Post on 16-Aug-2020
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.
Presenting a live 90-minute webinar with interactive Q&A
Drafting Big Data Licensing Agreements:
Maximizing Rights to Data While
Balancing Access, Use and Ownership IP, Privacy and Contractual Considerations for Licensors and Licensees
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
WEDNESDAY, FEBRUARY 3, 2016
Aaron K. Tantleff, Partner, Foley & Lardner, Chicago
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-961-8499 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail sound@straffordpub.com immediately so we can
address the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
In order for us to process your continuing education credit, you must confirm your
participation in this webinar by completing and submitting the Attendance
Affirmation/Evaluation after the webinar.
A link to the Attendance Affirmation/Evaluation will be in the thank you email
that you will receive immediately following the program.
For additional information about continuing education, call us at 1-800-926-7926
ext. 35.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
5 ©2016 Foley & Lardner LLP • Attorney Advertising • Prior results do not guarantee a similar outcome • Models used are not
clients but may be representative of clients • 321 N. Clark Street, Suite 2800, Chicago, IL 60654 • 312.832.4500
Aaron Tantleff
February 3, 2016
6
Licensing of database rights
– Outbound licenses
– Inbound licenses
Monetization of assets
Mistaken form of license
Traditional data license versus big data
license
Nature of data
©2016 Foley & Lardner LLP
Aaron Tantleff
7 ©2016 Foley & Lardner LLP
Aaron Tantleff
Big Data
Volume
•Enterprise Data
•Transactional Data
•Social Media
•User Data
•Public Data Value
•Modeling
•Prediction •Management
Variety
•Structured & Unstructured
•Databases
•Data Types
Veracity
•Data Quality
•Uncertaintiy •Security
Viability
•Selection
•Relevance
•Relationship
Velocity
•Data in Motion
•Algorithms •Data Streams
•Real Time
8
Database Rights
Copyright
– affords the creator (“author”) of an original work
with significant protections
– ability to take legal action against a party who
improperly accessed, used, or disclosed the
copyrighted material
– individual elements of data that make up a
database are not generally copyrightable, but
their compilation into a database is
©2016 Foley & Lardner LLP
Aaron Tantleff
9
Trade Secrets
– governed by state law
• all states (excluding New York and Massachusetts), the District
of Columbia, Puerto Rico, and the US Virgin Islands have
adopted a variation of the Uniform Trade Secrets Act
– set of information or a compilation of information that is not
generally known or reasonably ascertainable by others, by
which a business can obtain an economic advantage over
competitors or customers, and is the subject of reasonable
efforts by its owner to maintain its confidentiality
– requires contractual protections to protect database
Contractual
©2016 Foley & Lardner LLP
Aaron Tantleff
10
Information security obligations
established via laws, regulations and
contractual standards
Conflicting jurisdictional laws and
regulations as well as ambiguous
Security and breach notifications laws and
regulations
©2016 Foley & Lardner LLP
Aaron Tantleff
11 ©2016 Foley & Lardner LLP
Aaron Tantleff
12
Protecting Corporate Assets
Establishing Diligence
Protecting Business Reputation
Minimize Potential Liability
©2016 Foley & Lardner LLP
Aaron Tantleff
13
“it’s all about the data”
“it’s all about confidentiality”
CIA
– Confidentiality
– Integrity
– Availability
©2016 Foley & Lardner LLP
Aaron Tantleff
14
CIA
Acting “reasonably” or taking “appropriate”
or “necessary” measures
©2016 Foley & Lardner LLP
Aaron Tantleff
15
Scaling security measures to reflect the nature of the data and threat
– Massachusetts Data Security Law:
• Safeguards that are appropriate to (a) the size, scope and type of business of the
person obligated to safeguard the personal information under such
comprehensive information security program; (b) the amount of resources
available to such person; (c) the amount of stored data; and (d) the need for
security and confidentiality of both consumer and employee information
– HIPAA Security Rule:
• (i) The size, complexity, and capabilities of the Covered Entity.
• (ii) The Covered Entity’s technical infrastructure, hardware, and software
• security capabilities.
• (iii) The costs of security measures.
• (iv) The probability and criticality of potential risks to ePHI.
