Managing Data and Privacy in Commercial Transactions

(344 Ratings)

Produced on: August 24, 2015

Course Format On Demand Audio

Taught by


Course Description

Time 60 minutes
Difficulty Intermediate

Historically, privacy and data security were not significant items in commercial transactions. A standard confidentiality clause would typically do the trick. However, as the commercial Internet began to take off in the 1990s, privacy became a major issue. Increased activity by the FTC under its Section 5 authority led to allegations of deceptive and then unfair trade practices. Most companies singled out by the FTC signed settlement agreements, thereby subjecting themselves to 20 years of scrutiny. For many companies, this was a wakeup call to pay attention to privacy issues. Randy Sabett of Cooley LLP covers the various privacy issues that exist today and how those issues evolved from the early days of privacy awareness.


Fast forward almost two decades, and we face another related (but slightly different) set of issues. In the early part of this millennium, data security began its ascent into the consciousness of the corporate world. We now have data breaches happening with more regularity, regulators becoming more involved with these kinds of issues (including significant involvement at the state level), and a greater level of enterprise awareness (including, in part, due to such industry efforts as PCI-DSS).


This seminar examines these trends and focuses on the present-day compliance needs and liability exposure of organizations resulting from the increased attention on protecting sensitive information. Mr. Sabett analyzes a number of different topics, both technical and legal, that can impact an organization. He focuses on how at least some of those issues can be covered in agreements between parties involved in commercial transactions. In addition, an assessment of corporate and board-level awareness identifies who should be involved in these issues and at what level.


Learning Objectives:

I.    Become aware of regulatory drivers behind today’s hypersensitivity to privacy and security

II.   Appreciate the policy underpinnings for various international, federal, and state approaches to data security

III.  Understand the impact of the above issues on commercial transactions

IV.  Offer examples of situations where litigation arises from these situations

V.   Identify ways to lower the risk of litigation and/or regulatory action


Randy Sabett

Cooley LLP

Randy V. Sabett, JD, CISSP, is Vice Chair of the Privacy and Data Protection practice group and a member of the firm's Technology Transactions Group. He rejoined the Firm in 2014 and is resident in the Washington, DC and Reston offices.


Mr. Sabett counsels clients on a wide range of cutting-edge cybersecurity, privacy, IT licensing, and intellectual property issues, including compliance with relevant international, federal and state laws and regulations, government and industry standards (such as the NIST Cybersecurity Framework and the PCI Data Security Standard), authentication, Public Key Infrastructure (PKI), active defense, federated identity, identity theft, and security breaches. Mr. Sabett helps clients develop strategies to protect their information, including advising companies on developing and maintaining appropriate internal controls to meet privacy and cybersecurity requirements. He also drafts and negotiates a wide variety of technology transaction agreements. Having previously served as an in-house counsel to a Silicon Valley startup, Mr. Sabett employs a pragmatic approach when structuring and negotiating such agreements.


Mr. Sabett served as a Commissioner for the Commission on Cyber Security for the 44th Presidency. He has been recognized as a leader in Privacy & Data Security in the 2007 - 2015 editions of Chambers USA: America's Leading Lawyers for Business and is listed in the International Who's Who of Business Lawyers. He also was named the Information Security Professional of the Year by the Information Systems Security Association (ISSA) for 2013 and was previously named as one of the "Top 50 Under 45" by the American Lawyer's IP Law & Business magazine.


Prior to rejoining Cooley, Mr. Sabett was Counsel at ZwillGen, a boutique law firm focused on cybersecurity, and before that a partner at SNR Denton. He also served as Senior Technology Counsel for a Silicon Valley information security company. Additionally, Mr. Sabett has several years of engineering experience in the information security marketplace and has worked in active noise cancellation, as well as having served with the National Security Agency as a crypto engineer. He holds two U.S. patents, one in the area of information security (U.S. Patent No. 6,981,149) and the other in the area of active noise cancellation (U.S. Patent No. 5,440,642).


Mr. Sabett is on the Board of Directors for the Georgetown Cybersecurity Law Institute and the Board of Directors for the Northern Virginia Chapter of the Information Systems Security Association (ISSA). He is also a member of the Section of Science and Technology Law of the American Bar Association, where he has served as both the Co-Chair and the Co-Vice Chair of the Information Security Committee. In addition, Mr. Sabett is a member of the International Association of Privacy Professionals (IAPP). 


