Contracts

An organization may have sound rules of governance pertaining to PII but this is not always the case on the part of the parties it is doing business with. Considering that organizations are ultimately responsible for the protection and use of the PII that is entrusted to them, contracts are fundamental tools to ensure that the requirements and expectations regarding the protection of personal information are well defined when dealing with third parties in order to mitigate the risks inherent to data breaches. As a result, clauses pertaining to privacy, cybersecurity and insurability are essential considerations in various setting (employment contracts, service agreements, third-party vendors/supplier agreements, etc.).