Data Processing Agreements: Understanding the Pain Points, Negotiating Key Terms, Ensuring Regulatory Compliance
Breaking Down What a DPA Is, How it Works, and Why All Businesses Need Them
Recording of a 90-minute CLE video webinar with Q&A
This CLE webinar will guide corporate and technology counsel in negotiating data processing agreements (DPAs). DPAs are an essential but often overlooked part of data security for businesses. The panel will break down the pain points when negotiating DPAs and provide compromise tips to help ensure a path to execution.
Outline
- Purpose of a DPA
- When is DPA required
- Compliance with regulatory requirements
- CCPA
- Other U.S. states that have laws governing DPAs
- Penalties for noncompliance
- Negotiating key terms of a DPA
- Limitation of liability
- Use of subprocessors
- Security measures
- Responding to data breaches
- Audit rights
Benefits
The panel will review these and other relevant issues:
- Which data protection laws require DPAs?
- What are the required terms of a DPA?
- What are the privacy and security considerations for DPAs?
- What are the key considerations and what to watch out for when signing a DPA?
- Do processors have to sign a DPA with their subprocessors?
- What are the top pain points when negotiating DPAs, and what are some key compromise tips?
- What are the penalties for noncompliance with the DPA requirements of the CCPA, and other states' privacy laws?
Faculty
Leighton B.R. Allen
Associate
Foley & Lardner
Mr. Allen negotiates favorable commercial contracts for organizations in the areas of software as a service (SaaS)... | Read More
Mr. Allen negotiates favorable commercial contracts for organizations in the areas of software as a service (SaaS) licensing, software licensing, IP sales and acquisitions, and data transfer and data processing. He has also advised clients on developing proper data handling and processing practices to comply with the latest developments in U.S. state data privacy laws. Mr. Allen is a member of the firm’s Technology Transactions, Cybersecurity, and Privacy Practice. Prior to joining Foley, he was a cybersecurity and data privacy associate at a Chicago law firm where he counseled small and large entities, including merchants, health systems, hospitals, accounting and consulting firms, and educational institutions on identifying, evaluating, and managing first- and third-party data privacy and security risks. Mr. Allen also assisted in the analysis of compliance responsibilities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), and related state, federal, and international cybersecurity laws and regulations.
CloseSusan L. Ross
Senior Counsel
Norton Rose Fulbright US
Ms. Ross’ practice focused on technology and U.S. privacy matters. Her extensive experience with technology and... | Read More
Ms. Ross’ practice focused on technology and U.S. privacy matters. Her extensive experience with technology and technology contracts includes negotiating, drafting, and interpreting over 10,000 computer hardware and software, SaaS, consulting, outsourcing, Internet, electronic signatures, web hosting, application service providers and non-disclosure agreements, many of which were for a federal government contractor. Ms. Ross also handles U.S. privacy matters, including security breach laws, as well as assisting clients with their questions and compliance efforts relating to Red Flag Rule, Health Insurance Portability and Accountability Act Privacy and Security Rules, Gramm-Leach-Bliley, Telephone Consumer Protection Act, CAN-SPAM, California Consumer Privacy Act, and Fair and Accurate Credit Transactions Act. Sue has assisted clients with privacy and information security questions relating to the Payment Card Industry standards, provided counseling on a wide variety of matters that raised privacy issues, and created privacy policies (including Binding Corporate Rules) for corporations, as well as for websites. Ms. Ross is part of the firm's FinTech team, frequently speaking and writing on cryptocurrency, blockchain, and smart contract issues.
Close