Data Processing Agreements (DPAs) that Embrace Reality
In this episode, Arohi Kashyap tears down the Salesforce Data Processing Addendum (DPA).
Companies that deal with private data every day may not see managing data as mission-critical. However, as Kashyap points out, corporate counsel needs to understand and manage data risks.
Kashyap uses Salesforce's agreement to illustrate a few important principles:
•Roles must defined, particularly as they shift during an engagement,
•Liability should be clear in the event of a plausible data breach, and
•Counsel must understand that not-urgent is not the same as not-important when it comes to data risks.
Review the contract here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf