Brett Lockwood is a corporate lawyer at Smith, Gambrell & Russell, LLP (@sgrlaw) specializing in technology liability, licensing law, outsourcing, and other areas where business, risk, and technology intersect.
We talked with Brett Lockwood about the changes he's seen in software and IT liability, what trends are on the horizon, and what startups and small-business owners can do to protect their companies. The transcript below has been lightly edited for length and clarity.
What technology lawsuit trends do you see on the horizon in 2016?
Technology litigation trends to watch for fit into four broad categories:
- Data handling and privacy issues.
- Legal compliance concerns.
- Vendor performance concerns.
- Fights over proprietary rights.
Each of these presents considerable risks. Data handling and privacy, in particular, is fraught with concerns for both consumers and businesses. For example, in October 2015, the major credit card companies, through their merchant contracts, contractually shifted significant liability for data breaches to whichever party has failed to adopt the new EMV technology. As notable retail industry data breaches occur, we can expect the ensuing litigation to focus on the effects of this attempted liability shift.
What legal trouble may small tech businesses face if they don't use sound contracts?
Because of their typically more limited resources, technology startups understandably engage in a "triage" process when it comes to managing legal risk, including in their services or license agreements. It's not unusual for a startup to rationalize making major concessions in their early contracts around their intellectual property rights or with service levels just to get some revenue on the books.
Even worse is the practice of finding a form on the Internet and applying it to a situation that doesn't squarely fit. Businesses make trade-offs all the time, but as the business grows, the earlier contracts with quirky provisions will often haunt the business later. This is definitely an area where an ounce of prevention is worth a pound of cure.
What changes have developed in software service agreement litigations? What areas are sticking points?
With software service agreements, there are many issues (e.g., indemnities, service levels, credits, warranties, liability caps, etc.) that have always been issues. Now there are a lot more discussions during the negotiation stages about data protection and who should pay what for data breaches, whether accidental or otherwise. For the longest time, such issues would be raised once in a blue moon, but now the issue arises in most every negotiation with a sophisticated party on the other side.
Because of this, the better practice for a vendor is to consider what protections they can reasonably offer their customers and serve this up early rather than letting the other side dictate the demand. That will also help manage litigation-related risks.
What social media liabilities do IT companies need to be concerned about?
Social media is amazing for its communications potential, but equally so for its potential for inadvertent liability. The pitfall issue that seems to perplex many social media specialists, even within large organizations, is copyright compliance. A key attribute of many social media platforms is the ease with which content of all kinds can be shared, so the tendency is to regard the cutting and pasting of photos, videos, text, and the like as being permissible without regard to whether the content creator's rights are being infringed.
While there are some major exceptions – such as fair use principles – that protect limited non-commercial social sharing, in many, many instances social media users are unknowingly violating key legal rights that carry substantial monetary consequences. Every now and then a social media user will be sued by a major content owner – such as Getty Images or a media company – to make an example out of them and to send a message. Such once-infrequent "lightning strikes" are happening with more regularity.
How can IT consultants mitigate liability exposure if their clients aren't investing in the right technology or policies to prevent lawsuits?
IT consultants should be certain they are helping their clients to identify important technology liability risks and then suggesting ways to manage those risks. A client of theirs may choose to accept the risk, which is often the case given other priorities and cost balancing concerns.
However, the IT consultant should make sure those choices are being made with the client's eyes being wide open, and the consultant should document the decision in their own files in case an issue later arises about whether the consultant advised of the issue.