1 / 52

Vendor Contracts: What You Need and What You May Be Missing

Vendor Contracts: What You Need and What You May Be Missing. Dino Tsibouris (614) 360-3133 dino@tsibouris.com. Let’s just use our standard agreement and attach the proposal to it, we should be good to go!. What do you need to know?. Contracts, exhibits, schedules, letters, emails

eldon
Download Presentation

Vendor Contracts: What You Need and What You May Be Missing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vendor Contracts: What You Need and What You May Be Missing Dino Tsibouris (614) 360-3133 dino@tsibouris.com

  2. Let’s just use our standard agreement and attach the proposal to it, we should be good to go!

  3. What do you need to know? • Contracts, exhibits, schedules, letters, emails • Who is responsible for compliance • Consumer data privacy and security roles • Ownership of data • Minimum service and data availability • Indemnities, disclaimer of warranties, limitation of liability

  4. …is there more? • Termination rights and retention and access to data • Breach notification when it happens at the vendor • Compelled Disclosure of your data on the vendor’s system

  5. But I’m… • Not a lawyer • Too busy to “go deep” • Not worried, it’s a small dollar contract • Pretty sure it’s already covered • Used to lawyers making things too complicated

  6. The problem: Words mean things • Some words aren’t what they seem • The cost of a deal gone wrong is time and money, not just money • Small processors of personal data can create big liability (SMS/TCPA) • Your issue may not be covered • Lawyers can make it complicated but it shouldn’t be

  7. Description of Services Agreement Schedule

  8. Description of Services

  9. Description of Services In the event of conflict, Schedule governs. Schedule Agreement

  10. Description of Services When Agreement terminates, some of the services in the Schedule need not terminate. Agreement Schedule

  11. Privacy and Security of Customer Data in the Cloud Source: Ponemon Institute

  12. Privacy and Security of Customer Data in the Cloud Source: Ponemon Institute

  13. Privacy and Security of Customer Data in the Cloud

  14. Privacy and Security ofCustomer Data

  15. Privacy and Security ofCustomer Data

  16. Privacy and Security ofCustomer Data

  17. Privacy and Security ofCustomer Data • Data stored in the cloud may be compromised due to a breach • Contract must take into consideration an obligation to immediately notify, cooperate, and bear the cost of sending out breach notifications and remedial actions • Consider insurance for breaches

  18. Breach Notification • Vendor may have a breach involving your data • Must they tell you? • When? • What is your obligation to your customers?

  19. Breach Notification • Prompt breach notification of confirmed breaches and suspected breaches is crucial.

  20. Audit Rights • Data collection and usage • Security procedures/contract compliance • Financials • Timing and frequency • SAS 70/third party provided audits

  21. Service and Data Availability

  22. Service and Data Availability

  23. Service and Data Availability • The cloud service may be subject to disruptions • Where possible, negotiate fines or reimbursement for outages above and beyond scheduled maintenance • Where possible, contract for greater availability and fault tolerance

  24. Termination Provisions and Retention and Access to Data

  25. Termination Provisions and Retention and Access to Data

  26. Termination Provisions and Retention and Access to Data

  27. Termination Provisions and Retention and Access to Data

  28. Termination Provisions and Retention and Access to Data Lessons: • Ensure that ownership of information is clearly defined. • Ensure that service provider agreement takes into consideration your ability to access your data and return of your data in the form that you want at the end of the relationship.

  29. Disposal of Data • How does the contract address data return? • How does the contract address data disposal? • Ensure that service provider agreement takes into consideration your legal obligations to dispose and delete information

  30. Compelled Disclosure

  31. Compelled Disclosure

  32. Compelled Disclosure • Data stored in the cloud is subject to compelled disclosure and possibly without your knowledge due to the Stored Communications Act and National Security Letters

  33. Pertinent Laws and Compliance with Them

  34. Shurland v. Bacci

  35. Shurland v. Bacci

  36. Shurland v. Bacci

  37. Shurland v. Bacci

  38. Shurland v. Bacci

  39. Shurland v. Bacci • Translink to "use due care in providing services covered by this Agreement" and to conduct its "performance of all services called for in this Agreement . . . consistent with industry standards.”

  40. Shurland v. Bacci • Merchant warrants and agrees that Merchant shall fully comply with all federal, state, and local laws, rules and regulations, as amended from time to time, including the Truth-in-Lending Act and Regulation Z of the Board of Governors of the Federal Reserve System.”

  41. Shurland v. Bacci Lesson: Parties should clearly and unambiguously assign the responsibility to comply with each law that is material to the transaction.

  42. Indemnification

  43. Indemnification • The other side pays your costs if they are specifically named • Claims • Losses • Reasonable attorney fees • Costs

  44. Limitation of Liability

  45. Limitation of Liability • No liability • As-Is • Refund of fees paid • Capped dollar amount • Insurance proceeds only • “Direct damages” only

  46. Yes, but… Ensure that the limitation of liability clause and the indemnification clause properly interact with one another “Shall indemnify … Subject to Section 20 (Limitation of Liability).”

  47. Notice • Abide by the Notice requirements of the Agreement.

  48. Notice

  49. Clarity takes time…

More Related