or clear packaging; (2) Clickwrap terms—in which a digital product is delivered over a network (e.g., e-book); and (3) Browsewrap terms—when terms are agreed to in order for a consumer to access and use a website.  However, e-commerce does not always involve actual money.   The transaction can involve e-cash, digital currencies (e.g., Bitcoin), or services.

What problems face e-commerce transactions?

The problems facing e-commerce transactions involve many of the same issues business transactions face. They can include contract breaches, copyright issues, and governmental regulations. One of the main issues involves jurisdiction over disputes. E-commerce transactions have become so accessible that cross-border transactions are normal. Cross-border transactions involve state-to-state transactions and country-to-country transactions. This means that multiple states may have jurisdiction if there is a dispute, but also calls into question which national or international regulation is applicable. Another issue is the ability to track down intellectual property (e.g., copyright, trademark, patent) violators. For example, the intellectual property violators can upload files to a third-party website that resides outside of the United States. They can also use certain programs or applications (e.g., TOR) to remain anonymous. A company may become liable for sharing or disclosing confidential information of its customers with third parties. A company can be liable for trademark infringement if it violates a third-party’s trademark. Also, if the company registers a domain name (e.g., that correlates with a registered or common law trademark (e.g., XYZ) it may be subject to a complaint under ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP), or the Anti-cybersquatting Consumer Protection Act (ACPA). Finally, aliases and privacy laws may cause challenges in locating the violators on the Internet and filing lawsuits in the proper jurisdiction.

An example of an e-commerce transaction that involved issues of jurisdiction and freedom of expression is Yahoo!, Inc. v. LICRA.  In 2000, a lawsuit arose in France against Yahoo due to the selling of Nazi memorabilia on its network.  The French court decided it had jurisdiction over Yahoo and that it could block 70-90 percent of the French public from accessing its network because the selling of Nazi memorabilia conflicted with French laws.  Although, Yahoo has allegedly changed its policies since this case, however, it has made attempts to appeal the ruling in California and argue over jurisdiction. This case demonstrates that when a business engages in online transactions within different states or nations, then multiple states or nations can claim jurisdiction and leave it vulnerable to legal liability.

At our law firm, we assist clients with legal issues related to Internet, technology, and e-commerce transactions. You may contact us to set up an initial consultation.

Published on:

The Internet of Things (“IoT”) is the network of electronic devices that communicate with each other via the Internet without human intervention.  It has caused concerns regarding security since vast amounts of unsecure electronic devices are being used to send and receive information. Furthermore, the data breaches that lead to the loss of privacy have become more common as the Internet is used to connect electronic devices via private and public networks.

What is the proper security level for electronic devices?

Electronic devices that connect to each other over the Internet were created to transfer information, but were not originally designed with proper security features. What is the proper security level when electronic devices are interconnected? In order to avoid unauthorized access, security precautions should be implemented within the electronic devices and computer networks. For example, firewalls, encryptions, intrusion detection systems, and multi-factor authentications should be implemented as preventive and reactive measures. The electronic devices—which are accessed via the Internet—should be segmented into their own network, and include network access restrictions.  Also, consumers should change the default passwords on smart devices and implement strong passwords.

A corporation’s servers must be properly updated and secured to prevent unauthorized access by third parties. A skilled hacker can connect to a network server and gain access to confidential information (e.g., trade secrets) in a short amount of time.  Information transferred wirelessly to and from printers, mobile phones, or other electronic devices is susceptible to unauthorized access. Also, hackers can implement an IoT Botnet, which comprises of a group of compromised electronic and Internet-connected devices that have been setup for illegal purposes.

In general, public Wi-Fi is a concern because it is used regularly to connect multiple electronic devices to the Internet in public places (e.g., cafes, airports).  A person’s electronic device (e.g., smartphone, laptop) can store and remember the network login/password upon return to the public places and connect automatically. Although, information may be encrypted on electronic devices, cyber criminals are becoming more capable in decrypting information, or using the illegally-obtained information for fraudulent transactions (e.g., online banking fraud, credit card fraud).

