Information technology (“IT”) and IT management is built into every modern business transaction. Beyond managing regulations and potential liability, numerous companies outsource their IT functions to third parties, creating significant information security (“InfoSec”), privacy and legal difficulties, including loss of control and challenges with enforcement. Risk and compliance obligations do not merely disappear when using a third-party service provider – the company that outsources needs to consider what any IT management and InfoSec contract will contain. This white paper will cover breaches and remedies that companies and service providers have to consider in any IT service agreement.

Failure to meet InfoSec obligations contained in a contract typically triggers material breach clauses. These material breach provisions typically give the non-breaching party the right to terminate the agreement (often immediately), compel specific performance, and/or collect damages. Breaches do not automatically excuse future performance unless they are material. The material breach section of a contract may address fundamental data safeguards such as password protecting files, encrypting databases or securing transmissions.