Data Security Contract Clauses for Service Provider Arrangements
Practical Law Company
July 2011
As the outsourcing of business functions becomes more popular, more businesses are sharing increased amounts of confidential data with external service providers. Often, these service providers must use personal information supplied to them by their customers to provide the relevant services. This personal information may pertain to the customer's employees and contractors, its own customers, business partners or other third parties. The customer acting as a service recipient can face significant financial and reputational harm due to a security breach or the unauthorized use of shared personal information. In this case, both the customer and service provider must contend with a matrix of obligations governing the disclosure of personal information under federal and state laws and regulations, common law privacy principles, and industry guidelines and standards.

This article provides sample clauses for use in service agreements involving the use, storage, or processing of personal information.