What are the main concerns over local and national security?

The government can use this new technology in order to battle crime and enforce the law.  For example, Drones (a/k/a “Unmanned Aircraft Systems” or “Unmanned Aerial Vehicles”) have become an important concern for law enforcement.  They are accessible to the public and are being used to collect information and to view public or private spaces. Government owned and operated drones may be accessed by hackers by tapping into their systems without authorization.  Safety concerns, from the use of airspace, to the potential use of terrorism, are being faced by organizations which are trying to enhance security.  Law enforcement agencies use drones for the surveillance of individuals.  The ability to track individuals via electronic devices has been useful, but it remains controversial.  Also, security measures must be implemented in order to enforce local and national security when using drones and similar surveillance devices.

At our law firm, we assist clients with legal issues related to internet and technology laws. You may contact us to set up an initial consultation.

Published on:

A quantum computer is a highly-advanced computer system that works exponentially faster than today’s conventional computers. Quantum computing is the practice of studying quantum computers and their potential. This practice is growing and has caused the rapid decrease in the size of computers at the same time as these systems are rapidly increasing in their capability. However, quantum computers are still being developed and have not yet become accessible.

What is a quantum computer?

A quantum computer is an advanced computer system. Quantum computing studies theoretical computation systems which use quantum-mechanical phenomena (e.g., superposition, entanglement) to perform data operations.  While the average computer’s memory is made up of bits, a quantum computer’s memory is made up of qubits.  A regular computer saves information in binary form using zeroes and ones, which are called bits. These strings of numbers, which are comprised of 0s and 1s, create codes that instruct the computer on how to proceed. However, a qubit in a quantum computer is a particle (e.g., atom, electron, photon) which is manipulated to store information. It is a two-state quantum-mechanical system, such as the polarization of a single photon, which can be vertical and horizontal polarization.  So, the particle is manipulated in its quantum properties, like its spin or polarization, and can have multiple properties. Because of the flexibility and variation of qubits, more information can be stored on a quantum computer. Most importantly, information can be processed at an exponentially faster rate. For example, a problem that would take a conventional computer several minutes to solve due it its complexity, could be solved in less than a second by a quantum computer. This is because today’s conventional computers must go through each problem one step at a time, where a quantum computer has the ability to solve multiple problems instantaneously.

What are the legal ramifications of quantum computing?

Quantum computers have the ability to affect many industries, including, but not limited to, technology, financial, pharmaceutical, and automotive sectors.  The positive effects of quantum computers seem real and exciting. For example, new scientific discoveries can bring valuable benefits towards society.  However, the regulation of this new technology is a major concern.  This is especially true because quantum computers are able to decipher (i.e., decrypt) encrypted information at a remarkable speed.  This can lead to privacy concerns when the confidential information of consumers has been uploaded onto the cloud, with the assumption that it is safe because it is encrypted.  In other words, communications between consumers and financial institutions could be accessed by anyone with a quantum computer.

One question is whether the National Security Agency should be permitted to use quantum computers in order to gain access to information? At this time, Google is probably working on methods to repel the attack of the NSA quantum computer. What happens if a quantum computer is used to hack into third-party computers? These are issues that will be unfolding in the near future.

At our law firm, we assist clients with legal issues related to internet, technology, and privacy laws. You may contact us to set up an initial consultation.

Published on:

Class certification can be a complicated issue that does not just rely on fulfilling the usual requirements. For example, in Gass v Best Buy Co., Inc., an issue of fact had to be determined in order to confirm the class action certification.

What was the court’s decision in Gass v. Best Buy Co., Inc.?

