April 29, 2020

Data Breach Affects Disaster Loan Applicants

We’ve blogged before about data breaches…and if there wasn’t already enough negative press about the SBA relief program, last week various news outlets reported – and here’s a blog from Taft’s Privacy and Data Security team – that the SBA experienced a recent data breach affecting businesses that applied for the Disaster Loan Program (not the Paycheck Protection Program).

The SBA announced that nearly 8,000 business owners’ information may have been exposed to unauthorized users last month.  SBA has reportedly addressed the issue but business owners who applied for relief through the Disaster Loan Program are encouraged to check their accounts and review their credit reports.

For a reminder about the prevalence of cyberattacks exploiting the current Covid-19 crisis and the increased work-from-home arrangements, this Data Privacy Monitor blog discusses that and what can be done to help guard against cyberattacks – helpful reminders to hopefully prevent falling into a mess like the SBA and end up needing to send breach alerts to customers.

Beyond Force Majeure: Tips for Entering New Tech Agreements During Covid-19

Many companies have been dealing with what to do about existing contracts during Covid-19, while many are also continuing to enter into new agreements.  A new contract can present an opportunity to mitigate risks from the continued uncertainty everybody faces.  A recent Perkins Coie memo outlines tips for negotiating new contracts during Covid-19 relating to provisions typically found in technology agreements.  Here’s an excerpt:

Addendums: Consider including an addendum that contains terms and conditions that apply during the pandemic with an understanding that the pandemic-specific provisions preempt the terms and conditions in the main body of the agreement during the pandemic – the addendum can specify criteria that must be satisfied before the addendum can expire

Acceptance of Goods, Risk of Loss, Transfer of Title: Travel restrictions and stay-at-home orders may prevent inspection and acceptance of goods per the contract’s standard terms, which can then affect risk of loss, transfer of title and payment provisions so parties should consider alternatives such as relying on remote video or data measurements, permitting partial payment upon delivery or through use of buyer-funded escrows that could be released once inspection and acceptance occurs

Service Levels: Service providers may need to negotiate for more flexible service levels to accommodate bandwidth demands to regulate service usage – considerations could include temporary elimination of non-critical service features, throttle bandwidth, limitations on hours of operation, and service credits for service interruption

Other provisions addressed in the memo relate to ADR, limitations of liability, suspension, delivery terms, milestones, change orders, disclaimers, termination, health & safety, transition services, governing law, business continuity, confidentiality & reporting obligations, reps & warranties and insurance.

Podcasts: More “Women Governance Gurus” With Courtney Kamlet & Liz

Liz continues to team up with Courtney Kamlet of Vontier to interview leaders in the corporate governance field about their career paths – and what they see on the horizon. Check out the latest episodes:

– Liz Dunshee, Managing Editor,

– Dannette Smith, Secretary to the Board and Senior Deputy General Counsel at UnitedHealth Group

– Alane Barnes – VP, General Counsel and Corporate Secretary at BioCryst Pharmaceuticals

– Lynn Jokela