Locke Lord

Thomas Smedinghoff focuses his practice on the new legal issues relating to the developing field of information law and electronic business activities. Named as one of the National Law Journal’s"Top 50 Intellectual Property Trailblazers & Pioneers" in 2014, Tom is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, identity management, privacy, information security, and online authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind e-commerce initiatives, electronic transactions, and identity management and information security legal infrastructures for the federal government, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He has also been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.

Representative Experience

• Chair of the American Bar Association Identity Management Legal Task Force, and working with private sector, federal government, and international organizations to address the challenges of developing an identity management legal framework
• Serves as counsel for companies, government agencies, and trade associations throughout the world in addressing new and developing legal issues relating to electronic business activities, online electronic transactions, identity management, information security, and data privacy.
• Has worked extensively with clients in newly developing legal areas such as identity management and online authentication, electronic negotiable instruments, digital signatures and voice signatures, PKI, e-notarization, and other unique forms of electronic transactions and e-business activities.
• Was a pioneer in the subject of PKI and digital signature law, representing the federal government, national banks, and certification authorities in developing first-of-their-kind public key legal infrastructures.
• Chaired the Illinois Commission on Electronic Commerce & Crime, and in that capacity wrote the Illinois Electronic Commerce Security Act (enacted in 1998). This Act had a significant influence on national and global e-commerce legislation, including the Uniform Electronic Transactions Act in the U.S., the European Union Electronic Signature Directive, the United Nations UNCITRAL Model Law on Electronic Signatures, the Canadian Personal Information Protection and Electronic Transactions Act, and the Singapore Electronic Transactions Act.
• Helped to negotiate the 2005 United Nations Convention on the Use of Electronic Communications in International Contracts as part of the U.S. Delegation to the United Nations Commission on International Trade Law. This is the first international treaty that focuses on general cross-border e-commerce and electronic transactions.
• Assisted in development of a new identity management legal structure for browser-based online authentication. Resolved rights, responsibilities, and liabilities of participants in system to allow website users to verify the identity of the company they are dealing with, in order to address the problem of phishing and to promote secure commerce.

Reported Decisions

• Central Point Software, Inc. v. Nugent, 903 F. Supp. 1057; 37 U.S.P.Q.2D (BNA) 1051; Copy. L. Rep. (CCH) P27,478, E.D. Tex. 1995

Professional Affiliations and Recognitions

United Nations

• Member, U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), participating in the Working Group on Electronic Commerce, 1997–present
• Member, World Customs Organization - UNCITRAL Joint Legal Task Force, 2008-2010
• Member, Legal Working Group of the United Nations Center for Trade Facilitation and Electronic Business (UN/CEFACT), 2004–present

Uniform Law Commission (National Conference of Commissioners on Uniform State Laws)

• ABA Advisor to Study Committee on Identity Management in Electronic Commerce, 2016-present
• ABA Advisor to Committee to Implement the UN E-Commerce Convention, 2008-2010
• ABA Advisor to Drafting Committee on Uniform Electronic Transactions Act (now adopted in 47 states), 1997–1999

State of Illinois

• Chair, Illinois Commission on Electronic Commerce and Crime, 1996–1998

American Bar Foundation

• Fellow, American Bar Foundation, 2004-present

Academic Appointments

• Adjunct Assistant Professor of Business Law, Brennan School of Business, Dominican University, 2004–2013
• Adjunct Professor, The John Marshall Law School, Chicago, 1985–2002

Editorial Boards

• Editorial Advisor, BNA Electronic Commerce & Law Report, 2000–present
• Editorial Advisor, BNA Privacy & Security Law Report, 2009–present
• Member, Board of Editors, The SciTech Lawyer, ABA Section of Science & Technology Law, 2008–
  2014

