February 18, 2021
Member, Stoll Keenon Ogden PLLC
With the current focus on data privacy and security as well as the growing use of technology in your business, do your agreements with vendors contain the protections you need? Simply because you engaged a vendor for a particular task will not necessarily protect you from the potential for losses. Unfortunately, liability related to data breaches through vendors is common. Thus, it is all the more important that vendor engagements be drafted and entered into carefully, considering the vendor’s obligations to you for protection and compliance.
There should always be an assessment of what information/data a vendor will have access to, what data a vendor will store and process, and whether and how a vendor may use that data. For example, is personal information included and is that personal information particularly sensitive? Is there confidential business information involved, and how confidential is it – “bet the business” information or simply something you would like to keep confidential?
There is often an assumption that the agreement a vendor presents is non-negotiable, but that is not always the case. Even if the agreement is non-negotiable, the following questions should be asked and answered to assess any potential risks– sometimes another path is better. Also, in some cases certain risks can be mitigated by, for example, using a numeric system instead of including identifying information of individuals.
Here are ten questions to ask your technology (and perhaps other) vendors:
If you would like to further discuss these contracting issues, please contact us.
Stoll Keenon Ogden understands that these are trying times for our clients and our country. Our firm operations have continued uninterrupted and our attorneys are equipped to serve as we always have – for more than 120 years.
The firm’s Privacy & Information Security practice helps its clients identify risks and mitigate their exposure and liability when engaging service providers and when criminal activity or internal technology failure results in lost or compromised customer and/or company data. When working with vendors there may be additional risk in the event of a data breach, and it’s imperative to show reasonable steps were taken to protect data.
Please also be sure to consult the Stoll Keenon Ogden Coronavirus Resource webpage for additional articles and information related to the latest information on new laws and directives enacted by federal, state, and local governments in response to the Coronavirus pandemic.