The MER Experience
The 25th Year of Delivering Premier Electronic Records Management Education

Session 10: The 7 Deadly Sins of Contracting with 3rd Party Data Service Providers: Anticipating and Preventing

Information Governance professionals are responsible for insuring that the confidentiality, security, integrity, availability, preservation and legal disposition of their company’s electronic information is assured regardless of the location of that information. As more information is created and stored in “the cloud”, the precise terms and conditions of the contract(s) between information owners and data services providers are of significant, and in some instances, critical importance. This session will discuss 7 deadly contracting sins that can leave your information at risk or imperil your ability to manage it and will provide you with legally sound, practical and tested solutions for avoiding these sins and meeting your management responsibilities.

Whether you are in jeopardy of committing one or more of the contracting sins is significantly dependent upon the context within which your data services vendor contracts are being negotiated, and the environment within which the data will be stored and managed. The first step toward successful management of outsourced data requires that Information Governance professionals understand several core contracting issues including:

  • How to identify the 7 most common contracting mistakes associated with 3rd party data service providers, and how you can quickly determine if you are or could be suffering under one or more of them.
  • How to get line business managers, records managers, and legal counsel to work more cooperatively and efficiently to address and resolve contracting sins.
  • Contract Jujitsu: Identifying business and contextual factors you can leverage to help insure that you eliminate or severely handicap the impact of any sins in your contracts.
  • How to address “right to be forgotten” privacy requirements
  • How to draft Terms of Service agreements to avoid issues of unauthorized “access”.
  • Understanding the importance of, and the difference between, potential and. actual “access” to information as an indicator of which contractual provisions are mandated by regulation.
  • Anticipating and protecting against “downstream” outsourcing agreements so as to insure that your information and rights remain protected.
  • Insuring that your E-Discovery responsibilities can be met and enforced
  • Insuring, to the maximum extent possible that your information and contractual rights remain protected after a sale or acquisition of your data services provider.
  • Identifying the responsibilities of the contracting parties if data is lost or rendered inaccessible by an Act of God, War, or Terrorism .


Speakers: Joseph Burton,Esq., Jon Stanley,Esq.