Recent headlines suggest, and the experiences of most companies demonstrate, the truth about data breaches—they are almost inevitable. Companies have started to realize that it is not a question of if they will have a data breach, it is a question of when. More than 90% of companies responding to a recent survey said they had experienced a data breach in the last few years. Experience indicates that the other 10% may have been less than forthcoming or did not know about breaches that had occurred.
If we know that data breaches are likely to happen, what does that mean for outsourcing contracts? As with everything else, if an event can be anticipated, contractual language should be drafted for it. Outsourcing contracts often involve transfers of the most sensitive sorts of company and personal information, and the last thing anyone wants to do in the first few panicked moments of a data breach is to be arguing with an outsourcing partner about whose responsibility it is to do what.
Check back next week for a list of data breach provisions that should be included in outsourcing contracts.