This blog post is based on an article written and published April 30, 2020 by Venable, LLP, a law firm with a large nonprofit practice.
The coronavirus pandemic has driven many business operations – including those of nonprofit and volunteer-oriented organizations – to online environments. This sudden shift has created a range of issues for nonprofits, including risks centered on contract management, data security, procurement, and regulatory compliance. In this guide, we will explore technology transactions in the nonprofit sector and highlight the need for comprehensive risk management programs to ease burdens on organizations of all types.
Information Technology (IT) Contract Procurement
Nonprofits have come to rely on computer-based systems to manage operations, and in the wake of COVID-19, these systems are gaining increased adoption. Technology solutions like payroll management platforms, donor/member management, networking, and data analytics software are integral parts of modern nonprofit work environments. These systems are not without their risks, however, especially as they relate to contracts. Unfortunately, contracts for IT procurements are often vendor-biased and may not provide sufficient protections in data security and service commitments for end users. To reduce the risks associated with vendor contracts, nonprofits must take the steps needed to protect their interests. This can including evaluating vendors’ technical aspects, reviewing contracts and order forms, initiating risk assessments, and ensuring regulatory compliance of the IT solutions being procured.
Technology Transactions Development
In many cases, nonprofits will contract with developers to create unique mobile phone applications or network-based service platforms used in facilitating technology transactions. Developed apps – and the contracts between nonprofits and developers, require careful consideration. End-users must ensure that contracts cover provisions that apps meet stringent licensing requirements of the Google Play Store and Apple’s App Store. Furthermore, end users must secure the right to test and evaluate software during and after development. Finally, nonprofits must be sure that contracts include provisions for ongoing support and ownership access to technical documents or app source codes if applicable.
Licensing in Technology Transactions
Licensing of computer-based systems is a perennial challenge for any organization. Licenses may be required by law and may cover aspects such as what technology is being licensed, what that technology can be used for, and what limitations are present regarding the continued use or access to that technology. Licensing may also be needed to cover any technology updates or new versions of a given vendor’s product. Licensing agreements, then, must cover these areas and also include provisions for ongoing support and maintenance to protect the interests of the nonprofit end user. Negotiating a solid licensing arrangement is critical for technology transactions conducted by nonprofits, as failure to secure the necessary licensing can result in significant financial and reputational risk exposures.
Data Security in Technology Transactions
Data security has become an ever-increasing concern for every organization, including nonprofits. Highly-publicized breaches of sensitive corporate or financial data have made the need for robust data security standards all too apparent. While cyber liability insurance policies are available for nonprofits, the risk management associated with data security must take place before contracts are signed. Contracts must include factors like:
- Establishing standards for data security during and after technology transactions.
- Specifying where and how sensitive data is stored.
- Ensuring compliance with data security regulations.
- Indemnification clauses specific to cyber criminality/IT security breaches.
- Monetary limits or caps on data loss liabilities or claims by third parties.
A data breach can reveal information about a nonprofit’s financials and operations. Such a breach can also cause unlawful access to personally-identifying information of employees, volunteers, and management. Cybercriminals cost organizations millions of dollars each year in forensic services, reputation management, and liability claims. With the right data security provisions in vendor contracts, these risks are minimized.
If you have enjoyed this content and find it useful, we invite you to become a VIS member. For $25 a year, members have 24/7 access to over 70 resources on insurance, injury prevention, vehicle safety, event safety, human resources, volunteer management and other topics to help the volunteer-based organization manage its foreseeable risks. New content is added each month. Join now. Questions? Email us at firstname.lastname@example.org or call us at 800.222.8920.
Volunteers Insurance Service Association, Inc. (VIS) was established in 1972 for the purpose of providing insurance and risk management services for volunteer-based organizations. In addition to still providing these insurance services today on a nationwide scale, we have expanded to provide noninsurance resources for members to manage their risks and improve their operations. By transferring the volunteer risk exposure to our program, we can help you protect your organization. Contact us today at (800) 222-8920 for more information on our programs and services. Join now!