Breach Liability Check Up

Most businesses have in-house policies and procedures for dealing with their storage, use, and protection of sensitive data.  An ongoing part of doing business includes entrusting sensitive data to others, whether they be subcontractors, vendors, or others.  Data belonging to you, your customers, your users, and even your employees, is sent to payroll specialists, drop shippers, website and database hosts, SaaS providers, etc.  So how do you ensure that all of those who hold, touch, store, or otherwise contact this data, are keeping it as safe as you keep it yourself?

Torchwood Government Contracts offers you a solution in the form of a Breach Liability Check-Up.

Single Scope

A single scope check up focuses on one particular contract, for example, a government prime or subcontract, or a contract to provide services or products to a specific customer. The attorney would examine the data usage including the data classification (personally identifiable information, customer sensitive data, confidential or highly confidential information, personal health data, etc.), and would work with your IT department to determine where that data is normally stored, who has access to it, how the data would be used based on the overarching contract. Torchwood  would then examine agreements between your company and any vendor, subcontractor, or other entity that may have access to that data. Torchwood would then provide you with a report estimating possible exposure and mitigation strategies for legal protection of the data.

Pricing for single scope examinations would be dependent upon the number of entities that have access to the data specified in the overarching contract. One to five entities would be priced at $2000. Six to ten entities would be $3000.00. Eleven or more entities would be $2000.00 for the first ten, plus $150.00 per hour until complete.

This pricing would not include creating contractual vehicles for you to implement the mitigation strategies outlined in the report. The single scope examination is meant to provide you with a roadmap of exposure, after which you may determine a course of action that can be implemented either by the law firm, internally, or through other parties.

Limited Scope

A limited scope check up focuses on two to five overarching contracts that would have a common nexus, such as the same data set, but services or products are provided to different end users or entities.  These types of contracts may include, for example, a single set of customer data used to provide a mailing list service, shipment of product through a drop shipper, providing access to a website that may be hosted by another entity, or other types of products or services you offer  that necessitates use of data that may be shared with others.

Pricing for limited scope check ups would also be dependent upon the number of entities that have access to the data specified in the overarching contracts.  One to five entities are priced at $5000.00.  Six to ten entities, $6000.00.  Eleven or more entities are priced at $3000.00 for the first ten, plus $150.00 per hour until complete.

Full Range

A full range check up would include an analysis of data security obligations imposed by contractual requirements, and how effectively those obligations are flowed through to subcontractors, vendors, or others who may have various levels of access to the data, in order to evaluate protection, exposure, and mitigation strategies.  This type of evaluation would necessitate examination of all current contractual vehicles at a given company, that touch on use of data you may provide to others (whether the data belongs to the you, or to your customers).

Given the number of variables associated with estimation of level of effort involved with a full range evaluation, it is not possible to provide fixed pricing.  Regular hourly rates would apply, beginning at $150.00 per hour for contracts specialist, up to $300.00 per hour for senior contracts attorneys.

Pricing Assumptions

All pricing assumes the following conditions:

1.     You must have a reasonable knowledge of your contracts structure and have on-staff contracts administrators to assist in the check up. If this is not the case, Torchwood can provide these services for you and work up additional pricing estimates at your request.  

2.     You must be located no farther than 20 miles from downtown DC, unless secure online access can be granted to your contracts and IT personnel and materials.

3.     No more than five hours will be spent at a Client site without prior mutual agreement. 

4.     Unless necessary for conformance with outside deadlines, work duties will be performed at times convenient for Torchwood.  Advanced notice is requested for exceptions to this assumption.

5.     Pricing quoted herein does not include actual mitigation of any deficiencies found.  Mitigation strategies will be provided in the report, and implementation assistance can be provided on an hourly basis.