Negotiating and drafting data security obligations in commercial transactions

17 May 2021 05:32

Data security is frequently an issue of critical importance in commercial contracts between both public and private sector customers and their respective suppliers.

Under commercial agreements, a supplier may have access to, or be responsible for managing or hosting, confidential business information, personal information or government official information of the customer or the customer’s end-users.

The issue of data security tends to be addressed in commercial contracts with an ever-increasing level of sophistication and detail, as technological developments continue to rapidly advance and the risk of data security breaches is ever-present.

Data security obligations in commercial contracts are often addressed under three topics:

  • data security;
  • privacy; and
  • confidentiality.

Data security obligations in commercial contracts can cover a number of aspects of data security, including compliance with a customer’s data security policies, the prevention of malicious code, application or system development in compliance with a customer’s security requirements, prescriptive technical requirements for security requirements, data sovereignty requirements, controls on suppliers’ personnel, and system access and monitoring requirements.

Commercial contracts also usually contain a range of privacy and confidentiality obligations.

Other Guidance Notes

No results found