In: Operations Management
Cane, the sole owner of a small business, has a large piece of used farm equipment for sale. He offers to sell the equipment to Bill for $10,000.
Discuss the legal effects of any two (2) of the following events on the offer:Use the Internet to research the law in your home state on the purchase of personal property. Discuss the law in your home state, and compare and contrast it with the Statute of Frauds.
Cane dies prior to Bill’s acceptance, and at the time he accepts, Bill is unaware of Cane’s death.
The night before Bill accepts, a fire destroys the equipment.
Bill pays $100 for a thirty-day option to purchase the equipment. During the period, Cane dies, and Bill accepts the offer, knowing of Cane’s death.
Bill pays $100 for a thirty-day option to purchase the equipment. During this period, Bill dies, and Bill’s estate accepts Cane’s offer within the stipulated time period.
Assume that for one of the events you selected, the negotiation of the contract occurred online. Explain how cyber-law would affect the negotiation of the contract.
Use proper APA formatting for at least one (1) primary source to support your response.
Cyber laws affecting negotation of contract:
ybersecurity matters will impact every traditional business activity, if they do not already. Two activities, contract negotiation and data processing, are already subject to dispute in many industries.
The following examines what to be aware of in each activity:
Contract Negotiation
Contractual parties, especially government agencies, are becoming
more sophisticated about requesting provisions related to
cybersecurity during contract negotiations. Frequently, these
provisions will place additional burdens on the counterparty,
leading to disputes during negotiation.
Many businesses are also attempting to apply existing contract provisions to cybersecurity matters. When this reinterpretation is put forward in the wake of a security breach, the reinterpretation can lead to costly litigation.
a) Flow-down provisions
Federal agencies, especially the U.S. Department of Defense, are
including more flow-down provisions related to cybersecurity in
their contracts with suppliers. Often, the agency requires its
contractors to include these provisions in their contracts with
subcontractors and other contractual counterparties. As these
flow-down provisions expand through the supply chain, businesses
with no direct connection with the federal agency will see
requests-or demands-that they comply with provisions drafted
without their input.
These provisions can include security standards and breach disclosure requirements. For instance, Defense Federal Acquisition Regulation Supplement (DFARS) 204.7300 requires “adequate security” for all contractors and subcontractors with systems on which controlled technical information is resident on or transits. As with many of these provisions, “adequate security” is not defined with a checklist but as “protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.”
These same provisions include reporting requirements for both actual and potentially adverse effects on an information system, which is a more stringent requirement than many state data breach requirements.
Compliance with these provisions will be difficult, and the set language created by such provisions prevents businesses from negotiating more concrete terms, forcing businesses to accept uncertainty as a cost of entering into such a contract.
b) Liability/indemnity
Cybersecurity creates risk, and more businesses are looking to
affirmatively allocate that risk through contractual terms.
Actuaries are still developing tables related to cybersecurity risk
(Congress is discussing legislating on this issue), so the
allocation of risk in a contract may not be based on methods as
rigorous as those in other risk allocations. This will create
tension between parties who value the risk differently.
Cybersecurity incidents and the attendant response can be very expensive, with some sources placing the average financial cost of a data breach in the millions of dollars. The allocation of such cost, combined with an increasing chance of an incident triggering these clauses, is an area likely to be subject to dispute both during contract negotiation and in the wake of a breach.
Many contracts already contain liability allocation provisions, but those provisions do not explicitly address cybersecurity matters. In the wake of a cybersecurity incident, interpreting the liability allocation provisions will be a matter of some dispute.
c) Data security and notificationLaws, regulations, and political and consumer pressure have increased businesses’ focus on the security of consumer data. At the same time, consumer data have become a more valuable commodity. For instance, AT&T and Apple both contested Radio Shack’s ability to sell consumer data during Radio Shack’s bankruptcy.
Recognizing these trends, businesses are placing more provisions in contracts that dictate security requirements. Because the underlying consumer data are valuable, these provisions may be subject to significant disputes during negotiations. Other businesses are attempting to read existing provisions as covering security requirements and privacy responsibility.
Many businesses that entrust sensitive data to counterparties are including breach notification provisions in contracts. These provisions vary greatly, even within a single industry, and create various thresholds for notification. For instance, some provisions require notification in the event of a breach. Others require notification if there is an indication of a breach. Many victims of a security breach seek to keep the existence of a breach out of the press, which can create tension with notification provisions.
Data ownership and data processing
Most state breach notification laws differentiate between data
owners and data processors, but existing contracts do not always
explicitly define these roles. Some businesses have attempted to
understand these issues and have asserted ownership (or, in some
cases, denied ownership) of data in the absence of a specific
ownership allocation. This can lead to disputes in long-standing
business relationships. One business may seek to sell information
it is collecting while a contractual counterparty is attempting to
safeguard the same data. Not all businesses seek to clarify this
relationship prior to selling data, which can lead to significant
disputes when such sales come to light.