What should be the core language that I should always have in an RFP or contract?
In other words, "What is my baseline?" The working group proposes that five themes should be present in every RFP or contract:
- Data Definition: What data are the data that needs securing Make clear what data is owned by the institution and other interested parties.
- Use of Data: What can the third-party do and not do with that data?
- General Data Protection: How does the institution expect the third-party to protect the data?
- Data Protection After Contract Termination: What should the third-party do with the institution data upon termination of the contract?
- References to Third Party Compliance With Applicable Federal, State, and Local Laws and Regulatory Requirements: With what laws does the third-party need to comply as an institution agent or custodian of institution data?
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).