American Bar Association

• Chair, Identity Management Legal Task Force, Section of Business Law, 2009–present
• Co-Chair, Cyber Security Subcommittee, Section of Business Law, 2011–present
• Co-Chair, ABA President’s Cybersecurity Legal Task Force, 2019–present
  Chair, Section of Science & Technology Law, 1999–2000
• Chair, Electronic Commerce Division, Section of Science & Technology Law, 1995–2003
• Co-Chair, International Policy Committee, Section of Science & Technology Law, 2003–2011, and 2016-present

International Association of Privacy Professionals

• Member, 2006-present

Chicago Bar Association

• Chair, Computer Law Committee, 1984–1985

Recognized In

• The Best Lawyers in America 2003-2019 (Information Technology Law)
• Chambers USA 2003-2018: America’s Leading Business Lawyers (Privacy & Data Security Law; Technology Law)
• Chambers Global: The World’s Leading Lawyers 2007-2017 (Privacy & Data Security Law)
• International Who's Who Legal (2001-2017)
• Internet & e-Commerce Lawyers, 2001-2013
• Information Technology Lawyers, 2014
• TMT Lawyers, 2015-2017
• Legal Media Group: Guide to the World’s Leading Technology, Media and Telecommunications Lawyers (Information Technology Law)
• Leading Lawyers (Computer & Technology Law; International & Business Trade Law)
• National Law Journal, "Top 50 Intellectual Property Trailblazers & Pioneers" (2014)
• Super Lawyers 2006-2018, (Illinois) (Information Technology/Outsourcing, International, Intellectual Property)
• Who’s Who in American Law 1996-2016, Marquis Who’s Who
• Who’s Who in the World 2011, Marquis Who’s Who

Publications

Books

• Guide to Cybersecurity Due Diligence in M&A Transactions, (Co-Editor, American Bar Association, June 2017)
• Information Security Law: The Emerging Standard for Corporate Compliance (IT Governance Publishing, Oct. 2008)
• Online Law: The Legal Guide to Doing Business On The Internet (editor and principal author); (Addison-Wesley, 1996, 6th printing 2000) (Japanese translation published by Shichiken Publishing Co., 1998)
• Multimedia Law Handbook (Wiley Law Publications 1995)
• The Legal Guide to Developing, Protecting and Marketing Software (John Wiley & Sons, Inc. 1986)

Book Chapters

• “Data Security and Lawyers’ Legal and Ethical Obligations to Clients,” published as Chapter 3 in The ABA Cybersecurity Handbook – A Resource for Attorneys, Law Firms & Business Professionals (American Bar Association, 2013)
• “Ambiguities in State Security Breach Notification Statutes,” published as Chapter 6 in Thomson, Ed., Data Breach and Encryption Handbook (American Bar Association, 2011)
• “Legal and Regulatory Security Obligations,” published as Chapter 8 in Axelrod, Bayuk, and Schutzer. Ed, Enterprise Information: Security and Privacy (Artech House, 2009);
• “Defining the Legal Standard for Information Security: What Does “Reasonable” Security Really Mean?,” published as Chapter 1 in Chander, Gelman and Radin, Ed., Securing Privacy in the Internet Age (Stanford Univ. Press, 2008)
• “Analysis of Article 9 of the United Nations Convention on the Use of Electronic Communications in International Contracts,” and “Role of Information Security in the Electronic Communications Convention,” published as chapters in Boss and Kilian, Ed., The United Nations Convention on the Use of Electronic Communications in International Contracts: An In-Depth Guide and Sourcebook (Kluwer Law International, 2008)
• “Structuring International E-Transactions,” published as Chapter 1 in International Trade Legal Strategies (Aspatore Books, Nov. 2007)
• “Developing a Legally Compliant Corporate Information Security Program,” published as chapter in The In-House Counsel’s Essential Toolkit (American Bar Association, 2007)

