Tweet

Are You Ready for Data Security Compliance Language?

Guest post by: Marijo McCarthy

Article Overview: While spending much of the summer reviewing and renewing contracts for my clients, I started to see contract clauses being regularly inserted to protect the other party from exposure to violations of data security and privacy laws and regulations. Given the stiff enforcement penalties and, even worse, the bad publicity which can result when a company has a data security breach, it's no surprise that many businesses are beginning to update their contracts to comply with these new state and federal rules.

Are You Ready for Data Security Compliance Language?

While spending much of the summer reviewing and renewing contracts for my clients, I started to see contract clauses being regularly inserted to protect the other party from exposure to violations of data security and privacy laws and regulations.

Given the stiff enforcement penalties and, even worse, the bad publicity which can result when a company has a data security breach, it's no surprise that many businesses are beginning to update their contracts to comply with these new state and federal rules.

With that in mind, here are three key questions and related examples which may help you to cautiously and carefully integrate the legitimate needs of your clients into your old and comfy form of client contracts, as they come up for renewal.

1. Who has primary liability? In other words, who is first in the line of defense? If it isn't your client, you need to consider how to modify such a provision in the contract.
   
   Consider this example:
   
   
   Before:
   
   "Consultant will not take any action that puts Client in breach of its obligations under privacy laws."
   
   After:
   
   "Consultant will not, to the best of its knowledge, take any action that puts Client in breach of its obligations under privacy laws."
   
   
   After all, why should your client assume that you are aware of all state, Federal and international privacy laws to which it is subject? Be sure to only accept responsibility for that information of which you can reasonably be expected to be aware.

1. What does this provision really mean? If you are presented with vague words, my suggestion is always to politely ask for more specificity, such that, by the time you sign the contract, you know exactly what your obligations are.
   
   Consider this example:
   
   
   Before:
   
   "… confidential information of Client and its customers shall be deemed to include, but not be limited to (i) all information concerning or belonging to Client or a third party that is disclosed or otherwise becomes known to Consultant in connection with this Agreement…"
   
   After:
   
   "… confidential information of Client and its customers shall be deemed to include, but not be limited to (i) all information [delete "concerning or"] belonging to Client or a third party that is disclosed or otherwise becomes known to Consultant in connection with [add "the provision of the Services by Consultant under"] this Agreement…"
   
   
   The parties should aim for clarity in the contract. Vague and ill-defined terms serve neither side well in the long run.

1. How do you limit your liability for privacy laws compliance? Many consulting contracts include standard language which limits damages to the fees paid to the consultant under the contract. When it comes to compliance with privacy laws, however, that careful protection seems to be flying out the window.
   
   This is tricky to negotiate and may depend upon the relative size of the consultant versus the client. Ultimately, you may lose the battle.
   
   Prior to engaging in the discussion, however, it would be wise to have an in-depth conversation with your insurance advisor about your existing coverage, your specific concerns in this area, and any recommendations he or she may have for expanding or increasing that coverage.
   
   Good insurance advisors are an essential part of the team when it comes to reviewing potential specific exposure under contracts — use this team member's knowledge and experience to help guide you now, before you are faced with a claim later.

Contracts are living, breathing documents. Defensive drafting, with reasonable positions and rationale for changes which you can explain, will keep these documents moving through your business channels producing revenue, and being more asset than liability.

Related Articles
  Data Security & Outsource Service Providers
  How to maintain data privacy?
  Deadline Approaching for Mass Data Security Law: No More Time to Procrastinate
  SME's - a link between funding and a compliance model
  Complying with the New Data Security Law
  Data Security is Mandatory
  5 Compliance Functions Every Accounting System Should Have
  Backup Software Solution is a Joke
  Data Loss - The Scariest Term in Business Today
  Security Concerns with Cloud Computing Services
  India Passes New E-Waste Legislation Affecting Computer Recycling
  Key 2011 Hacker Prevention Lessons
  Hurry Up & Wait!
  Compliance smells like money.
  Shady RAT World Wide Hacking
  Retail Security
  BlackBerry Application Development - The Apps Run on the Securest OS
  New laws governing the confidentiality of social security numbers affect Connecticut employers
  RISKY BUSINESS
  SME's - a solution for Africa

Article Tags: compliance language, contract clauses, contracts, data security, laws and regulations, security compliance



Related Forum Posts
Re: What's the best anti-virus/spyware software? - I use home AVG Internet Security and I'm pretty satisfied with it.
How can I best help you? - I'm looking forward to sharing my ideas and insights here about taking your business to the next level. Before I jump in, I'd love to find out what would be most helpful to you. So, I'd appreciate hearing your responses to: How can I best help you to take your business to the next level? What are you struggling with at the moment? What would you most like to learn? and I'll do my best in responding to you Ready, get set, go . . . Wendy
Re: Does Your Website Have a Robots.txt File? - HI Carol, Your robot file is correct; no lets work on your Page Titles & Meta Data. Do you have access to create different page titles for each page of your website? Do you have your FTP information...please do not post it here but just let me know if you have access. Jeff
Re: What the Best CEOs Know by Jeffrey Krames - [quote="ideasuniversity":w31gke82]Where can I get this book? Two of my mentors are in the book[/quote:w31gke82] I would check where ever you normally buy books. I checked Amazon and they have new, used and Kindle editions. These are the book details - # Paperback: 250 pages # Publisher: McGraw-Hill; 1 edition (September 19, 2005) # Language: English # ISBN-10: 007146252X # ISBN-13: 978-0071462525 Lots of great content and lots of useful info. Shri
Re: What I Enjoyed Reading This Week - June 11 - Hi Evan, Thank you for the reading material. I look forward to the general release later this month as outlined in the 'Google Analytics To Add Search Query Data From Webmaster Tools' article. Anything that helps us to understand maximise extra data from Google Analytics can only be of benefit. regards, Mal.


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

Ready for a Fresh Image?

If I Were Starting A Network Marketing Company...

Selling On Ebay The Good The Bad And The Ugly

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.