Recently I was asked to put together an agreement covering “all the data clauses”. That’s a great and unusual brief. More on the context in a minute.
That request prompted me to compile this list. I also do a “Data and Privacy” presentation, and it was good to test the list of topics, and capture the provisions as a body.
The index of data topics, in general terms and all up for negotiation, looked like this –
Data Ownership – often dealt with by Intellectual Property clauses. Each party owns its data. Each licences the other to use its data for the purpose of this contract and nothing else. If a party develops new data, it owns it unless the other party pays for it.
Confidentiality – a party may only use the other party’s confidential information for permitted purposes. It may only disclose to specified external parties.
Privacy – Personal information is often exchanged in business-to-business contracts. It attracts all the same protections as commercial information, and then some. Each party must comply with privacy laws including in its policy, collection, use, disclosure, and breach response.
Data Security – the party providing data will ensure data is not contaminated. The recipient will do a good job protecting it.
Global context – where parties are in different countries, commercial confidentiality is BAU but privacy gets complicated. The EU General Data Protection Regulation, with its global reach, comes to the fore.
We could have kept going – liability and indemnity for breach; special rules for personal credit and sensitive information; IT Security Policy; document retention; information sharing protocols; individual Deeds of Assurance; reporting and monitoring, and so on.
So what is unusual about that list? Typically, data management clauses fall under the relationship contract, such as service provider / client. Or various provisions pop up in different contracts. This was a rare chance to think about data as THE subject of the contract.
To close with the context, which illustrates a broader point – my client and the other side are high-end global businesses who enjoy a relationship that functions well but, all agree, could be better documented. Across the whole relationship, the one urgent topic everyone agreed should be written down and signed off in one spot, is data.
Comments