Thomas Smedinghoff is a partner at Edwards Wildman, where his practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. Tom is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, privacy, information security, and online authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement first-of-their-kind e-commerce initiatives, electronic transactions, and identity management and information security legal infrastructures for the federal government, and national and international businesses including banks, insurance companies, investment companies, and certification authorities. He has also been actively involved in developing legislation and public policy in the area of electronic business at the state, national, and international levels.
· Chair of the American Bar Association Identity Management Legal Task Force, and working with private sector, federal government, and international organizations to address the challenges of developing an identity management legal framework
· Serves as counsel for companies, government agencies, and trade associations throughout the world in addressing new and developing legal issues relating to electronic business activities, online electronic transactions, identity management, information security, and data privacy.
· Has worked extensively with clients in newly developing legal areas such as identity management and online authentication, electronic negotiable instruments, digital signatures and voice signatures, PKI, e-notarization, and other unique forms of electronic transactions and e-business activities.
· Was a pioneer in the subject of PKI and digital signature law, representing the federal government, national banks, and certification authorities in developing first-of-their-kind public key legal infrastructures.
· Chaired the Illinois Commission on Electronic Commerce & Crime, and in that capacity wrote the Illinois Electronic Commerce Security Act (enacted in 1998). This Act had a significant influence on national and global e-commerce legislation, including the Uniform Electronic Transactions Act in the U.S., the European Union Electronic Signature Directive, the United Nations UNCITRAL Model Law on Electronic Signatures, the Canadian Personal Information Protection and Electronic Transactions Act, and the Singapore Electronic Transactions Act.
· Helped to negotiate the 2005 United Nations Convention on the Use of Electronic Communications in International Contracts as part of the U.S. Delegation to the United Nations Commission on International Trade Law. This is the first international treaty that focuses on general cross-border e-commerce and electronic transactions, and is expected to have a major impact on international business.
· Assisted in development of a new identity management legal structure for browser-based online authentication. Resolved rights, responsibilities, and liabilities of participants in system to allow website users to verify the identity of the company they are dealing with, in order to address the problem of phishing and to promote secure commerce.
· Central Point Software, Inc. v. Nugent, 903 F. Supp. 1057; 37 U.S.P.Q.2D (BNA) 1051; Copy. L. Rep. (CCH) P27,478, E.D. Tex. 1995
· Member, U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL), participating in the Working Group on Electronic Commerce, 1997-present
· Member, World Customs Organization - UNCITRAL Joint Legal Task Force, 2008-present
· Member, Legal Working Group of the United Nations Center for Trade Facilitation and Electronic Business (UN/CEFACT), 2004-present
Uniform Law Commission (National Conference of Commissioners on Uniform State Laws)
· ABA Advisor to Committee to Implement the UN E-Commerce Convention, 2008-present
· ABA Advisor to Drafting Committee on Uniform Electronic Transactions Act (now adopted in 47 states), 1997-1999
State of Illinois
· Chair, Illinois Commission on Electronic Commerce and Crime, 1996-1998
American Bar Foundation
· fellow, American Bar Foundation, 2004-present
· Adjunct Assistant Professor of Business Law, Brennan School of Business, Dominican University, 2004-present
· Adjunct Professor, The John Marshall Law School, Chicago, 1985-2002
· Member, Board of Editors, BNA Electronic Commerce & Law Report, 2000-present
· Member, Editorial Board, Internet Law & Business, 1999-present
· Member, Board of Editors, Privacy & Data Security Law Journal, 2005-present
· Member, Board of Editors, BNA Privacy & Security Law Report, 2009-present
· Member, Board of Editors, The SciTech Lawyer, ABA Section of Science & Technology Law, 2008-present
American Bar Association
· Chair, Federated Identity Management Legal Task Force, Section of Business Law, 2009-present
· Co-Chair, Cyber Security Subcommittee, Section of Business Law, 2011-present
· Chair, Section of Science & Technology Law, 1999-2000
· Chair, Electronic Commerce Division, Section of Science & Technology Law, 1995-2003
· Chair, International Policy Committee, Section of Science & Technology Law, 2003-2011
International Technology Law Association
International Association of Privacy Professionals
Chicago Bar Association
· Chair, Computer Law Committee, 1984-1985
· Best Lawyers in America 2011 (Information Technology Law)
· Chambers USA 2012: America's Leading Business Lawyers (Privacy & Data Security Law; Technology Law)
· Chambers Global: The World's Leading Lawyers 2011 (Technology Law)
· International Who's Who of Internet & e-Commerce Lawyers, 2011 & 2012
· Legal Media Group: Guide to the World's Leading Technology, Media and Telecommunications Lawyers (Information Technology Law)
· Leading Lawyers (Computer & Technology Law; International & Business Trade Law)
· SuperLawyers 2011 and 2013, (Illinois) (Information Technology/Outsourcing, International, Intellectual Property)
· Who's Who in American Law 2011, Marquis Who's Who
· Who's Who in the World 2011, Marquis Who's Who
Recent Speaking Engagements and Publications
· INFORMATION SECURITY LAW: THE EMERGING STANDARD FOR CORPORATE COMPLIANCE, (IT Governance Publishing, 2008).