Gass v. Best Buy Co., Inc. was a class action that failed due to the way plaintiffs’ claim was brought.  In this case, multiple parties brought separate lawsuits against Best Buy claiming that its practices were against the Song-Beverly Credit Card Act. The claimants then merged their claims. The “class” claimed to be representing [a]ll persons from whom Defendant requested and recorded personal identification information in conjunction with a credit card transaction… and a subclass of those who were asked for their information relating to the pre-enrollment . . . in Defendant’s Reward Zone program in conjunction with a credit card transaction.” The Song-Beverly Credit Card Act says that companies may not request or require, as a condition to accepting the credit card, the cardholder to provide personal identification information. The practices in question were: (1) when employees asked customers for additional information if they agreed to be in the Rewards program; (2) when customers were asked for their phone number if they forgot their member cards; and (3) if a card failed to swipe on a charge over $100, the customer would be asked for a zip code in order to look up his/her information. First, the court determined that these requests for identification were not illegal. Second, since the requests for information were not a violation, the court ruled that plaintiffs could not be certified as a class. This was because the definition of those affected was overbroad and included customers who may not have suffered any violation. The court ruled that, if the plaintiffs wished to pursue a specific violation, each could proceed individually.

Does the Song-Beverly Credit Card Act apply to online transactions?

Although, the Song-Beverly Credit Card Act applies to in-store purchases, however, two cases have made it clear that it does not apply to online transactions. The court in Apple v. Superior Court concluded that the statute does not apply to online transactions that involve downloading information. The goal to prevent online fraud was a greater concern than consumer privacy. The case of Michael Ambers v. Beverages & More, Inc. took the protection of online companies further, allowing personal questions to be requested for online transactions even when the individual is picking up an ordered product online. The reasoning was that once the card is charged, the product is no longer the store’s to withhold until receiving further confirmation of the cardholder’s identity.

At our law firm, we assist clients with legal issues related to class actions and legal compliance. You may contact us to set up an initial consultation.

Published on:

The Internet of Things (a/k/a “IoT”) functions through smart devices that communicate with each other and collect data without human interaction. These devices include smart cars, smart homes, smart hospitals, smart highways, or smart factories.  However, the lack of security protecting information is creating privacy concerns as data is collected by companies and shared with third parties (e.g., marketing firms, governmental agencies).  Also, the smart device can be accessed without authorization (i.e., hacked) by third parties and its information can be used for various illegal purposes.

What is the Internet of Things and what private information does it hold?

According to the Organization for Economic Cooperation and Development (“OECD”), one of the Fair Information Practice Principles is the collection limitation of personal data. Stated otherwise, data should be collected with the owner’s consent, through fair and lawful means, and should be limited.  The OECD has issued its guidelines that are considered as minimum standards for the protection of privacy and individual liberties.  From a practical standpoint, these principles (and relevant guidelines) should be uniformly enforced in the United States and other countries.

The Internet of Things is the term for the network of objects that are connected and controlled remotely while collecting data. For example, fitness trackers connect to your smartphone and show where you have been running, how fast you have been running, and are used by people to keep track of their eating habits.  In general, the information in the Internet of Things differs from the information on the Internet because most of the information on the Internet (i.e., world-wide-web) is public.  One of the main electronic devices that collects data is a smartphone. When using apps, data is collected from a number of things that are private.  For example, apps can collect data for advertising companies, product development companies, and even the government.  Although, it may seem that this information is harmless, however, information such as bank accounts, credit card numbers, or social security numbers constitute private information.

What are the effects of a privacy breach?

One of the most recent, and widely discussed incidents, involves the Internet of Things in relation to automobile systems. In fact, in July 2015, Fiat Chrysler was required to recall 1.4 million vehicles due to computer hackers’ access into their vehicle’s dashboard connectivity system, which was called “Uconnect.”  Although, an obvious concern is the security risk of hackers being able to remotely control the vehicle, the other concern is protecting the privacy of data that the vehicle holds within its computer system. The data may include a person’s contacts, where he/she drives and how he/she gets there, his/her music preferences, and other information that a person would consider as private. From shopping to the games played, the food eaten to the pregnancy monitoring, private information is available and collectable by and through smart devices that are within the realm of the Internet of Things. Therefore, a privacy breach may result in identity theft and invasion of privacy.

At our law firm, we assist clients with legal issues related to privacy, cloud computing, and cybersecurity. You may contact us to set up an initial consultation.

