Separate Document Addressing Data Protection

#Why is this Important
#Overview
#Criticality
#Sample RFP Language
#Sample Contract Clauses

Why is this Important:
Some contracts may not have the space, or time may be of the essence such that including data protection terms in the main contract is not possible. In that instance, institutions of higher education should consider a separate contract addendum that addresses data security issues.

Overview:
Some contract examples had an additional agreement that addressed data sensitivity and protection requirements. (For the purposes of this document, any language examples from those documents have been incorporated into this document under the appropriate heading.)

Criticality: Category 4.

Sample RFP Language:

  • Not Applicable. Theme best addressed with contract clauses.

#Top

Sample Contract Clauses:

  1. If an Institution intends to provide Sensitive Digital Data to a third party acting as an agent of or otherwise on behalf of that Institution (e.g., an application service provider) and if it determines that its provision of Sensitive Digital Data to a third party will result in a significant risk to the confidentiality and integrity of such Data, a written agreement with the third party is required which must specify terms and conditions that protect the confidentiality and integrity of the Sensitive Digital Data as required by this Policy. The written agreement must require the third party to use appropriate administrative, physical, and technical safeguards to protect the confidentiality and integrity of all Sensitive Digital Data obtained and the Institution, as applicable, should monitor compliance with the provisions of the written agreement.

#Top

special conditions

(question) Questions or comments? (info) Contact us.

(warning) Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

  • No labels