· ONLINE LAW: THE LEGAL GUIDE TO DOING BUSINESS ON THE INTERNET (editor and principal author); (Addison-Wesley, 1996, 6th printing 2000) (Japanese translation published by Shichiken Publishing Co., 1998).
· MULTIMEDIA LAW HANDBOOK (Wiley Law Publications 1995).
· THE SOFTWARE PUBLISHERS ASSOCIATION LEGAL GUIDE TO MULTIMEDIA (Addison-Wesley, 1994).
· THE LEGAL GUIDE TO DEVELOPING, PROTECTING AND MARKETING SOFTWARE (John Wiley & Sons, Inc. 1986).
· "Ambiguities in State Security Breach Notification Statutes," published as chapter in Thomson, Ed., DATA BREACH AND ENCRYPTION HANDBOOK (American Bar Association, 2011)
· "Legal and Regulatory Obligations," published as chapter in Axelrod, Bayuk and Schutzer. Ed, ENTERPRISE INFORMATION: SECURITY AND PRIVACY (Artech House, 2009)
· "Defining the Legal Standard for Information Security: What Does "Reasonable" Security Really Mean?," published as chapter in Chander, Gelman and Radin, Ed., SECURING PRIVACY IN THE INTERNET AGE, (Stanford University Press, 2008)
· "Analysis of Article 9 of the United Nations Convention on the Use of Electronic Communications in International Contracts," and "Role of Information Security in the Electronic Communications Convention," published as chapters in Boss and Kilian, Ed., THE UNITED NATIONS CONVENTION ON THE USE OF ELECTRONIC COMMUNICATIONS IN INTERNATIONAL CONTRACTS: AN IN-DEPTH GUIDE AND SOURCEBOOK (Kluwer Law International, 2008)
· "Structuring International E-Transactions," published as chapter in "Inside the Minds" book titled INTERNATIONAL TRADE LEGAL STRATEGIES (Aspatore Books, Nov. 2007)
· "Developing a Legally Compliant Corporate Information Security Program," published as chapter in book titled THE IN-HOUSE COUNSEL'S ESSENTIAL TOOLKIT (American Bar Association, July 2007)
· "E-Commerce Law" (co-author), published as Chapter 29 in 4-volume treatise titled UNITED STATES LAW OF TRADE AND INVESTMENT (William S. Wm. S. Hein & Co, 2001)
· "Creating Enforceable Electronic Transactions" published as chapter in book titled INTERNET LAW FOR THE BUSINESS LAWYER (American Bar Association, 2001).
· "Massachusetts to Retailers: ZIP Codes Are Personal Info," quoted, Ad Age, April 4, 2013.
· "Computing and the Law: Privacy and Data Security," co-author, Computer Magazine, March 2012.
· "European Data Protection Reform Update: Summary of the 25 January 2012 Announcement," co-author, Edwards Wildman Palmer LLP Client Advisory, January 2012.
