 Bloomberg recently published Data Security Practices: State Laws, a report that was prepared in cooperation with Melissa Krasnow, partner with VLP Law Group LLP. The report is available for download and goes through a state-by-state analysis of the different requirements. We have heard a lot about state laws that require private companies to implement data security practices when handling personal information but did you know that eleven states now require companies to incorporate data security provisions in vendor contracts?
The report itself is almost 50 pages but it organizes the content into a state-by-state summary of the 11 that require specific inclusion of data security provisions in vendor contracts, a chart displaying laws in each state, and details on whether a given law applies to all business or only those in a specific sector. This report goes through the 11 states that require provisions in vendor contracts: Alabama, California, Colorado, Illinois, Maryland, Massachusetts, Nebraska, Nevada, New Mexico, Oregon, and Rhode Island. It summarizes the contract requirements as well as the types of information covered. The state-by-state chart detailing the laws in each states also shows the states that have no state laws regarding data security provisions or vendor specific provisions: Alaska, Hawaii, Iowa, Maine, Michigan, Missouri, Mississippi, North Dakota, South Carolina, South Dakota, Tennessee, Vermont, Wisconsin, and Wyoming. This highlights just how important it is to not just manage your security but to manage your contracts as well. Let us help you manage your contracts and compliance with State Law. Written by Emily McNeeley, CIPP/US, Attorney, Intuitive Edge Team
3 Comments
 We have written before about contracts being important because they lay out the "rules of the game" if you will. They outline the terms and conditions so each side knows what they are getting and more importantly, what they aren't getting. Independent Contractor agreements are no different in that regard and can save you some pretty nasty problems in the future. 1. Independent Contractor vs. Employee. When engaging someone to do work for you or your business, you have to decide if you want them to be an employee or Independent Contractor. When you have employees there are a lot of rules and regulations surrounding that engagement and you have a lot more responsibility surrounding them and their actions. With an Independent Contractor the rules and regulations are different, but still there. If you lay out their status beforehand in an Employment Agreement, for employees, or Independent Contractor Agreement, for Independent Contractors, then the individual or company will have a clear understanding of their status in regard to you. This can save you from huge headaches in the future. 2. Protect Your Business. An Independent Contractor agreement will also serve to protect your confidential information from being shared, for example your pricing, your know-how, your processes, financial information or your ideas. It will also prevent your contractor from taking advantage of working for your business just to leave you to start a similar business that competes for your customers. 3. Outline of Duties. Being clear up front as to the duties of the Independent Contractor and what they can and cannot do is vital. Having a good social media clause and a description of duties goes a log way to keeping your expectations and their expectations on the same page. Minimizing confusion is a great way to minimize disputes which minimizes litigation. 4. Arbitration. Speaking of minimizing litigation, it is always vital and necessary, from my perspective, to have an arbitration clause in Independent Contractor agreements. This takes you away from a dispute arising and the other party going directly to the courthouse. It gives you time to try to come to an agreement with a knowledgeable and insightful arbitrator without all the crazy litigation rules and fees. Intuitive Edge is your one-stop shop for all business-efficiency and contract-consulting services. We make your business more efficient by assessing gaps in your policies and processes and building relationships with your employees so they stay with your organization. Contact us today for our services, we also have great referrals for arbitrators, financial planners, and corporate training programs. Written by Intuitive Edge Team  The Oxford comma, or serial comma, is the comma placed inside a list of items and can cause the individual who reads the list to be confused. For example, the list of "cars, trucks, and wagons" indicates three separate types of ways of transportation. However, if you leave out the comma and write it "cars, trucks and wagons" some individuals including the United States Court of Appeals for the First Circuit, would say the phrase coming before the three words in the list might take on a different meaning because of the lack of the second comma.
The New York Times does a great summary and explanation of the issue: "In 2014, three truck drivers sued Oakhurst Dairy, seeking more than four years’ worth of overtime pay that they had been denied. Maine law requires workers to be paid 1.5 times their normal rate for each hour worked after 40 hours, but it carves out some exemptions. The debate over commas is often a pretty inconsequential one, but it was anything but for the truck drivers. Note the lack of Oxford comma — also known as the serial comma — in the following state law, which says overtime rules do not apply to: The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of: (1) Agricultural produce; (2) Meat and fish products; and (3) Perishable foods. Does the law intend to exempt the distribution of the three categories that follow, or does it mean to exempt packing for the shipping or distribution of them?" Long story short, the court ruled in favor of the drivers and a settlement was reached with an award of $50,000 each to the five drivers who brought the lawsuit. In addition, "Other drivers will have to file claims to get a share of the funds and will be paid a minimum of $100 or the amount of overtime pay they were owed, based on their work records from May 2008 until August 2012," the Press-Herald reports. Approximately 127 drivers are included in the settlement. Pay attention to your grammar, because there are differences. As a parting example, I will use my favorite example of the Oxford comma. Let's eat grandma. Let's eat, grandma. The first example indicates literally eating your grandma while the second example informs grandma you are ready to eat. Don't be caught between eating dinner and eating your grandma for dinner. Written by Intuitive Edge Team  Click to FTC Small Business Page I love free stuff and cybersecurity so when I heard about this I had to share. The Federal Trade Commission (FTC) has released free cybersecurity resources aimed at small businesses. The content is focused on twelve key areas: cybersecurity basics, understanding the NIST cybersecurity framework, physical security, ransomware, phishing, business email imposters, tech support scams, vendor security, cyber insurance, email authentication, hiring a web host, and securing remote access. These topics were determined based on the FTC’s listening tour last year and the content was created in cooperation with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA). The FTC site also provides a guide for employers about communications with employees, quizzes, publications, and videos. The information also includes three short quizzes that can help businesses identify which areas they should focus on and thereafter provides direction to the relevant resources and information.