Selected Publications & Media Appearances

  • Author, "Sabett's Brief," ISSA Journal monthly column (2008-present)
  • Co-author, "Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense," University of Maryland, Francis King Carey School of Law, Journal of Business and Technology Law, Vol. 8, Issue 1 (2013)
  • Co-author, "The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals," American Bar Association (2013)
  • Appearance on C-SPAN's "Washington Journal," Cyber Security and Federal Policy (April 2011)
  • Co-author, "The Third-Party Assurance Model: A Legal Framework for Federated Identity Management," Jurimetrics, Vol. 50, No. 4 (Summer 2010)
  • Appearance on "PBS NewsHour" with Jim Lehrer, "Cyber Attacks on U.S. Government Put Digital Security in Spotlight" (July 2009)
  • Author, "Widgets, Gadgets, and Badges: Oh My! The New Privacy Concern," BNA Privacy and Security Report (2008)
  • Author, "Metadata: Savior or Pariah?" Council of Bars and Law Societies of Europe (2006)
  • Contributing author, "Encyclopedia of Cryptography and Security," Springer Publishing (2005)
  • Author, "If You Build It, They Will Come: Secure Federated Identity," Colorado Lawyer, Vol. 33, No. 10; p. 41 (2004)
  • Co-author, "X.509 PKI Certificate Policy and Certification Practices Framework," [RFC 3647] (2003)
  • Author, "Internet Creates Potential for Infosec Liability," BNA Electronic and Commerce Law Report, Vol. 7, No. 24 (2002)
  • Author, "Financial Services PKI Policy and Practices Framework," ANSI X9.79, American Bankers Association (2001)
  • Author, "The Effects of Technology Convergence and PKI on the Practice of Law," University of Baltimore IP Law Journal (1999)
  • Co-author, "Key Recovery in a Public Key Infrastructure," Jurimetrics, Vol. 38, No. 3 (1998)
  • Author, "Digital Signatures Could Be Next Step in Integrity of Electronic Commerce," The Daily Record (1997)
  • Author, "International Harmonization in Electronic Commerce and EDI: A Proposed First Step Toward Signing on the Digital Dotted Line," The American University Law Review, Vol. 46, No. 2 (1996)

