Controller To Controller Data Processing Agreement Template for United States

FTC Act: Federal Trade Commission Act, particularly Section 5 governing unfair or deceptive practices and FTC's privacy and data security requirements

HIPAA: Health Insurance Portability and Accountability Act - Federal law governing protected health information and medical data privacy

GLBA: Gramm-Leach-Bliley Act - Federal law governing the collection, disclosure, and protection of consumers' personal financial information

FCRA: Fair Credit Reporting Act - Federal law regulating the collection, dissemination, and use of consumer credit information

COPPA: Children's Online Privacy Protection Act - Federal law imposing requirements on operators of websites or online services directed to children under 13

CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - Comprehensive state privacy laws providing California residents with data privacy rights

VCDPA: Virginia Consumer Data Protection Act - Comprehensive privacy law providing Virginia residents with data protection rights

CPA: Colorado Privacy Act - State law establishing privacy rights for Colorado residents and obligations for data controllers and processors

CTDPA: Connecticut Data Privacy Act - State law providing privacy rights to Connecticut residents and regulating businesses' data handling practices

UCPA: Utah Consumer Privacy Act - State privacy law establishing data protection requirements and consumer rights for Utah residents

GDPR Considerations: General Data Protection Regulation implications if EU resident data is involved, including data transfer mechanisms and Standard Contractual Clauses

Data Transfer Mechanisms: Legal frameworks and requirements for transferring personal data between controllers, especially across jurisdictions

Security Measures: Technical and organizational measures required to ensure appropriate security of personal data processing

Breach Notification: Requirements and timelines for notifying relevant parties in case of data breaches or security incidents

Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with various privacy rights across jurisdictions

Liability and Indemnification: Allocation of responsibilities and obligations between controllers regarding data protection compliance and potential breaches

Audit Rights: Provisions for conducting audits and assessments to ensure compliance with data protection obligations

Confidentiality Obligations: Requirements for maintaining confidentiality of processed personal data and related security measures