Recommended Contracting Practices for Privacy and Data Security Issues
When the due diligence is complete, the plan fiduciary will want to ensure that appropriate protections are built into its service provider contract. These protections include thoughtful contractual provisions related to confidentiality, appropriate and limited use of the provided data set, data security, audit rights, risk alloca- tion, and remedies. The plan fiduciary should consider including a detailed security schedule in order to provide sufficient detail on required security obligations. Ongoing service provider monitoring and management also are essential. The level of oversight needed