Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
Prescriptively; utilizing security, privacy and intellectual property clauses in contractual agreements may aid in clarifying expectations as well as reduce adverse outcomes in post-facto legal disputes. Parties to information asset related contracts should consider documenting terms for:
• signing non-disclosure agreements;
• granting the right-to-audit contractor controls;
• limiting the right-to-access specific information;
• processing the return or destruction of all records at contract termination;
• ensuring implementation of audit trails to closely monitor how information is handled;
• utilizing encryption technology that allows only authorized individuals to view decrypted data;
• addressing approval by applicable government oversight agencies of any subcontracting arraignments; and
• identifying and separating personal and/or confidential information being handled under a contract from other data held by the contractor.
Hillier, Peter J. “Transborder Data Flow – Intruding on Privacy?” knowledgeleader.com. (August 2006). http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/TFTransborderDataFlowIntrudingonPrivacy!OpenDocument&NWeekly
(accessed April 21, 2008).