©2016 Foley & Lardner LLP
Aaron Tantleff
16
the ability for a party to control the right of a
third party to access, create, modify, use,
repurpose, make available to others, and sell
data, as well as the ability to transfer and
assign these rights to others
modifications, enhancements, and other
revisions
Licensee’s investment in exploiting the data
Complicated by method of big data collection
©2016 Foley & Lardner LLP
Aaron Tantleff
17
Who’s the owner of the underlying, licensed data – Ownership as between the parties
– Ownership by a party
Who’s the owner of the derivative works resulting from licensee’s analysis of the licensed data – When combined with licensee data?
Restriction on licensing identical data sets to different licensees
©2016 Foley & Lardner LLP
Aaron Tantleff
18
Licensee’s contemplated use of the data
Licensor’s ability to capitalize on database
– Ability to recycle the data
– Reports
– Analytics
Impacts on exploitation
– Exclusive vs Non-exclusive
– Sublicensing
– Internal vs External use
– Combination with other sources
©2016 Foley & Lardner LLP
Aaron Tantleff
19
Potential to re-identify individuals due to ever expanding
datasets
Regulatory limitations and safe harbors
– Health Insurance Portability and Accountability Act (HIPAA) of
1996
• addresses the issue of de-identified data by providing for an expert
determination and a safe harbor if certain key pieces of information are
removed from the medical record
– Gramm-Leach-Bliley Act
• addresses the issue of anonymized data by defining personally
identifiable financial information as that which “does not include
information or blind data that does not contain personal identifies such
as account numbers, names or addresses”
©2016 Foley & Lardner LLP
Aaron Tantleff
20
Limit licensee’s use of the database to datasets that have
been anonymized
Prohibit a licensee from re-identifying any individuals or
combining the dataset with other datasets that would enable
any individuals to be re-identified
Prohibit licensees from using the data to take any action
based on re-identified data
Prohibiting licensees from using the datasets for unauthorized
purposes
Require licensee to notify licensor in the event licensee
determines that any individual was re-identified or that it is
determined that individuals could be re-identified.
©2016 Foley & Lardner LLP
Aaron Tantleff
21
Ensure datasets provided are properly de-
identified and comply with applicable privacy and
security laws
Ensure licensor has necessary rights to use and
provide the identifiable information
Provide licensee with notice should the licensor
discover that information provided is not properly
de-identified or that it has reason to believe that
such data could be re-identified
©2016 Foley & Lardner LLP
Aaron Tantleff
22
Provides a uniform, ready-made framework for due diligence
Ensures an “apples-to-apples” comparison of responses (e.g.,
in the context of a request for proposals [RFP] process)
Ensures that all key areas of diligence are addressed and that
none are overlooked
Provides an easy means of incorporating the due diligence
information directly into the parties’ contract. That is, the
completed questionnaire can be attached as an exhibit to the
final agreement between the parties
Places the third party on notice from the outset that
information security is a key consideration
©2016 Foley & Lardner LLP
Aaron Tantleff
23
Common technique used by licensors to
protect databases and detect unauthorized
copying
Seasoning of a database with dummy or fake
data that is difficult, if not impossible, to
detect by others
Larger the database, the more difficult it
would be for a third party to detect and
remove the salted data
©2016 Foley & Lardner LLP
Aaron Tantleff
24
Licensor’s broad rights of termination
– Licensee’s use of the licensed data in excess of the rights granted under the
agreement
– Licensor knows or suspects that de-identified individuals were or could be re-identified
– Licensee’s breach of any of the privacy and security standards
Licensee’s broad right of termination
– Database is found to be unreliable or outdated
– Database becomes the subject of an infringement claim
– Data becomes the subject of an intellectual property infringement claim
– Licensee knows or has reason to believe that the licensor does not have the
necessary rights or consents as required by the terms of the agreement or as
necessary in order for the licensee to fully exploit the database as provided for under
the agreement
– Licensee’s convenience
©2016 Foley & Lardner LLP
Aaron Tantleff
25
Revenue Models
– Cost of entry
– Royalty payments based upon
commercialization
– Milestone payments
Price Protection
– Fixed fee period
– Fixed or algorithmic fee adjustments
©2016 Foley & Lardner LLP
Aaron Tantleff
26
Warranties
Information Security Requirements
Indemnification
Limitation of Liability
Confidentiality
Audit Rights
©2016 Foley & Lardner LLP
Aaron Tantleff
27
Big Data is often made available as a research
tool
– Available at the licensee’s discretion and advisement.
