DSM Avocats à la Cour organized a webinar on Tuesday, 2 June 2020, on the topic of “IT Partners: IT security is also ensured through your contracts—how can you protect yourself if your customers fall victim to a cyber-attack?”

During the webinar, Renaud LE SQUEREN, Partner and Attorney-at-Law (Avocat à la Cour), and Héloïse CUCHE, Lawyer (Avocat), discussed the new responsibilities of IT service providers and the manner in which they can use their general terms and conditions to protect themselves in a context in which the risk of a cyber-attack increases as economic actors use new technologies.

First step for IT service providers: understand the scope of their obligations and precisely establish their missions and the conditions under which they will be carried out. In so doing, the regulatory aspects should not be neglected, particularly the provisions applicable to personal data protection.

Second step: 

  • Determine the clauses allowing the limitation of their exposure to liability, such as an informatoin compliance clause (clause de conformité de l’information), a client compliance clause or collaboration clause (deliverables, supervisory committees, reports,…) for example;
  • Establish the financial repercussions of a change in the situation or failure to complete the project (hardship, guarantee limitation or exoneration clauses;  penalty clause, or clause on indemnification in case of early termination of the project, for example);
  • Set forth in the text itself of their general terms and conditions the issues related to personal data protection to avoid having one of their customer’s loopholes make them risk sanction because they are incapable of showing that the required documents have been signed and put into place and to allow them to have a strong negotiating position in the drafting of those documents.

Do you want to know more? Consult the conference replay and slides.

Webinar summary:

  • Presentation: 00:00
  • Summary: 1:33
  • Introduction : 3:30
  • Hacking cases (Cactus, Cooperl, EasyJet): 4:06
  • Data Breach cases (Marriott, Hertz, IBM): 7:55
  • Sanctions against IT service providers: 11:03
  • Contractual aspects: 11:50
  • Personal data protection clause: 26:10
  • Conclusion: 33:15
  • Question: What about cloud service providers such as Amazon, Microsoft, Zoom, that the client uses when operated by such a service provider, in case of a problem, when it is liable if it is the recommended service provider?: 36:10