· "Solving the Legal Challenges in Verifying Online Identity," The SciTech Lawyer, Volume 8, Number 2, Fall 2011.
· "WikiLeaks Incident - Two Key Legal Lessons for Business," Client Bulletin, December 2010.
· "Developing a Comprehensive Written Information Security Program," The Computer & Internet Lawyer, Vol. 27, No. 11, November 2010.
· "Building an Online Identity Legal Framework: The Proposed National Strategy," BNA Privacy & Security Law Report, July 12, 2010.
· "Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate," (SSRN, August 21, 2009).
· "New Data Security Regulations Create Compliance Challenges for Businesses," The Secure Times, Winter 2009 (Co-Author).
· "Defining the Legal Standard for Information Security: What Does "Reasonable" Security Really Mean?," published as chapter in Chander, Gelman and Radin, Ed., Securing Privacy in the Internet Age, (Stanford University Press, 2008).
· "New State Regulations Signal Significant Expansion Of Corporate Data Security Obligations," BNA Privacy & Security Law Report, October 20, 2008 (Co-Author).
· "The Legal Challenges of Implementing Electronic Transactions," UCC Law Journal, Vol. 41, No. 1, September 2008.
· "Addressing The Legal Challenges of Federated Identity Management," BNA Privacy & Security Law Report, March 3, 2008.
· "The State of Information Security Law: A Focus on the Key Legal Trends," EDPACS, The EDP Audit, Control, and Security Newsletter, January-February 2008.
· "It's All About Trust: The Expanding Scope of Security Obligations in Global Privacy and E-Transactions Law," Michigan State Journal of International Law, December 2007.
· "Structuring International E-Transactions," International Trade Legal Strategies, Aspatore Books, November 2007.
· "Director Responsibilities For Data Security: Questions the Board Should Ask," Director's Monthly, April 2007.
· "Where We're Headed - New Developments and Trends in the Law of Information Security," Privacy & Data Security Law Journal, January 2007.
· "Security Breach Notification Law-Defining a New Corporate Obligation," World Data Protection Report, September 2006.
· "E-Transactions: The Key Rules for Ensuring Enforceability," Electronic Banking Law & Commerce Report, June 2006.
· "Online Access to Corporate Information: New Legal Rules for Authentication," Privacy & Data Protection Legal Reporter, May 2006.
· "Online Transactions: The Rules for Ensuring Enforceability in a Global Environment," The Computer & Internet Lawyer, April 2006.
· "The Challenge of Electronic Data: Corporate Legal Obligations to Provide Information Security," The Wall Street Lawyer, March 2006.
· "Computing and the Law: Privacy and Data Security," speaker, Computer Magazine Podcast, March 2012.
· "Protecting Personal Information," Illinois State Bar Association Online Course (March 14, 2012).
· "Data Breach Laws: Will They Save or Sink You in a Massive Attack?," RSA Conference 2012 (February 29, 2012, San Francisco)
· "Tackling the Identity Management Liability Problem," RSA Conference 2012 (February 29, 2012, San Francisco)
· "Solving the Legal Challenges of Identity Management," ABA Cyberspace Law Committee Institute and Winter Working Meeting, January 20-21, 2012
· "Recent Developments in Cyber Risk," Edwards Wildman Palmer LLP Webinar, November 17, 2011.
