IT Law

Commerce is increasingly, if not already overwhelmingly so, digital. The masons and carpenters of generations ago are being supplanted by software developers, user interface (U/X) consultants, cloud hosting, and application programming interfaces (APIs).

IT law matters are typically intertwined with IP matters – overlooking rights and obligations in the context of internet commerce can create significant exposure.  Clients, if they themselves are not directly operating in the digital space, will need to engage people with those skills to protectably establish web and social media presences, compose web and mobile applications, and/or configure web or enterprise content management systems (CMS).  Au LLC has experience drafting, revising, and providing consultation related to these and other IT law-related instruments:

Software Development

The size and scope of a software development agreement will depend on the size and scope of the project, its duration, variability of the project’s phases, and of course the relationship between the developer and the client.  While brief freelance work may be taken care of through something as thin as an IP assignment agreement, a more protracted efforts may justify a master consulting/service agreement (“MCA”) with subordinate statements of work (SOWs) which identify actual work schedules, work products, and associated charges.  At a minimum, any engagement with a software developer should include appropriate IP assignment language, representations and warranties concerning the work product being provided, and limited licenses where the developer is allowed to re-use code.


In the context of a website, its Terms of Service and Privacy Policy together will generally incorporate the contractual relationship the service provider has with its users.  In the context of, say, a mobile application or even downloadable/product software, a EULA will be dedicated to disclaiming, as broadly as possible, representations and warranties that the software will function, not harm your computing devices, and generally not cause you injury.  It may also restrict users’ ability to bring class action or other representative actions against the service provider (in some contexts, the “publisher”).

Software Escrow

For large or protracted software development projects, the parties may decide to allow a third party to hold work product until certain contractual conditions are met (e.g., payment).  Parties to such agreements must specify conditions under which work product is provided to the escrow agent, conditions under which the escrow agent is to release work product (i.e., “Release Conditions”), and terms by which the escrow agent is to maintain the work product (i.e., “Deposit Requirements”).

Privacy Policy

Privacy Policies may (re)assure users of how the information they actively provide (or that which is passively collected) is used.  Further, they can be used to obtain users’ permission for your certain uses of their information if not already provided for in a Terms of Service.  There are generally no legal requirements that a service provider, such as a website operator, have a privacy policy, yet by establishing one the service provider may be exposing itself to liability should it not take its policy seriously.  Indeed, a service provider that fails to abide by its own privacy policy is in violation of California statute, this violation commonly forming an “unlawful prong” basis of a California Unfair Competition Law (UCL) claim, Cal. Bus. Prof. Code 17200 et seq.  Great care must be taken to tailor a privacy policy to the service provider’s ability to abide by it.

Terms of Service

A fundamental instrument for use by a web-related service provider, Terms of Service generally define the terms by which a user may access and utilize the website and its features.  Terms of Service will identify who may access the website, how its features may be used, and payments and shipping terms (if necessary).  Terms of Service will generally also contain broad disclaimers, liability limiting-language, and other language often considered “boilerplate” contractual provisions relating to choice of law and venue, arbitration, and class action waivers.  Like most contracts, Terms of Service share much commonality website-to-website, although ultimately must be unique inasmuch as they reflect the unique relationship(s) between each service provider and its users.

Incident Response Policy

An Incident Response Policy (“IRP”) is generally designed to provide a well‐defined, organized approach for handling any potential threat to a client’s intranet, network, or external IT infrastructure.  An IRP will identify and describe processes and roles of responsibilities of key team members who are to provide quick, effective, and orderly responses to computer‐ or network‐related incidents such as virus infections, hacker attempts and break‐ins, improper disclosure of confidential information to others, system service interruptions, breach of personal information, and other events with serious information security implications.  IRPs are often required by third-party service provider handling information and content the disclosure of which is subject to state and federal statutory protection.