Negotiating and drafting data security obligations in commercial transactions
17 May 2021 05:32
Data security is frequently an issue of critical importance in commercial contracts between both public and private sector customers and their respective suppliers.
Under commercial agreements, a supplier may have access to, or be responsible for managing or hosting, confidential business information, personal information or government official information of the customer or the customer’s end-users.
The issue of data security tends to be addressed in commercial contracts with an ever-increasing level of sophistication and detail, as technological developments continue to rapidly advance and the risk of data security breaches is ever-present.
Data security obligations in commercial contracts are often addressed under three topics:
- data security;
- privacy; and
- confidentiality.
Data security obligations in commercial contracts can cover a number of aspects of data security, including compliance with a customer’s data security policies, the prevention of malicious code, application or system development in compliance with a customer’s security requirements, prescriptive technical requirements for security requirements, data sovereignty requirements, controls on suppliers’ personnel, and system access and monitoring requirements.
Commercial contracts also usually contain a range of privacy and confidentiality obligations.
Other Guidance Notes
No results found