Published on:

The term “fraud” invokes the same general meaning whether applied to acts on the Internet or in more traditional forms. The difference with Internet fraud is that it occurs on the web and the number of people who may fall victim to the same violation. This situation lends itself to class action lawsuits due to large numbers of consumers alleging the same harm against the same defendant.

What is Internet fraud?

The term “Internet fraud” includes a wide range of actions.  In general, “fraud” is defined in Black’s Law Dictionary as “[a] knowing misrepresentation or knowing concealment of a material fact made to induce another to act to his or her detriment.” Therefore, incidents such as emails promising money or misrepresentations in website’s terms of use are considered fraud. Under California law, a plaintiff must show that: (1) a misrepresentation occurred; (2) defendant knew the information was false; (3) defendant had the intent to induce reliance; (4) plaintiff relied on the false information; and (5) reliance was the cause of damages to plaintiff.

The fraud referred to under the Computer Fraud and Abuse Act mostly involves unauthorized access to a computer. According to the FBI, the list includes: internet auction fraud, non-delivery of merchandise purchased online, investment fraud, business fraud, email scams and identity theft. In order to prevent falling victim to online fraud, the FBI recommends that consumers only use credit cards on reputable websites and understand their terms and conditions. The FBI wants consumers to be cautious and not believe any website or email promising large sums of money or believe that a website is credible simply because it looks professional. For example, the terms and conditions of online auctions or websites requiring a registration process frequently define the consumer’s obligations.

How do class actions relate to Internet fraud?

Those who commit Internet fraud can be prosecuted both criminally and civilly. However, class actions can only be used for civil lawsuits. Class actions are becoming more frequent as the number of large-scale crimes are increasing. The elements of numerosity, commonality, typicality, and adequacy of representation needed to qualify for class action certification are easily met when large groups of consumers are negatively affected in the same way. A recent case, that has been cited in three large class action decisions against Target, Zappos and JP Morgan Chase bank, is In re Sony Gaming Networks and Customer Data Security Breach Litigation. The plaintiffs were successful in alleging fraud based on Federal Rule of Civil Procedure 9(b).  More significantly, the ruling allowed plaintiffs to recover damages based on the credible threat of impending harm from identity theft, even though no measurable harm had yet been enacted.  The ability to recover damages in a high-tech/cyberspace case is limited due to the frequent inability to show actual damages or the likelihood of future damages.

At our law firm, we assist clients with legal issues related to internet fraud and class actions. You may contact us to set up an initial consultation.

Published on:

According to its website, the Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. LifeLock has used the massive security breaches of companies like Anthem and Target to increase its membership. On July 21, 2015, the Federal Trade Commission (FTC) claimed that LifeLock—an identity theft protection company—has violated a 2010 Settlement it had made with the agency and thirty-five state attorneys general. This assertion was made due to LifeLock’s alleged misrepresentation of its security capabilities and failing to take steps to protect consumers’ information.

What is the Federal Trade Commission’s responsibility?

The FTC was created to prevent anti-competition business practices and protect consumers against deceptive or unfair business dealings. The Federal Trade Commission Act (which incorporates the U.S. Safe Web Act amendments of 2006) sets the parameters for how the agency can prosecute companies, which it believes are misleading consumers through false or deceptive advertising.  In fact, sections 45 and 52 of the statute indicate that, when a company commits an unfair act or deceptive practice, “and if it shall appear to the Commission that a proceeding … would be to the interest of the public, it shall issue and serve … a complaint stating its charges …”   In addition, section 52 addresses the illegality of false advertisements, which would be likely to induce consumers to purchase a product.  Although, LifeLock was not advertising a product, it was falsely advertising services, so consumers were induced to buying memberships.  Therefore, the FTC is utilizing its ability to prosecute companies for violating the law.

Why is the case being prosecuted and how can it proceed?

