16 key issues counsel should consider to mitigate vendor-related data breaches

Contractual provisions reduce the chance and mitigate the risk of vendor-related data breaches

A future data breach may not be the most top of mind issue for entities engaged in contract negotiations with vendors who, in the course of their work for the entity, will have access to or possession of the entity’s confidential data. But taking the time to address data breach concerns before the contract is signed, when the entity may have the most leverage, can pay big dividends should a breach involving the vendor take place. The following are some of the key issues entities generally should consider to protect themselves before and at the time of contracting with vendors. Industry-specific laws, regulations and standards also should be carefully considered.

Pre-contracting due diligence: Entities should conduct thorough technical compliance-focused due diligence to access a prospective vendor’s security infrastructure and environment. Security issues can be exposed up front and vendors that are not up to the job can be disqualified. Note that healthcare providers may need to enter into Business Associate Agreements with prospective vendors during this stage.

Contributing Author

author image

Judy Selby

Judy Selby has more than 20 years of experience in large scale first- and third-party complex insurance coverage matters, providing a full range of services...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.