Norton Rose Fulbright has teamed up with the global risk advisory company Willis Towers Watson to help provide their clients with the information they need to manage data privacy risks. In Willis Towers Watson’s Winter 2016 Cyber Claims Brief, Norton Rose Fulbright attorneys Dave Navetta and Matt Spohn worked with Willis Towers Watson Executive Vice President and cyber thought leader Adeola Adele to address the risks presented when companies contract with vendors to handle their sensitive data.
The collaborative article highlights the risks of providing vendors with personal data, and addresses common pitfalls in the vendor contracting process. It concludes with a list of considerations for such situations, such as:
- Performing appropriate due diligence on a vendor’s data security practices, and its financial ability to satisfy its obligations in the event of a breach
- Limiting the data provided to a vendor
- Specifying prophylactic security measures to protect the data provided to the vendor
- Properly addressing legal risks in the vendor contract, with special attention to the warranty, damage limitation, and indemnity provisions
- Assessing whether to be named as an additional insured on the vendor’s cyber insurance policy, and coordinating any such coverage with existing coverage