– Licensee is generally responsible for determining the
applicability and legality of the use of the dataset and
any results in its sole and absolute discretion
– Losses and liabilities incurred by the licensee based
on any action or inaction taken by the licensee, as
between the Licensor and the licensee, are those of
the licensee
©2016 Foley & Lardner LLP
Aaron Tantleff
28
Licensor, to the best of their knowledge, has the
necessary rights to provide or otherwise make the
data available to the licensee
Licensor is not providing any data to the licensee
where licensor knows, or should reasonably know, that
they do not have the rights to provide such data
The licensed data has not been manipulated by the
licensor or other parties in such a manner as to render
the data or the results of any analytics performed on
such data questionable or worthless
©2016 Foley & Lardner LLP
Aaron Tantleff
29
The data is not corrupt
Licensor did not insert malicious code
With respect to any “structured data,” the
database is organized and formatted in a
particular manner (which is disclosed to
the licensee).
©2016 Foley & Lardner LLP
Aaron Tantleff
30
Compliance with “best industry practices relating to information
security”
– This creates an evolving standard to keep pace with advances in the
industry as security measures improve over time
Prohibiting sending data and intellectual property offshore to
subcontractors or affiliates unless specifically authorized to do so by
the customer
Responses to the due diligence questionnaire are true and correct
– Questionnaire should be attached as an exhibit to the contract
Compliance with state and federal laws and regulations with respect
to any data that is subject to a state or federal law or regulation
(personally identifiable information)
©2016 Foley & Lardner LLP
Aaron Tantleff
31
Requirements that licensee and any third party to secure and
defend its information systems and facilities from
unauthorized access or intrusion
Participate in joint security audits
Periodically test its systems and facilities for vulnerabilities
Use appropriate encryption
Access control technology
Use proper methods and techniques for destruction of
sensitive information
– (e.g., the DoD 5220-22-M Standard or NIST Special Publication
800-88, Guidelines for Media Sanitization)
©2016 Foley & Lardner LLP
Aaron Tantleff
32
Given the nature of Big Data, the unanticipated uses of Big Data,
and the risks and liabilities associated with the use and licensing of
Big Data, most licensors of Big Data are hesitant or refuse to offer
any form of indemnification to a licensee
Licensees have been able to achieve certain forms of protection or
indemnification given a variety of factors, including as a result of the
licensee’s negotiating power, the relationship between the parties,
and the experience level of the counsel and business team
representing the licensor and licensee
Third party to hold licensor harmless from claims, damages,
liabilities, and expenses incurred as a result of a breach of the
security obligations
– Third party should protect the licensor from lawsuits and other claims
that result from the third party’s failure to adequately secure its systems
©2016 Foley & Lardner LLP
Aaron Tantleff
33
Any breach of the license grant or infringement of the licensor’s
intellectual property rights by the licensee be excluded from the
limitation of liability
– Without those exclusions, the licensor has essentially sold its rights in
the database for the value of the cap on damages
If the agreement disclaims all liability for consequential damages
and caps liability, equivalent to selling its rights in the database for
such equivalence
If the third party has no real liability for breach of privacy or
confidentiality because the limitation of liability limits the damages
the third party must pay to a negligible amount, the contractual
protections of the business are rendered meaningless
©2016 Foley & Lardner LLP
Aaron Tantleff
34
Important to protect IP, including trade secrets and
confidential information
Restrictions on a licensee’s ability to use, share, and
otherwise disclose and make the information available to third
parties
– Restrictions and obligations with respect to the licensee’s ability
to grant sublicenses
– Restrictions on ability to disclose licensed information
– Limitation on authorized parties to whom the licensee is allowed
to disclose the information
– Authorized third parties are subject to obligations of
confidentiality no less stringent than those set forth in the
agreement between the licensor and the licensee
©2016 Foley & Lardner LLP
Aaron Tantleff
35
Ensure compliance with licensed scope
– Use of the database
– Compliance with security obligations
– Fees due
– Re-identification
Licensee requests
– Limit the number of audits that can be conducted in a given period of time
– Audit shall not unreasonably interfere with or disrupt the licensee’s business
– Restrict a licensor’s ability to take multiple attempts at uncovering a licensee’s
noncompliance by preventing a licensor from re-auditing records that were previously
audited and found to be compliant
Confidentiality
Regulatory audits
©2016 Foley & Lardner LLP
Aaron Tantleff
36 ©2016 Foley & Lardner LLP
Aaron Tantleff
Aaron K. Tantleff
Partner
Foley & Lardner LLP
321 North Clark Street, Suite 2800
Chicago, Illinois 60654
(312) 832-4367
atantleff@foley.com