Skip Navigation

Universally Compliant Contract Available

Bookmark and Share

First presented at the recent i-SIGMA ANZ Conference in Sydney, and announced in last week’s PRISMdirect, the new service provider template is now available. The contract differs from the prior sample template as it incorporates language important to all global data protection regulations, including those in the U.S. and Canada, as well as the General Data Protection Regulation (GDPR) (European Union), the Australian Privacy Act, and emerging state laws such as California’s Consumer Privacy Act (CCPA).

Based on a sample contract provided by Iron Mountain more than a decade ago, the association’s standard industry contract was modified by Kirk Narha (currently with the law firm Wilmer Hale) following the 2009 HITECH amendment to HIPAA. More recently, the European law firm Allen Overy modified the association’s sample service contract to address the relevant aspects of the General Data Protection Regulation (GDPR), and more recently still, the association engaged the Australian compliance consultancy of Information Integrity Solutions to shore up contractual gaps resulting from the recent amendments to the Australia Privacy Act, including the introduction of unique requirements muddying the line related to breach notification responsibilities.

Because the sample contract language deals with several issues which members and their legal counsel need to evaluate, the document is heavily annotated, with comments regarding the applicability and impact of specific clauses described in detail.

“While it is generally the data controller's obligation to produce and execute a contract with its data processors,” says i-SIGMA CEO Bob Johnson, “most data controllers do not have access to the level of expertise necessary to create an effective contract, and as a result leave themselves and their service provider exposed to dangerous risks.”

Johnson is quick to add the value of the new contract goes beyond compliance.

“Service provider contracts are critical to compliance,” says Johnson, “and NAID and PRISM International members capable of speaking intelligently about these issues will be far more successful in the emerging market for data protection services.” 

The fully annotated Universal RIM/Destruction Service Provider Contract is now available to NAID and PRISM International Active Members free-of-charge. To obtain it, Active Members in good standing must submit the i-SIGMA Standard Industry Templates Release Form.

To assist users of the contract in maximizing its potential and best understanding the applicability of the various sections, the association will host a webinar on August 20, 2019, at 3:00 p.m. ET. Space is limited. Members are encouraged to register to attend.

Register Now