Consider writing up a Data User Agreement and Data Processing Agreement for all of our users to sign to ensure we are following data protection laws

[praeducer]

Need to make sure our system, its developers, and its users meet the requirements of data privacy frameworks, cybersecurity frameworks, and data protection laws as described in https://github.com/trendscenter/coinstac/issues/1699.

[praeducer]

Similar to: https://ora.stanford.edu/resources/data-use-agreements

[hjbockholt]

Definitely get gsu legal involved in this I’m certain they will want their own legalese and compliance statements in this

On Thu, Mar 9, 2023 at 16:22 Paul Prae @.***> wrote:

Similar to: https://ora.stanford.edu/resources/data-use-agreements

— Reply to this email directly, view it on GitHub https://github.com/trendscenter/coinstac/issues/1700#issuecomment-1462841916, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAY564WPTSTVIFUZ4MSPHALW3JCYHANCNFSM6AAAAAAVVUJZWU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[praeducer]

Agreed. We should also look into being GDPR compliant:

A data processing agreement (DPA) is a contract between a business (a data controller) and a service provider (a data processor), meant to ensure compliance with the GDPR. It stipulates the nature, purpose, and duration of data processing activities related to the main agreement between both sides.

https://gdpr.eu/what-is-data-processing-agreement/

[adsarwate]

Hi -- I think we need to be careful about what we can and cannot claim and what we do and do not provide. For example, are we a data holder?