Employee or customer private information and other confidential data with service providers are frequently required by the cloud computing service arrangements. For transition and other purpose, vendors are sometimes granted access to the organization’s current IT system. The organization’s data security risk profile is compromised when a third party is involved in handling personal data.
To help the attorneys to minimize data security and privacy risks the following points must be kept in mind.
- Service providers to obey with all relevant data security and privacy laws, industry standards and regulations.
- Use customer organizations IT system data only as required to perform the agreed-on services except only when the exception is authorized.
- Define a least customary of care for privacy and data security.
- Require service providers to enact the identical data and privacy security responsibilities on their service providers or other subcontractors.
- All copies of the organization’s data on termination of the agreement should be destroyed or returned by the service provider.
- Address risk provision, specifically if other security incident or a data breach occurs.
- Comprise data and privacy security routine outlooks and measures in any overall SLAs (Service Level Agreements) transferred for the services.