We are in the process of reviewing the "lack of" process we have for contract review including the GLBA requirements. We don't have inhouse legal so everyone fends for themselves. Needless to say, it can get messy.

Does anyone have a contract checklist that they have put together that you would be willing to share?

Thanks in advance for your assistance.

Michelle - most third party vendor contracts now have built in privacy clauses, but for those who don't, or for those whose language may be a bit ambivalent and unclear, as Privacy Officer for my bank, I ask them to sign a very short addendum. Although I certainly can't claim it's foolproof, or that it will meet the tough standards of california State Law, I am happy to e-mail or fax you a copy. It is only a half page in length.

Remember to make sure that Information Security is addressed and not just Privacy. Two concepts that go together but are not the same.

Technically, if the 3rd party vendor receives the information under the section 14 or 15 exceptions, Privacy is not an issue that needs to be addressed. I think many banks throw that in anyways, but the main concern is the Information Security.

For technology contracts, Thrift Bulletin 46 is very helpful. TB46 is accessible via the OTS website.

Bonnie - You are so right. I reviewed a new agreement today and, once again, it covered privacy and confidentiality well, but did not address security at all. Even this far down the road, we still have to be vigilent in reviewing our contracts.