Contracts

Why Data Processors Need Two Information Protection Policies

May 10, 2024
Posted in

This entry explains why data processors (in particular) should have two distinct complementary types of information protection policies: one outlining the information security practices related to the services they provide data controllers, and another covering how they protect the vital information used to run their business. All modern data protection regulations require data controllers (clients)…

Read More
A closeup image of a person holding a pen and preparing to sign a document

Data Controller/Data Processor Contracts #1:
Applicability

July 17, 2023
Posted in

This blog explains why and when organizations should require contracts with service providers that have access to customer or employee personal information. One of the most underappreciated aspects of data controller/data processors contracts is when they are needed. This results from either 1) a lack of awareness of their necessity, or 2) the failure to…

Read More
U.S. Securities and Exchange Commission Logo with data and legal icons

The SEC’s Proposed New Data Security Rules

April 6, 2023
Posted in

A March 15 proposal by the Security and Exchange Commission (SEC) to amend the Gramm-Leach-Bliley Act Safeguard’s Rule will require financial institutions and their data processors (i.e., secure shredders, ITADs, managed service providers, etc.) to seriously rethink and retool their data protection contracts, recordkeeping, and policies and procedures. Here’s What it Looks Like The proposal…

Read More