Office of Data and Innovation Innovation Hub
Custom Google Search
Custom Google Search
CA.gov / Innovation Hub / Data minimization toolkit / Reviewing vendor contracts
Guides and playbooks

Reviewing vendor contracts

Understand what your contracts with outside vendors say about data sharing. Make sure they support your department’s privacy and security expectations. You may want to proactively ask your vendors to forward any federal data requests to your department.

Before partnering with new vendors, review their data privacy and security practices. In new vendor contracts and MOUs include language that:

  • Prohibits unauthorized data sharing by vendors
  • Requires vendors to follow data minimization principles
  • Grants your department the right to refuse external data requests when allowed by law and aligned with department policy

A key resource for enforcing the vendor contract protections described above is the Department of General Services standard contract language for confidentiality and data safeguards. You can work with your department’s legal team to customize the provisions. This will make the specific risks, business needs, and negotiating power clear in your department's agreement.

External data sharing
Best practices and relevant laws and regulations
Office of Data and Innovation
Contact us