Contributed to Bloomberg Law by Reena Bajowala, data security and privacy partner at Ice Miller

In-house counsel should consider these key issues and topics to ensure that their organization and its vendors abide by applicable consumer data privacy law compliance requirements and maintain the security of the company’s and its customers’ data.

[Download our 27-point Data Security Checklist for Managing Vendor Contracts.]

Shifting liability

• Does the contract mitigate the inherent uncertainties of vendors managing and handling data by requiring the vendor to have cyber liability insurance?
• Does the contract’s limitation of liability clause adequately allocate the liability between the parties?
• Does the contract allocate which party will be responsible for any fines or other costs relating to the vendor’s violations of requirements to keep data secure?

Contract provisions should attempt to transfer whatever risk the company is not able to mitigate on its own. When contracting with vendors, consider how common contract provisions can be used in ways that shift liability when it comes to matters related to data security.

Cyber liability insurance can help mitigate the risks associated with having vendors manage and handle customer and client data. A common request, which depends on the risk involved, is for $5 million in cyber insurance.

These contract provisions will often prescribe minimum limits, detail the types of incidents covered, or even demand that the company be...

Read Full Story: https://news.google.com/rss/articles/CBMieWh0dHBzOi8vcHJvLmJsb29tYmVyZ2xhdy5j...