Thomas J. Smedinghoff

• Serves as counsel for companies, government agencies, and trade associations throughout the world in addressing new and developing legal issues relating to electronic business activities, online electronic transactions, information security, and data privacy
  
• Has worked extensively with clients in newly developing legal areas such as online authentication, information security, unique forms of electronic transactions, PKI, phishing, and other electronic business issues; regularly deals in all aspects of information law, including electronic commerce and e-business, electronic transactions, information security, digital signatures, privacy, information technology, and intellectual property
  
• Was a pioneer in the subject of PKI and digital signature law, representing the federal government, national banks, and certification authorities in developing first-of-their-kind public key legal infrastructures
  
• Chaired the Illinois Commission on Electronic Commerce & Crime, and in that capacity wrote the Illinois Electronic Commerce Security Act (enacted in 1998). This Act had a significant influence on national and global e-commerce legislation, including the Uniform Electronic Transactions Act in the U.S., the European Union Electronic Signature Directive, the United Nations UNCITRAL Model Law on Electronic Signatures, the Canadian Personal Information Protection and Electronic Transactions Act, and the Singapore Electronic Transactions Act
  
• Helped to negotiate the 2005 United Nations Convention on the Use of Electronic Communications in International Contracts as part of the U.S. Delegation to the United Nations Commission on International Trade Law. This is the first international treaty that focuses on general cross-border e-commerce and electronic transactions, and is expected to have a major impact on international business
  
• Assisted in development of a new standard for online authentication designed to address the problem of phishing. This will allow users of websites to verify the identity of the company they are dealing with, thereby promoting secure commerce and defending against identity theft.
  

Publications And Presentations:

Books:

• Information Security Law: The Emerging Standard for Corporate Compliance, (IT Governance Publishing, Oct. 2008) 
• Online Law: The Legal Guide to Doing Business on the Internet, (Addison-Wesley, 1996, 6th printing 2000, Japanese translation published by Shichiken Publishing Co., 1998) (Editor and principal author). 
• Multimedia Law Handbook (Wiley Law Publications, 1995). 
• The Software Publishers Association Legal Guide to Multimedia (Addison-Wesley, 1994). 
• The Legal Guide to Developing, Protecting, and Marketing Software (John Wiley & Sons, 1986). 

Recent Articles:

• "New Data Security Regulations Create Compliance Challenges for Businesses," The Secure Times, Winter 2009 (Co-Author).
• “Defining the Legal Standard for Information Security: What Does “Reasonable” Security Really Mean?,” published as chapter in Chander, Gelman and Radin, Ed., Securing Privacy in the Internet Age, (Stanford University Press, 2008).
• "New State Regulations Signal Significant Expansion Of Corporate Data Security Obligations," BNA Privacy & Security Law Report, October 20, 2008 (Co-Author). 
• “The Legal Challenges of Implementing Electronic Transactions,” UCC Law Journal, Vol. 41, No. 1, September 2008. 
• “Addressing The Legal Challenges of Federated Identity Management,” BNA Privacy & Security Law Report, March 3, 2008. 
• “The State of Information Security Law: A Focus on the Key Legal Trends,” EDPACS, The EDP Audit, Control, and Security Newsletter, January-February 2008. 
• “It's All About Trust: The Expanding Scope of Security Obligations in Global Privacy and E-Transactions Law,” Michigan State Journal of International Law, December 2007. 
• “Structuring International E-Transactions,” International Trade Legal Strategies, Aspatore Books, November 2007. 
• “Director Responsibilities For Data Security: Questions the Board Should Ask,” Director’s Monthly, April 2007. 
• “Where We’re Headed – New Developments and Trends in the Law of Information Security,” Privacy & Data Security Law Journal, January 2007. 
• “Security Breach Notification Law—Defining a New Corporate Obligation,” World Data Protection Report, September 2006. 
• “E-Transactions: The Key Rules for Ensuring Enforceability,” Electronic Banking Law & Commerce Report, June 2006. 
• “Online Access to Corporate Information: New Legal Rules for Authentication,” Privacy & Data Protection Legal Reporter, May 2006. 
• “Online Transactions: The Rules for Ensuring Enforceability in a Global Environment,” The Computer & Internet Lawyer, April 2006. 
• “The Challenge of Electronic Data: Corporate Legal Obligations to Provide Information Security,” The Wall Street Lawyer, March 2006. 

