Universally Compliant Contract Available
Question: What do you get when you combine the data compliance acumen of two powerhouse international law firms, the largest multinational RIM service provider, an international compliance consultancy, and the experience of the largest data-related vendor trade group in the world?
Answer: The new Universal RIM/Destruction Service Provider Contract
Originally based on a sample contract provided by Iron Mountain more than a decade ago, the association’s standard industry contract was modified by Kirk Narha (currently with the law firm Wilmer Hale) following the 2009 HITECH amendment to HIPAA. More recently, the European law firm Allen Overy modified the association’s sample service contract to address the relevant aspects of the General Data Protection Regulation (GDPR), and more recently still, the association engaged the Australian compliance consultancy of Information Integrity Solutions to shore up contractual gaps resulting from the recent amendments to the Australia Privacy Act, including the introduction of unique requirements muddying the line related to breach notification responsibilities.
The result is sample service contract addressing all compliance issues relevant to data-related service providers, especially, but not limited to, all RIM and information destruction.
Because the sample contract language deals with several issues which members and their legal counsel need to evaluate, the document is heavily annotated, with comments regarding the applicability and impact of specific clauses described in detail.
“While it is generally the data-controller’s obligation to produce and execute a contract with its data processors,” says i-SIGMA CEO Bob Johnson, “most data controllers do not have access to the level of expertise necessary to create an effective contract, and as a result leave themselves and their service provider exposed to dangerous risks.”
Johnson is quick to add the value of the new contract goes beyond compliance.
“Service provider contracts are critical to compliance,” says Johnson, “and NAID and PRISM International members capable of speaking intelligently about these issues will be far more successful in the emerging market for data protection services.”
The fully annotated Universal RIM/ Destruction Service Provider Contract will be available to NAID and PRISM International Active Members free-of-charge on 1 August 2019. To obtain it, Active Members in good standing must submit the i-SIGMA Standard Industry Templates Release Form.
To assist users of the contract in maximizing its potential and best understanding the applicability of the various sections, the association will host a webinar for Active Members on August 20, 2019, at 3:00 p.m. ET. Space is limited. Members are encouraged to register to attend.