During the sales booth, polished and detailed marketing materials will be presented to potential customers, detailing the different aspects of the vendor`s product, including the various cybersecurity devices they have put in place. However, most contracts contain little information about the precautionary measures themselves. Ultimately, if a provider has access to personal data, you should include specific and detailed cybersecurity and data protection requirements in the contract. After months of insistence, Blackbaud yesterday released a report by the Securities and Exchange Commission showing that other forensic investigations have shown that “cybercriminals have been able to access certain unencrypted fields for banking information, social security numbers, usernames and/or passwords. Allocating creditors with access to your employees` or customers` data is the first step in a credit management program. This incident reminds us that lenders are attacked in the same way as your organization. Your business data is your responsibility, even if it is held by a creditor, so it may be helpful to ask that the priority of your supplier management program plays a role. The reality is that most third-party terms “standard” are all unilateral in favor of the seller. If things go wrong as in the Blackbaud incident, it is important to have the appropriate legal conditions in the contract to protect your interests. While it is not possible to provide an exhaustive list of issues to consider when negotiating the contract, I recommend that the following five points always be addressed before a third-party technology contract is signed. Talk to our experienced staff for immediate help. “As a home practitioner, I rarely have time to participate in formal seminars and conferences.
That is why I believe that the press releases of the various law firms are invaluable in keeping me informed of the evolution of the law and the most recent jurisprudence. The service that Lexology offers by consolidating these various press releases and classifying them among the corresponding categories, is for me a timepiece and allows me to make a quick daily scan of the latest developments. The incident illustrated several things that need to be considered: 3. Violation notification and credit monitoring fees Suppliers regularly try to limit all claims for loss or damage that may occur. As a general rule, they try to limit the recovery period to six months or less of the fees paid. I propose that the “cap” be fixed to a multiple of the contractual value and not be bound by the funds paid so far. This avoids limited compensation for claims that occur at an early stage in the term of the contract. 2. Plans for Exclusions of Limitation of Responsibility If you have a contractual language with your suppliers regarding appropriate data protection measures to protect your data, what happens after a security incident, notification and compensation? The Blackbaud incident shows that the offences are occurring.