· "State & Federal Law Privacy Update," PLI Twelfth Annual Institute on Privacy & Data Security Law (July 18-19, 2011, Chicago and May 23, 2011, San Francisco) Conference Co-Chair
· "Social Media Issues," PLI Corporate Compliance and Ethics Institute 2011 (May 12-13, 2011, Chicago)
· "Online Trust: A National Imperative," National Association of State CIOs (NASCIO) (May 5, 2011, Washington DC)
· "Legal Roadblocks to NSTIC: Exploring Privacy, Security and Liability for an Online Trusted Identity," TechAmerica (April 26, 2011, Washington DC)
· "What Is an Identity Trust Framework? Addressing the Legal and Structural Challenges," 2011 Identity Protection and Management Conference, Information Assurance Directorate at the National Security Agency (April 19, 2011, Orlando)
· "Addressing the Legal Risks of Identity Management" RSA Security Conference (February 16, 2011, San Francisco)
· "Identity Management: The Next Frontier for International E-Commerce," United Nations Commission on International Trade Law (February 14, 2011, New York)
· "Identification and Authentication; Emerging Trends in Identity Management," International Association of Privacy Professionals, Privacy Academy 2010 (September 30, 2010, Baltimore)
· "Data Security Law: Developing a Comprehensive Information Security Program," PLI 11th Annual Institute on Privacy & Data Security Law (May 24-25, San Francisco, and July 19-20, 2010, Chicago) (Conference Co-Chair and Speaker)
· "Making Federated Identity Management Work: Balancing Privacy Rights and Legal Obligations," International Association of Privacy Professionals, Global Privacy Summit (April 21, 2010, Washington DC)
· "Legal Risks of User and Enterprise Oriented Identity Management Systems," RSA Security Conference (March 3, 2010, San Francisco)
· "State Security Laws and Regulations - The New Deal," PLI 10th Annual Institute on Privacy & Data Security Law (June 1-2, San Francisco, and July 20-21, 2009, Chicago) (Conference Co-Chair and Speaker)
· "Privacy and Identity Management: New Role and New Obligations for the Notary," The 5th International Forum on eNotarization, eSecurity and eApostilles (June 11, 2009, Las Vegas)
· "Information Security Law: The Emerging Global Standard for Compliance," RSA Security Conference (April 22, 2009, San Francisco)
· "Drafting Identity Management Contracts: Understanding the Legal Challenges," RSA Security Conference (April 21, 2009, San Francisco)
· "The Emerging Law of Data Security: From Corporate Obligations to Provide Security to Breach Notification Requirements," PLI 9th Annual Institute on Privacy & Security Law (July 21-22, 2008, Chicago) (Conference Co-Chair and Speaker)
· "The Common Law Perspective on Cross-Border E-Signatures," The 4th International Forum on eNotarization, eApostilles and Digital Evidence (May 29-30, 2008, New Orleans)
· "The Legal Challenges of Moving Transactions to an Electronic Environment," 41st Annual Uniform Commercial Code Institute (April 16-17, 2008, Washington DC)
· "Solving the Legal Problems Raised by Using Identity Management in E-Commerce," RSA Security Conference, San Francisco, April 8-11, 2008.
· "The Legal Challenges and Opportunities of Technological Change: The Impact of Globalisation, Interconnectivity and Harmonisation," Centre for Commercial Law Studies, Queen Mary University of London, February 7-8, 2008.
· "Board Oversight of IT Governance," 2007 NACD Corporate Governance Conference, Washington D.C., October 15-16, 2007.
· "Information Compliance Overload: Making Sense of Privacy and Security laws and Regulations," PLI 8th Annual Institute on Privacy & Security Law, Chicago, July 16-17, 2007.
· "Digital Evidence: Signer Authentication Requirements and Strategy," Third International Forum on e-Apostilles and e-Notarization, Los Angeles, May 31 - June 2, 2007.
· "Creating Online Enforceable E-Transactions," 40th Annual Uniform Commercial Code Institute, Chicago, April 27, 2007.
· "It's All About Trust: Global Trends in the Law of Privacy, Security, and E-Transactions," Michigan Symposium: "E-Commerce: Challenges to Privacy, Integrity, and Security in a Borderless World," Michigan, February 23, 2007.
· "Can Identity Management Enable Spontaneous Contracting?" RSA Security Conference, San Francisco, February 5-9, 2007.
· "Where We're Headed: New Developments and Trends in the Law of Information Security," Georgetown Conference on Emerging Trends in Information Security & the Law, Washington, D.C.; November 9-10, 2006.
· "What Is Electronic Commerce? Methods of Contracting and Transactions Online, and E-Authentication: Risk and Fraud," Conference on E-Commerce, sponsored by the U.S. Department of Commerce Commercial Law Development Program and The Arab Council for Judicial and Legal Studies, Manama, Bahrain; September 11-12, 2006.
