The Impact of Remote Workforce on Contractual Obligations

Kevin Pomfret
Williams Mullen
Contact
LinkedIn
Facebook
X
Send
Embed

Williams Mullen

As a significant number of employees are working remotely due to COVID-19, maintaining adequate cybersecurity measures has been a priority for many businesses. Such concerns are certainly justified, and every effort should be made to maintain the integrity and security of a company’s network and systems from a technical standpoint. 

However, it is also important to confirm that such remote operations do not violate the terms of any contracts, licenses or other agreements that a company has entered into with respect to data (personal or otherwise) it collects, uses or stores. This is particularly relevant for agreements that have been entered into in the last two to three years, as there has been a significant increase in contractual obligations being imposed on companies with respect to data.

For example, some agreements specifically provide that data must reside on a company server and/or in a specific location. Given the current environment, there may be a business or technical reason to want to store that data somewhere else.

Similarly, contracts – such as Data Processing Addendums – may provide that data will only be shared with certain designated third parties. Again, business or technical imperatives may require that the data be accessed or shared more broadly; for example, with companies that provide remote office or videoconferencing capabilities.

In addition, for both operational and redundancy purposes, organizations may need to expand the scope of employees that have access to third party data. If that decision is made, it is important to make sure that such employees have been properly trained as required under applicable agreements.

Being mindful of a company’s contractual obligations with respect to data includes cybersecurity. For example, even if a data breach typically does not require notification under state data breach laws, it may trigger a contractual obligation or cause a breach of contract in this current environment.

A company might have several alternatives if it finds that it has contractual obligations with respect to the data that are difficult to comply with due to supporting a remote workforce. In some cases, it may simply need to notify the third party of the new operating environment; in others, it may need the third party’s consent. If obtaining such consent is not possible or is likely to result in an unwanted renegotiation of the agreement, counsel may need to work with others in the company to devise operational or technical workarounds.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Williams Mullen | Attorney Advertising

Written by:

Williams Mullen
Williams Mullen
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Williams Mullen on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide