Contract Red Flags
Here are some common contract red flags:
- “Reasonable” and use of vague terms; overall lack of transparency on data privacy and security
- Lack of definitions for terms (such as “data”)
- Indemnity/liability clauses that leave the vendor blameless when something goes wrong on their end
- Lack of information regarding what happens to data after termination of the contract
- Lack of information about responses to law enforcement or government data requests
- Vendor claims ownership over library user data
- Vendor reserves the right to resell or disclose user data to other third parties for marketing or other non-essential business purposes
- Vendor reserves the right to monitor users on services or products (including use of web analytics products or other tracking software or methods)
- Using “Aggregated,” “Anonymized,” or “De-identified” without defining these methods
- Providing a URL to the privacy policy on the vendor website. The policy on the website can change at any time without renegotiation of the signed contract
Exercise | scavenger hunt
If you have access to a vendor contract, read through the contract and compare it with the list of red flags.
- What vendor contract(s) did you look at?
- What red flags did you find?
- What other red flags not listed did you discover?
- What else did you find that you didn’t understand?
- Take these red flags to your vendor or library worker that handles vendor contracts. Express your concerns and ask for clarification.