· "New Domestic Information Privacy and Security Legislation and Policy," PLI 7th Annual Institute on Privacy Law, Chicago; July 17-18, 2006. Served as Conference Co-Chair.
· "Electronic Signatures and the New UN Convention," Second International Forum on eNotarization and eApostilles, Washington, D.C.; May 27-29, 2006.
· "Contentious Issues in World Regulation of the Internet," World Computer & Internet Law Congress, San Francisco; May 4-5, 2006.
· "Electronic Transactions: Ensuring Enforceability in a Global Environment," Conference on Judicial Strategies for the Application of the Egyptian E-Signature Law, sponsored by the United States Department of Commerce Commercial Law Development Program, The Egyptian Ministry for Judicial Studies; Cairo, Egypt, March 8-9, 2006.
News & Publications
June 11, 2013, Edwards Wildman's Tom Smedinghoff Comments on How Surveillance Scandal Could Propel Privacy Laws in Crain's New York Business and Ad Age
May 28, 2013, Chambers USA 2013 Ranks 37 Edwards Wildman Lawyers in 17 Practice Areas
April 4, 2013, Edwards Wildman's Tom Smedinghoff Analyzes MA Supreme Court Ruling on ZIP Codes in Ad Age
March 15, 2013, Chambers Global Guide Ranks Seven Edwards Wildman Attorneys
January 17, 2013, Edwards Wildman's Larry Freedman and Tom Smedinghoff Author Articles in M/E Insights
January 15, 2013, Edwards Wildman's Tom Smedinghoff Comments on Top Online Identity Trends in Bloomberg BNA's E-Commerce and Tech Law Blog
January 4, 2013, Edwards Wildman's Tom Smedinghoff Comments on Top Cyberlaw Developments in Bloomberg BNA's Electronic Commerce & Law Report
October 17, 2012, Edwards Wildman's Tom Smedinghoff Authors Article on Key Requirements for Online Transactions in Computer Law & Security Review
September 27, 2012, Best Lawyers Recognizes 56 Edwards Wildman Attorneys
June 7, 2012, Chambers USA 2012 Ranks 34 Edwards Wildman Lawyers in 17 Practice Areas
January 2012, Edwards Wildman Client Advisory - European Data Protection Reform Update: Summary of the 25 January 2012 Announcement
An Edwards Wildman Privacy & Data Protection Client Advisory
Fall 2011, Writing for SciTech Lawyer, Tom Smedinghoff Addresses Issues in Verifying Online Identity
September 9, 2011, California Amends Data Breach Law To Specify What Information to Include In Breach Notification and Potentially To Send Notice To CA AG's Office
December 2010, WikiLeaks Incident: Two Key Legal Lessons for Business
Besides Edwards Wildman
Tom is married and has four children, and lives in the Western suburbs of Chicago. He likes to camp and to hike in the mountains. He continues to hope that someday the Cubs will win the World Series.
July 15-16, 2013, Chicago, IL, PLI 14th Annual Privacy and Data Security Law Institute
August 3, 2012, Chicago, IL, American Bar Association Section of Family Law 2012 Annual Meeting
July 16-17, 2012, Chicago, IL, Privacy and Data Security Law Institute
May 9, 2012, The Emerging Legal Framework for Identity and Access Management presented by EDUCAUSE
March 14, 2012, Illinois State Bar Association's Protecting Personal Information
February 27 - March 2, 2012, San Francisco, CA, RSA Conference 2012
January 20-21, 2012, San Francisco, CA, ABA's Cyberspace Law Institute & Winter Working Meeting
January 12-13, Washington, DC, ABA Identity Management Legal Task Force
November 17, 2011, Edwards Wildman on Recent Developments in Cyber Risk: The SEC's New Position on Cyber Risk Disclosures and Developments in Data Breach Management
· Cloud Computing & Managed IT Services
· United Nations
· Uniform Law Commission
· American Bar Foundation
· American Bar Association
· International Technology Law Association
· International Association of Privacy Professionals
· Chicago Bar Association