Dynamic Legal Representation for You and Your Business

FAQ of the Week - Contract Provisions Protecting Consumer Personally Identifiable Information

Q: If my third-party provider ("vendor") has access to consumer personally identifiable information, should provisions addressing the protection of such information be included in the Contractual Agreement with the vendor?

A: Yes, written agreements with third-party providers should address potential risks associated with data breaches — particularly when the vendor has access to consumer personally identifiable information. The vendor contract is a vital element of the vendor due diligence process and relationship. The contract should capture the nature of the relationship and set forth the contractual rights, obligations and duties of each party. This includes confidentiality requirements, responsibilities in the event of a breach, and liability provisions.

Since written contracts are a critical component of a sound vendor management program, regulators may review them with a degree of scrutiny. Failure to maintain sufficient protections within vendor contracts and address risks appropriately may result in unsatisfactory results during a regulatory review or examination. Additionally, insufficient contract protections could expose a company to added civil liability in the event of a breach.

Share the AGMB Compliance Question of the Week:

Facebook   LinkedIn   Twitter

New York Attorney Advertising: This email is designed for general information only.
The information presented in this email should not be construed to be formal legal advice nor the
formation of a lawyer/client relationship. Prior results do not guarantee a similar outcome.

© Copyright 2019 by Abrams Garfinkel Margolis Bergson, LLP. All rights reserved.
This email is designed and developed by PR4Lawyers.
Facebook Twitter LinkedIn Google+ Youtube Neil Garfinkel Michael Barone Neil Garfinkel E-Mail Michael Barone E-Mail Marie O' Brien Marie O'Brien E-Mail