Recent Presentations:

• “The Emerging Law of Data Security: From Corporate Obligations to Provide Security to Breach Notification Requirements,” PLI 9th Annual Institute on Privacy & Security Law (July 21-22, 2008, Chicago) (Conference Co-Chair and Speaker) 
• “The Common Law Perspective on Cross-Border E-Signatures,” The 4th International Forum on eNotarization, eApostilles and Digital Evidence (May 29-30, 2008, New Orleans) 
• “The Legal Challenges of Moving Transactions to an Electronic Environment,” 41st Annual Uniform Commercial Code Institute (April 16-17, 2008, Washington DC) 
• “Solving the Legal Problems Raised by Using Identity Management in E-Commerce,” RSA Security Conference, San Francisco, April 8-11, 2008. 
• “The Legal Challenges and Opportunities of Technological Change: The Impact of Globalisation, Interconnectivity and Harmonisation,” Centre for Commercial Law Studies, Queen Mary University of London, February 7-8, 2008. 
• “Information Compliance: A Growing Challenge for Business Leaders,” CERT Podcast Series: Security for Business Leaders, January 2008. (www.cert.org/podcast/show/20080108smedinghoff.html) 
• “Board Oversight of IT Governance,” 2007 NACD Corporate Governance Conference, Washington D.C., October 15-16, 2007. 
• “Information Compliance Overload: Making Sense of Privacy and Security laws and Regulations,” PLI 8th Annual Institute on Privacy & Security Law, Chicago, July 16-17, 2007. 
• "Digitial Evidence: Signer Authentication Requirements and Strategy," Third International Forum on e-Apostilles and e-Notarization, Los Angeles, May 31 - June 2, 2007. 
• “Creating Online Enforceable E-Transactions,” 40th Annual Uniform Commercial Code Institute, Chicago, April 27, 2007. 
• “It’s All About Trust: Global Trends in the Law of Privacy, Security, and E-Transactions,” Michigan Symposium: “E-Commerce: Challenges to Privacy, Integrity, and Security in a Borderless World,” Michigan, February 23, 2007. 
• “Can Identity Management Enable Spontaneous Contracting?” RSA Security Conference, San Francisco, February 5-9, 2007. 
• “Where We’re Headed: New Developments and Trends in the Law of Information Security,” Georgetown Conference on Emerging Trends in Information Security & the Law, Washington, D.C.; November 9–10, 2006. 
• “What Is Electronic Commerce? Methods of Contracting and Transactions Online, and E-Authentication: Risk and Fraud,” Conference on E-Commerce, sponsored by the U.S. Department of Commerce Commercial Law Development Program and The Arab Council for Judicial and Legal Studies, Manama, Bahrain; September 11–12, 2006. 
• “New Domestic Information Privacy and Security Legislation and Policy,” PLI 7th Annual Institute on Privacy Law, Chicago; July 17–18, 2006. Served as Conference Co-Chair. 
• “Electronic Signatures and the New UN Convention,” Second International Forum on eNotarization and eApostilles, Washington, D.C.; May 27–29, 2006. 
• “Contentious Issues in World Regulation of the Internet,” World Computer & Internet Law Congress, San Francisco; May 4–5, 2006. 
• "Electronic Transactions: Ensuring Enforceability in a Global Environment," Conference on Judicial Strategies for the Application of the Egyptian E-Signature Law, sponsored by the United States Department of Commerce Commercial Law Development Program, The Egyptian Ministry for Judicial Studies; Cairo, Egypt, March 8-9, 2006.