Data Processor
There is a new opportunity for data protection service providers to increase their value to current and prospective clients, and it stems from the overwhelming number of corporations now publicly committing to global data protection and privacy compliance. To learn more about who is and why they are, see the related blog titled “Why Large…
Read MoreOrganizations rely on a number of different Data Processors for things like record storage, secure shredding, computer recycling, and a long list of other services that require sharing access to regulated personal information. And, though it doesn’t replace the requisite vendor selection due diligence evaluation, assessing their compliance acumen can help determine the service provider’s…
Read MoreThis entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…
Read MoreThere may be no more confusing and misunderstood area of controller-processor contracts than insurance and indemnification. Controllers often expect processors to accept liability, while ignoring the quality (or existence) of processors’ underlying insurance coverage. Processors, on the other hand, often buy insurance products that provide minimal or no protection to meet those controller expectations. This…
Read MoreKEY TAKEAWAYS: Information custody transfers are far more ubiquitous and riskier than most organizations appreciate. From a legal and regulatory perspective, “access to” equals “custody of.” There are specific elements and contractual assurances upon which all organizations should insist when transferring personal or proprietary information. Failure to obtain the appropriate assurances from any vendor accessing…
Read MoreThis blog explains why and when organizations should require contracts with service providers that have access to customer or employee personal information. One of the most underappreciated aspects of data controller/data processors contracts is when they are needed. This results from either 1) a lack of awareness of their necessity, or 2) the failure to…
Read More