This extensive investment of time and resources by the FTC signals the importance the FTC places on cybersecurity related to small businesses. It also shows their commitment to cybersecurity initiatives at all levels. Small businesses should leverage this free information as the FTC will likely not be sympathetic to excuses based on a lack of resources for small businesses. Take advantage of these resources by clicking to the FTC picture to the right and reach out to our team if you need more help! Written by Emily McNeeley, CIPP/US, Attorney, Intuitive Edge Team  Recent news both in the U.S. and UK have highlighted the obvious fact that failure to manage third-party relationships involving regulated data can result in data protection violations. Here are the important questions tech company executives should be asking:
Written by Intuitive Edge Team  As more regulations are created aimed at protecting privacy, the courts will be left to determine what is reasonable. On September 1, 2018, Colorado’s new privacy legislation went into effect. The legislation applies to any organization that maintains, owns or licenses personally identifiable information (PII) of Colorado residents. The law requires written policies governing the disposal of paper and electronic records containing PII, covered persons and entities must take reasonable steps to protect PII, and requires detailed notice to consumers and in certain cases, the Attorney General, of data security breaches. Ohio took a different approach and is the first state to enact business-friendly, incentive-based data protection legislation that rewards companies that reasonably conform to at lease one major recognized cybersecurity framework. The company will be granted a liability shield in the event of litigation for some data breach claims.
Many companies will leverage other companies that conform to the major cybersecurity frameworks - companies like AWS and Azure - AND incorporate governing law provisions such as Ohio in contracts in order to take advantage of the liability shield. It’s important to understand the regulations that apply to your lines of business, and develop AND monitor a data security compliance program so you can take advantage of protections that are offered and reduce your risk by taking reasonable steps to protect data. Written by Emily McNeeley, CIPP/US, Attorney, Intuitive Edge Team  Latest Calligo Periodic Table The speed and breadth of the data privacy movement make it difficult to keep up. To help manage this, Calligo, built a Periodic Table of Data Privacy. It depicts the 118 most critical “elements” of data privacy. These 118 elements are constantly changing and one could argue over which are the most critical. However, what this tool provides is a visual depiction of 118 elements and how they relate to each other and our understanding of privacy data. Calligo released the first version of the table and requested feedback from privacy professionals as to which 118 were the most critical. They have since released the second version and are working on the third version. As new laws are introduced, these elements will continue to evolve as will our understanding of data privacy. Click the image below for the latest periodic table. Have you tackled all 118 elements in your data privacy strategy? Do you agree with the 118 elements? What do you think is missing? Give us your comments below. If you’d like help implementing these 118 elements plus the many more that didn’t make the table, comment below or reach out to us.
Written by Emily McNeeley, CIPP/US, Attorney, Intuitive Edge Team  A few more reasons to write it down and get it signed:
 1. Prevent or Minimize Disagreements and Court It costs a lot less money to resolve a disagreement on our own than going to court. Court appearances and hiring a litigation attorney are costly and take up a lot of valuable time otherwise spent on making profit for your business. Looks like he forgot that they agreed to $400 to fix her car instead of his original offer of $500. A signed written agreement would prove that they agreed to $400. The cost of having a written agreement drafted is easily 10-20% of what you might otherwise pay in the first month of litigation! 2. Set Clear Expectations It is important to set the price, scope of services, deliverables and payment terms (among many other things), depending upon the contract. Here are a few common terms that address concerns many business owners have when establishing business relationships with others: This is how invoicing and payment works between us This is how I would like you to handle my confidential information This is how we protect the business I already established with my customers This is how we will handle it if one of us defaults Written by Intuitive Edge Team  1. What is a Contract? A contract is an oral or written agreement between two or more persons or entities that is enforceable by law. An exchange is made and promised. For example, Seller: “I will fix your car for $500”. Buyer: “I will pay you $400 to fix my car.” Seller: “Okay, I will fix your car for $400, deal.” Enforceable contract formed. 2. Oral vs. Written Contract. A contract may be oral or written. As long as it meets the legal requirements for contract formation, it is legally enforceable. And yes, a napkin agreement could count as a contract, so could email exchanges, verbal conversations and texts. 3. Benefits of a Written Contract. A signed written agreement allows you to override all previous conversations. Getting out of or collecting on an oral agreement could be difficult. Avoid “he said, she said” disagreements. Written by Intuitive Edge Team |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
April 2023
Categories |
RSS Feed