Selected Recent Articles

• “An Overview of Data Security Legal Requirements for All Business Sectors,” SSRN, (October, 2015)
• “Identity Management: The Key to Cyber Security and Online Commerce,” New York Law Journal (March 2, 2015)
• “Developing Federated Identity Management to Build Trust,” E-Finance & Payments Law & Policy (January 2015)
• “Solving the Legal Challenges of Trustworthy Online Identity,” 28 Computer Law & Security Review (2012) at pp 532-541
• “Solving the Legal Challenges in Verifying Online Identity,” The SciTech Lawyer, Fall 2011
• “Building an Online Identity Legal Framework: The Proposed National Strategy,” BNA, Privacy & Security Law Report, 9 PVLR 28 (July 12, 2010); Reprinted in Data Protection Law & Policy, Vol. 7, No. 11 (Nov. 2010)
• “Developing a Comprehensive Written Information Security Program,” published in PLI 11th Annual Institute on Privacy & Data Security Law (May 2010); Reprinted in The Computer & Internet Lawyer, Vol. 27, No. 11 (Nov. 2010)

Selected Recent Presentations

• “Hot Topics in Cyber Law 2017,” RSA Security Conference (February 13 - 17, 2017, San Francisco)
• “Data Security Law: Foundations,” Privacy + Security Forum (October 24-26, 2016, Washington, D.C.)
• “Legal Issues of Online Identity Management:  The New Challenge for e-Commerce and Cybersecurity,” PLI Webinar (August 12, 2016) 
• “Right to Be Forgotten,” American Association of Law Librarian’s Annual Conference (July 16-19, 2016, Chicago)
• “The Expanding Duty to Provide Security: Trends in Cybersecurity Law,” PLI Seventeenth Annual Institute on Privacy & Data Security Law (May 16-17, San Francisco, and July 11-12, 2016, Chicago), also Conference Co-Chair
• “Identity Management Law Regarding Liability and Participant Obligations,” UNCITRAL Colloquium on Legal Issues related to Identity Management and Trust Services, (April 21-22, 2016, Vienna, Austria)
• “Cybersecurity Law,” Society of Corporate Compliance & Ethics (SCCE) Regional Meeting (April 8, 2016, Chicago)
• “Smart Devices, Not-So-Smart Legal Problems: Addressing and Mitigating IOT Legal Risk,” ABA Internet of Things National Institute (March 30-31, 2016, Washington, D.C.)
• “Identity Management Law and Legislative Developments”, eSignRecords2015 Conference, Electronic Signature and Records Association (November 17-18, 2015, New York)
• “E-Identity: Privacy Issues and Interoperability,” eID Conference (September 28-29, 2015, Washington, D.C.)
• “Developing a Legal Framework for the Use of Digital Identity in E-Commerce,” International Conference on Digital Identity, (August 5-7, 2015, Lima, Peru)
• “Digital Identity Law,” EU Conference on Electronic Commerce (June 10, 2015, Bologna, Italy)
• “Cybersecurity Issues in Mergers and Acquisitions,” Georgetown Cybersecurity Law Institute (May 20, 2015, Washington, D.C.) 
• “Federal Regulatory, Legislative, Enforcement and Investigation Landscape: Changes on the Horizon,” ACI Cyber & Data Risk Insurance Conference (March 23-24, 2015, Chicago)
• “What Business Lawyers and Commercial Litigators Must Know about E-Signatures,” American Law Institute (February 20, 2015, Webinar)
• “Digital Identity and Identity Management Law: The U.S. Perspective,” Conference on Identità ed eredità digitali: Stato dell’arte e possibili soluzioni al servizio del cittadino (Digital identity and inheritance: State of the art and possible solutions to the service of the citizen), BAFFI Center on International Markets, Money and Regulation, in  collaboration with Consiglio Nazionale del Notariato (Italian Notarial Society) (December 4, 2014, Milan, Italy)
• “Cybersecurity in the US and Around the Globe,” 11th Annual Stanford E-Commerce Best Practices Conference (June 16, 2014, Stanford, California)
