All institututional departments will identify appropriate service providers that are given access to customer information in the normal course of business and will work with the institutional Contract Officer to ensure that they provide adequate safeguards. The service provider that will have access to customer information will complete an evaluation process that includes the ability of the service provider to safeguard customer information. Contracts with service providers shall include the following provisions:
- an explicit acknowledgment that the contract allows the contract partner access to confidential information;
- a specific definition of the confidential information being provided; a stipulation that the confidential information will be held in strict confidence and accessed only for the explicit business purpose of the contract;
- a guarantee from the contract partner that it will ensure compliance with the protective conditions outlined in the contract;
- a guarantee from the contract partner that it will protect the confidential information it accesses according to commercially acceptable standards and no less rigorously than it protects its own customers' confidential information; a provision allowing for the return or destruction of all confidential information received by the contract partner upon completion of the contract; a stipulation allowing the entry of injunctive relief without posting bond in order to prevent or remedy breach of the confidentiality obligations of the contract;
- a stipulation that any violation of the contract's protective conditions amounts to a material breach of contract and entitles the institution to immediately terminate the contract without penalty; a provision allowing auditing of the contract partners' compliance with the contract safeguard requirements; and a provision ensuring that the contract's protective requirements shall survive any termination agreement.
return to top | previous page | next page