Four Legal Tips For Managing Data During the Pandemic

In an online conference with the National Association of Counties (NACo), Brian Bodor, a Global Sourcing & Technology Transactions partner at Pillsbury, pointed to several data-rich trends among municipal governments that may have legal implications, such as “smart city” technologies like street-level sensors, data-analytics platforms, and cloud-based solutions, which have surged in popularity as organizations support mass telework.

“All of these trends are data-intensive,” Bodor said, adding that while the companies that provide these services have put a lot of thought into protecting their own interests, the same degree of consideration may not extend to their customers. It’s up to local governments themselves, he said, to ensure they’re complying with all laws and security and privacy standards during the pandemic.

1. Contracts Are the Only Way to Protect Data Ownership

“Not many people realize that you can’t actually copyright your data,” Bodor said. “The only way you can protect it is via contract.”

In addition to the original data sets that governments own, Bodor reminded officials to consider their data’s “derivatives,” such as anonymized versions of the data, aggregated data sets and other modified versions that local governments should seek to protect ownership of. New valuable data sets can also spawn from unexpected places, he said, such as from artificial intelligence that’s been fed government data.

“All of that is fair game for discussing or reserving for yourself ownership of that data,” he said. “It doesn’t always mean that you have to own it, but you can also have license rights, for example, to ensure that you have access and the ability to use it.”

2. Always Retain the Right to Access Your Data

“Always, always, always maintain a clear and unfettered right to get access to your data,” Bodor added.

Preserving the right to data access is especially important when procuring a new cloud-based service, he said, and he encouraged officials to ensure that their data will be available and easily usable, lest they introduce new costs or complications into their business processes.

“If you were to get all your data back as, say, a printed copy of dot-matrix pages that are linked as an accordion style, that’s probably not going to be helpful to you,” Bodor said. “Nor would having a PDF of all your data be valuable.”

“So it’s important to discuss the format that is common that your systems can use to grab that data back and easily incorporate it back into your environment,” he added.

3. Make Vendors Share the Cost of Compliance

“Local governments can outsource technologies, but they can’t outsource the burden they carry to comply with various data security and privacy rules,” Bodor said.

“Suppliers like to put all that financial burden on you, but that’s not always fair,” he added. “Sometimes the laws change and they really apply to everybody equally and they’re going to have to undertake measures as a cost of doing business in order to ensure that they comply with those.”

 “You should not bear the sole cost of that on your nickel,” he said.

4. Don’t Pass the Buck on Security

When buying new technology during the pandemic, officials shouldn’t assume that the supplier’s security provisions meet their standards, Bodor said, because they may not go far enough. These contractual terms, he said, can cover a broad range of topics, from how data is protected and used by their services to provisions about how long the vendor has before notifying their customer.

“Is it an actual or a suspected breach, and what steps do they need to take when a breach happens, and then finally if the breach is really their fault, what liability are they taking on?” Bodor said.

Read more in StateScoop.