• “The Latest Developments in Cybersecurity,” PLI Fifteenth Annual Institute on Privacy and Data Security Law (May 19-20, San Francisco, and July 14-15, 2014, Chicago) Conference Co-Chair
• “Identifying the Corporate Cybersecurity Risk Portfolio,” 7th Annual White Collar Crime + Corporate Governance Conference (April 17, 2014, Chicago)
• “Emerging Cybersecurity Regulatory and Enforcement Activities: The Growing Authority of the State AG Offices,” ACI Cyber & Data Risk Insurance Conference (March 24-25, 2014, Chicago)
• “Deciphering the Legal Framework that Governs Online Identity Systems,” RSA Security Conference (February 24 - 28, 2014, San Francisco)
• “Identity Trust Framework Legal/Policy Considerations,” 2013 Transglobal Secure Collaboration Symposium (Nov. 14-15, 2013, Washington, D.C.)
• “Operationalizing Identity Trust Frameworks and Scheme Rules,” UK Cabinet Office O5 Internet Summit (October 10, 2013, London)
• “Information Security: Complying with the Latest Legal Requirements,” PLI Fourteenth Annual Institute on Privacy and Data Security Law (May 20-21, San Francisco, and July 15-16, 2013, Chicago) Conference Co-Chair
• “Data Breach Law Update – Global Trends, Legal Complexities,” RSA Security Conference (February 25 -- March 1, 2013, San Francisco)
• “Identity Trust Frameworks: Alternative Approaches to Achieve the Panacea,” RSA Security Conference (February 25 -- March 1, 2013, San Francisco)
• “Internet Governance: Who Will Lead the Way?,” American University Washington College of Law Conference on “America the Virtual: Security, Privacy & Interoperability in an Interconnected World” (October 25, 2012, Washington, D.C.)
• “Legislative and Regulatory Trends in U.S. Privacy and Security Law,” PLI Thirteenth Annual Institute on Privacy and Data Security Law (July 16-17, 2012, Chicago) Conference Co-Chair
• “Tackling the Identity Management Liability Problem,” RSA Security Conference (Feb 27 - Mar 2, 2012, San Francisco)
• “Enabling Trust in Cyberspace: Building an Online Trust Framework,” Interdisciplinary Centre for Law and ICT (ICRI) (November 14-15, 2011, Leuven, Belgium)
• “Building the Legal Framework for Identity Federation,” Aerospace & Defense Industry Transglobal Secure Collaboration Program (October 13, 2011, The Hague, Netherlands)
• “State & Federal Law Privacy Update,” PLI Twelfth Annual Institute on Privacy & Data Security Law (July 18-19, 2011, Chicago and May 23, 2011, San Francisco) Conference Co-Chair
• “Social Media Issues,” PLI Corporate Compliance and Ethics Institute 2011 (May 12-13, 2011, Chicago)
• “Online Trust: A National Imperative,” National Association of State CIOs (NASCIO) (May 5, 2011, Washington DC)
• “What Is an Identity Trust Framework? Addressing the Legal and Structural Challenges,” 2011 Identity Protection and Management Conference, Information Assurance Directorate at the National Security Agency (April 19, 2011, Orlando)
• “Addressing the Legal Risks of Identity Management” RSA Security Conference (February 16, 2011, San Francisco)
• “Identity Management: The Next Frontier for International E-Commerce,” United Nations Commission on International Trade Law (February 14, 2011, New York)
• “Identification and Authentication; Emerging Trends in Identity Management,” International Association of Privacy Professionals, Privacy Academy 2010 (September 30, 2010, Baltimore)
• “Data Security Law: Developing a Comprehensive Information Security Program,” PLI 11th Annual Institute on Privacy & Data Security Law (May 24-25, San Francisco, and July 19-20, 2010, Chicago) (Conference Co-Chair and Speaker)
• “Making Federated Identity Management Work: Balancing Privacy Rights and Legal Obligations,” International Association of Privacy Professionals, Global Privacy Summit (April 21, 2010, Washington, D.C.)