LifeLock claims that it could prevent its members from being the victims of identity theft if they paid its monthly membership fee. The FCT had a settlement in 2010 requiring LifeLock to cease its deceptive claims that the data it retained was encrypted, that information was only shared on a “need to know basis,” that members would immediately be notified of any identity breach, and that LifeLock uses all means possible to keep the personal information of it members secure. The FTC was able to prove that LifeLock’s claims were misleading compared to its actual capabilities and they settled for $12 million. Nonetheless, this recent claim indicates that LifeLock has not maintained its part of the settlement by failing to protect its users’ information, not keeping the records it was required to keep, and making deceitful claims towards consumers.

It seems that the FTC will continue to prosecute LifeLock. A class action lawsuit has been filed, but a class status has not yet been granted by the court. The difficulty with class action lawsuits for identity theft is proving actual damages, since identity theft could be used to make purchases, disseminate viruses, or send spam emails. As class action lawsuits continue after the FTC prosecution of companies that do not protect their members’ data increase, this question should be answered.

At our law firm, we assist clients with legal issues related to online privacy and cybersecurity. You may contact us to set up an initial consultation.


Published on:

Although, most people may think they understand what a class action is, however, the reality is more complex. A group of people cannot just bring a class action without following specific procedures. Notwithstanding the procedural impediments, however, in recent times, more class actions have been filed as the Internet is used as a primary source of communications, research, and transactions.

What is a class action lawsuit?

A class action is brought by a large group, usually under the name of one of the claimants or plaintiffs. In fact, Rule 23 of the Federal Rules of Civil Procedure clarifies when and how a class action can be brought to federal court. First, the class must be so numerous that joinder of all members is impracticable. In the past, classes have been certified with as few as 35 members, but normally there are large number of individuals in the class. Second, there must be questions of law or fact common to the class. One or more persons who are members of the class may sue or be sued as representatives of everyone in the class if their claims or defenses are typical of the claims or defenses of the class, and if they will fairly and adequately protect the interests of the class.  These four basic requirements are often referred to as numerosity, commonality, typicality, and adequacy of representation.

The court then has to determine whether the group can be certified as a class in order to proceed with the lawsuit. The members of the class should be informed of any settlement between the parties.  Class actions can only be brought in civil cases, but are not simply about money. They can be brought to obtain injunctive relief (i.e., a court’s restraining order). This has occurred for multiple purposes from civil rights to environmental issues.  However, cases involving internet-related violations, such as online privacy and cybersecurity, are particularly challenging because there is a lack of actual damages. In most cases, the plaintiffs claim that there are foreseeable damages—i.e., potential loss, which may or may not occur in the future.

What does it mean for companies?

Nowadays, companies are being sued for damages or injunctive relief due to privacy or cybersecurity violations. In general, organizations must comply with the industry standards in order to fulfill their obligations towards customers. They also must adhere to their own terms and conditions, which was agreed to by their customers. The biggest problem companies face is when they are hacked and information is either taken to be sold (e.g., credit card numbers) or the information is taken to be leaked (e.g., Ashley Madison data breach) in the future.  In these situations, it may takes a long time to determine who, when, where, how, and why the company’s network was infiltrated by the culprits.  So, in most circumstances, the customers of e-commerce websites have no one to seek relief against, but from the companies directly. Therefore, companies need to protect themselves by implementing proper security measures, including, but not limited to, the following: (1) Intrusion detection system; (2) Firewall; (3) Encryption; and (4) Multi-factor authentication. An intrusion detection system is hardware or software that monitors a computer network for malicious transactions. A firewall could be hardware or software that prevents unauthorized access to private networks. Encryption translates a file into a secret code in order to prevent access except when there is a private and public key that unlock the secret code.  A multi-factor authentication combines two or more independent credentials in order to grant access to a secure file. For example, one way is to require the user to enter a password, a security token, and his/her biometric data via fingerprint, retina scan, or facial recognition software into the system.  On a side note, companies should purchase cyber insurance policies in order to limited their liability.

At our law firm, we assist clients with legal issues related to class actions and internet-related issues. You may contact us to set up an initial consultation.

