Subprocessor Agreement Template for United States

GLBA: Gramm-Leach-Bliley Act - Federal legislation governing the protection of financial data and privacy obligations for financial institutions

HIPAA: Health Insurance Portability and Accountability Act - Federal legislation governing the protection of medical and healthcare data

FTC Act: Federal Trade Commission Act - Federal legislation providing general consumer protection requirements and enforcement authority

COPPA: Children's Online Privacy Protection Act - Federal legislation governing the collection and processing of children's personal data

CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - State legislation providing comprehensive privacy rights to California residents

VCDPA: Virginia Consumer Data Protection Act - State legislation establishing privacy rights for Virginia residents

CPA: Colorado Privacy Act - State legislation providing privacy protections for Colorado residents

CTDPA: Connecticut Data Privacy Act - State legislation establishing privacy rights for Connecticut residents

UCPA: Utah Consumer Privacy Act - State legislation providing privacy protections for Utah residents

GDPR Compliance: General Data Protection Regulation considerations when EU data subjects are involved in data processing activities

SCCs: Standard Contractual Clauses - Legal mechanism for international data transfers, particularly relevant for EU data

Data Processing Obligations: Contractual requirements defining the scope, purpose, and limitations of data processing activities

Security Measures: Technical and organizational measures required to ensure appropriate data protection and security

Confidentiality Requirements: Obligations regarding data confidentiality and personnel access restrictions

Audit Rights: Provisions allowing for auditing and inspection of data processing activities and compliance

Breach Notification: Requirements and timeframes for reporting data breaches and security incidents

Liability and Indemnification: allocation of responsibility and risk between parties for data processing activities

Sub-subprocessor Requirements: Conditions and obligations for engaging additional downstream data processors

Data Subject Rights: Procedures for handling data subject requests and ensuring compliance with privacy rights

Data Retention and Deletion: Requirements for maintaining and destroying data in accordance with legal obligations and contractual terms