Selected Activities & Speaking Engagements

  • PLI 16th Annual Institute on Privacy and Data Security Law, "The Latest Developments in Cybersecurity Law" (May 2015)
  • NACD Strategy & Risk Forum, "Detecting & Deterring Fraud: The Next Generation of Risks and Responses" (May 2015)
  • 2015 RSA Conference, "Managing Expectations: The S.E.C. & F.T.C. Target InfoSEC Compliance" (April 2015)
  • 4th Annual BCLT Privacy Law Forum, "Data Security: Are There (Legal) Solutions?" (March 2015)
  • TTP Workshop, "Technology Transfer to Practice (TTP) in NSF and DHS Funded Cybersecurity Research" (February 2015)
  • 2015 ISSA CISO Forum, "Top Ten Things Management and Boards Need to Know About Cybersecurity" (January 2015)
  • ACUTA Winter Seminar, "FERPA & Beyond: Privacy & Data Security Issues for Distance Learning" (January 2015)
  • Internet of Things World, "IoT Market Lab 1 – Health & Wellness" (June 2014)
  • Practising Law Institute's Privacy and Data Security Law Institute, "The Latest Developments in Cybersecurity" (May 2014)
  • Panel: Georgetown Cybersecurity Law Institute, "Offensive Cyber Operations or Cyber Self-Defense: A Simulation" (May 2014)
  • Law Seminars International's The Cloud and Big Data 2014, "Big Data: Current Legal Issues in Data Collection and Analytics" (April 2014)
  • 2014 RSA Conference, "Hackback? Claptrap! – An Active Defense Continuum for the Private Sector" (February 2014)
  • Panel: Suits & Spooks, "Security Town Hall: A Debate on Balancing National Security Versus Privacy Rights" (February 2014)
  • Annual Guest Lecturer, "Intellectual Property and Information Security," for Avi Rubin's course Security and Privacy in Computing, Information Security Institute, Johns Hopkins University, Baltimore, MD
  • ISSA Annual Meeting, "Walking Into a Minefield: The Legal Pros and Cons of Active Defense" (October 2013)
  • AFCEA International Conference, "Pushing the Active Defense Barrier – How Far Can We Go?" (June 2013)
  • Panel: Georgetown Cybersecurity Law Institute, "Legislative & Case Law Update" (May 2013)
  • Keynote: University of Maryland Cybersecurity Center Symposium 2013, "Electronic Countermeasures – The Controversy Over Active Cyber Defense" (May 2013)
  • 2013 RSA Conference, "Tracking Employees via Mobile Devices – Legal...or Not?" (February 2013)
  • Bisnow Cybersecurity Event (with Rep. Dan Lundgren) (June 2012)
  • University of Maryland Law School, "Cybersecurity: Safeguarding Information in a Digital Age" (March 2012)
  • 2012 RSA Conference, "Fraud and Data Exfiltration: Defending Against the Mobile Explosion" (February 2012)
  • Transglobal Secure Collaboration Programme (TSCP), Presentation at the Hague (October 2011)
  • NACHA MEGA Conference, "For Payments, Best Offense is a Multi-Tiered Defense" (October 2011)
  • InfoSec World 2011, "E-Discovery Best Practices" and "Legal Considerations in the Cloud" (April 2011)
  • ITSEF/SINET, "Other Transactions (OT) Authority: Use of Technology Investment Agreements to Accelerate Cyber Technology into the U.S. Government" (March 2011)
  • IAPP Global Privacy Summit, "Privacy vs. Security: Achieving Balance" (March 2011)
  • 2011 RSA Conference, "BYOD: Bring Your Own Device – Security & Mobile Computing" (February 2011)
  • AlwaysOn Conference, moderator of "Transactions 2.0" panel (July 2010)
  • IAPP Global Privacy Summit, "Processing Confidential Data in a Multinational Environment" (April 2010)
  • 2010 RSA Conference (March 2010)
  • Keynote for The Master's Conference (October 2009)
  • TechAmerica, "Identity Management Vision" Breakfast Briefing (September 2009)
  • ISSA Web Conference Live Broadcast, "The Truth about Securing Mobile Devices" (August 2009)
  • 2009 RSA Conference (April 2009)
  • I-4 Forum 65, "Legal Issues in the Cloud" (November 2008)
  • ITAA Indent Event, "Authentication Challenges for the New Administration" (October 2008)
  • IDC Security Summit 2008, "Managing a Data Breach: What Every CISO Needs to Know" (September 2008)
  • ITAA, "E-Authentication: When PIN and Password Aren't Enough" (June 2008)
  • 2008 Defending Cyberspace Symposium, Ronald Reagan International Trade Center (May 2008)
  • 2008 RSA Conference (four different sessions) (April 2008)
  • InfoSec World 2008, "E-Discovery Best Practices" (March 2008)
  • 2007 RSA Conference Europe, "Securing Aerospace and Defense Collaboration – Identity Federation" (October 2007)
  • International Trade Administration, "Identity Management & International Business Roundtable" (September 2007)


  • University of Baltimore School of Law
  • JD, 1996
  • Syracuse University
  • BS, 1985

Bar Admissions

  • District of Columbia
  • Maryland
  • U.S. Patent and Trademark Office
  • Virginia


  • American Bar Association - Section of Science and Technology Law
  • Georgetown Cybersecurity Law Institute
  • Information Systems Security Association
  • International Association of Privacy Professionals



Stephen A.

great job.

Andrea R.

Very engaging and thoughtful!!

Jonathan D.

AMAZING! Incredibly helpful.

Meghan O.

Randy had great energy and made the material more interesting. Also, he did more to improve the visuals on his powerpoints than most presenters. Thank you.

Frank C.

Finally, an outside counsel who understands that plausible deniability is a defense not a strategy.

Julie A. B.

Enjoyed the David Letterman-like closing with a "Top 10" list. Appreciated the practice tips (e.g., tabletop exercises and role playing a data breach scenario).

Thomas C.

Thank you.

Michael L.

Speaker was interesting and well informed. Material was practical and very useful.

Sam H.

very good presentation - covered many topics in a timely manner

Karen N.

Very knowledgeable instructor. Would be interested in taking a more advanced course from him. Thank you.

Ivy G.

This speaker and the content was incredible. It was so packed full of valuable information, that I'll be watching it again.

Diane R.

excellent content and presentation

Elizabeth Z.

Thank you.

Load More


$ 59 Privacy & Cybersecurity In Stock


Get Unlimited Access to Lawline Courses

Unlimited CLE Subscription gives you access to take almost any course from our catalog and earn as much CLE credit as you need.