Implementing new technologies at your business comes with a range of benefits, but there is legal and compliance risk that comes with them too. Here is an overview of some of the legal risks your company may face when engaging a third-party technology supplier – and what you can do to manage that risk:
Data and Privacy Risk & Apportion of Liability
2021 has been a record year for data breaches, with the number of publicly-reported data compromises in the first nine months of the year exceeding the total number reported in 2020 (get the stats here). The average cost of a data breach is also increasing, according to IBM. In 2021, the average cost of a data breach in the US hit $9.05 million per breach – significantly higher than the global average of $4.24 million.
Service Provider Diligence
Since your company may suffer legal exposure if the data you provide to a third-party technology vendor is subject to a data breach, it is worthwhile assessing and managing your risk when you implement new technologies. You should work with an experienced attorney to do this.
As a result of the increasing risk posed by data privacy and cyber security incidents, we’re seeing a trend that focuses on creating separate cyber liability provisions in supplier contracts with third-party providers. You might consider whether this is appropriate for your relationship with any tech provider – depending on your insurance and the unique circumstances of your business relationship.
If you are a service provider, you may consider how to respond to the data security questionnaires and evidence your compliance with these data governance and cyber liability provisions.
Risk Stemming From Disruption of Services
Your business is likely implementing technology to improve your services, customer experience, or operations or to reduce costs. Inconsistent or disrupted services from your tech provider can impact your reputation, productivity, staff morale and satisfaction, and your operations. In many cases, it also has the potential to expose your business to legal liability.
Legal risk when introducing AI in the workplace
The introduction of AI into the workplace comes with a host of legal considerations, and it should be done thoughtfully, following a consultation with your legal counsel.
The potential risks include:
- Discrimination.
- Unlawful surveillance.
- Privacy risk.
We wrote a more detailed article on this topic, which you can read here: https://cgl-llp.com/insights/legal-issues-with-ai-in-the-workplace/
Relying on technology doesn’t signal the end of corporate responsibility
Finally, it is worthwhile bearing in mind that implementing tech doesn’t reduce your responsibility for outcomes. Implementing payroll software – or even outsourcing your payroll to a tech-drive third party payroll company – does not reduce your liability for employees being underpaid. You can apply the same thinking to all your corporate compliance requirements.
We’ve written previously on the action steps to reduce the risk posed by third-party providers. You can read it here.
In addition to these tips, you should also have adequate insurance in place, alongside strong risk management processes and regular risk and compliance audits, to manage corporate risk. If you need assistance managing your legal risk when implementing new technologies, reach out. We’re here to help!
Disclaimer
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.