Published on:

Cloud computing is subject to certain complexities due to the interplay of international organizations, international users, and Cloud Computing Service Providers (collectively “CCSPs”). In essence, the owners, operators, and users of CCSPs may be subject to both national and international laws.  Furthermore, as recent events have indicated, they may face risks when it comes to data privacy and security.

What does international law mean for cloud computing?

The authority that each state has in regards to jurisdiction is a grey area. For example, the Permanent Court of International Justice considers states as having no restriction on exercising jurisdiction on other states. This is the case, unless there is a prohibition under international law. For the most part, international law is considered private law, which revolves around contractual provisions. On the contrary, organizations like the European Union, which regulate cloud computing, operate under public law. For this reason, cloud computing falls under both public and private laws. Because of this, it is difficult to coin cloud computing as a public structure for the purpose of protecting against CCSPs.  Additionally, the Restatement of Foreign Relations Law, Section 403, affects jurisdictional issues. This section provides that “a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable.”

What does the territorial principle mean for cloud computing?

The territorial principle is classified under both subjective and objective aspects. First, the subjective aspect provides that states can enforce laws in their own geographical territories. This is important in regards to geographical territories that have had their jurisdiction extended due to consummation. The subjective aspect is important in holding CCSPs accountable for cloud computing regulations. This way, when borders are crossed, regulations are not overlooked, and liability is still assigned when data is transferred across borders. Second, the objective aspect of territorial jurisdiction extends to actions that occur in another state, but have an effect within the state that is enforcing jurisdiction. The objective aspect is important for extraterritorial jurisdiction that is applicable to cybercrimes taking place across international borders.

How does corporate citizenship factor into international laws?

Because corporations function as separate entities, there is an on-going disagreement around corporate citizenship when it comes to international law. Pursuant to 28 U.S.C. § 1332(c)(1), a corporation is a citizen of any state by which it has been incorporated and of the state where it has its principal place of business. However, this is usually not as simple as it sounds. For example, a corporation may have been incorporated in Los Angeles, California, but holds its principal place of business in another state.  Moreover, if a CCSP has a subsidiary in the country it operates in, the subsidiary would need to follow the host country’s regulations. Regardless of the citizenship of the corporation or individual utilizing the CCSP, it is important that the international laws for cloud computing become standardized.  A state must be able to regulate cloud computing while recognizing international authorities.  Hence, with the rise of technology, uniform laws should be implemented in the near future. This way, international laws for cloud computing will move towards standardization.

At our law firm, we assist clients with legal issues related to cloud computing and international laws. You may contact us to set up an initial consultation.

Published on:

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation.  At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes.  This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

What dangers can cloud computing users face?

Cloud computing service providers are ultimately concerned with making profit and minimizing their risk. Because of this, mandatory contracts have been implemented, so that users agree to terms and conditions before uploading data into the cloud. These are called cloud Service Level Agreements (i.e., “SLAs”). In fact, cloud SLAs determine the relationship between the cloud computing service providers and users. Often times, the terms of service that cloud computing service providers present can be complicated. The intention may be to catch users off-guard. In addition, providers are careful to allow themselves discretion regarding the modification or screening process of user content. This industry does not have formal regulatory standards. For this reason, several organizations (e.g., Federal Trade Commission) have been formed to protect consumers.

What actions have been taken to ensure security in cloud computing?

The juxtaposition of the vague terms and conditions and lack of formal standards has given rise to organizations aiming to protect users. For example, they include, the National Institute of Standards and Technology, International Organization for Standardization, and Cloud Security Alliance. Many companies have taken a stand against setting regulations on cloud computing, since it will likely drive down their profit maximization. Major companies have refused to join standardization organizations. For this reason, there has been an increased call for the security and risk of cloud computing. The European Union is currently taking action by evaluating what has not been covered in the Regulation on Common European Sales Law in order to create a regulatory framework to decrease risk for consumers. It has also adopted the “Unleashing the Potential of Cloud Computing in Europe” strategy. However, a divide still exists in the legislation in the United States and the standards set in place by the European Union.

At our law firm, we assist clients with legal issues related to cloud computing and security. You may contact us to set up an initial consultation.