La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

CyberSecurity in the Cloud by Jervan Wiltz

3 pages
Customers that enter into agreements with VDR service providers must be cognizant of the allocation of risk and damage limitations that apply to security breach situations. VDR agreements often require the customer to bear sole responsibility for monitoring, preventing, and notifying the VDR service provider of, unauthorized access.
Voir plus Voir moins
CyberSecurity in the Cloud: Virtual Data Rooms—Part II by Jervan Wiltz
Virtual data room (VDR) service providers give their customers access to technology that ofers a paperless data room For purposes oF disclosure and document sharing. VDR’s are typically used For mergers and acquisitions, pre-IPO due diligence review, bankruptcy and restructuring, and other transactions. In connection with such transactions, these Internet-based document repositories capture, transmit, handle and store conîdential, proprietary and sensitive inFormation regarding their customers and clients oF their customers. As a Follow-up to our initial post regarding VDR data security (here), the Following discussion addresses the type oF risk that a compromised VDR could create and how the contractual arrangements between VDR service providers and customers typically address such risk.
Risks of VDR Breaches
Unauthorized access to a VDR could result in widespread irreparable damage to any number oF parties. More speciîcally, exposing material agreements that are stored in a VDR to an unauthorized third party could
cause a breach oF a duty oF conîdentiality or nondisclosure. urthermore, leaks oF proprietary inFormation caused by a compromised VDR can negatively impact the value oF a business, its market share, investor return, and competitive advantage.
Vendor Liability for VDR Breach
In order to engage a VDR service provider and gain access to its online soFtware, prospective customers enter into contractual arrangements with VDR service providers. The terms and conditions oF such agreements oFten allocate the risk oF unauthorized access oF the VDR to the customer. Under some VDR agreements the customer is solely responsible For the security oF its password and data, to monitor activity on the subscribed VDR platForm and to promptly report unauthorized access to the VDR service provider. VDR customers must have procedures in place to limit who is granted access to the VDR, as well as procedures to limit access to parties aFter their participation in the transaction has ended.
Additionally, some VDR service providers will disclaim all warranties and require an acknowledgement regarding the potential oF the security oF its platForm to be compromised. urther, a VDR service provider oFten bargains For provisions that exclude its liability For indirect damages to its customer (e.g., damages to a customer caused by a third party) and that cap its liability For damages that arise in connection with the agreement to provide VDR services. Lastly, in such agreements, a VDR service provider may limit its duty to indemniFy the customer and instead obligate the customer to deFend the VDR service provider against certain claims related to customer content stored in the VDR. Such provisions, though not necessarily unreasonable, allocate a signiîcant amount oF the risk oF data breach (iF not all oF the risk) to the customer.
Customers that enter into agreements with VDR service providers must be cognizant oF the allocation oF risk and damage limitations that apply to security breach situations. VDR agreements oFten require the customer to bear sole responsibility For monitoring, preventing, and notiFying the VDR service provider oF, unauthorized access. VDR’s have become a common and oFten essential aspect oF M&A transactions, but all parties are advised to understand the corresponding risks and potential exposure.
About Jervan Wiltz Jervan WiltzFocuses his practice on corporate and securities transactions. He has extensive experience draFting subscription agreements and ofering materials including disclosures regarding risk Factors, MD&A, related party transactions, security ownership oF beneîcial owners and management, description oF other indebtedness and non-GAAP înancial measures. He also structures înancing and private equity investment transactions and mergers, acquisitions, and dispositions oF securities and assets.
or more From Mr. Jervanclick here