Comment by mcherm
4 months ago
There are ways to work around that problem.
For instance, just making it a rule that they are not allowed to lie to you about how things are being used -- we know that won't work because if they're willing to lie they are also willing to ignore contract violations.
Instead, put in a rule that says misuse of the system costs $X for each documented case. Now the vendor has a financial incentive to detect misuse, and the purchasers have a FINANCIAL incentive to curb misuse by their own employees.
It's not a magic fix, but it's the sort of thing that might help.
Those are the same thing. Either way you need to go to court. Putting a number in doesn't magically make the contract more binding.
Better: require them to purchase misuse violation insurance.
Make a neutral third party liable for the cost and then that third party which is mostly disinterested gets to calculate risk and compliance procedures.
The only way we're really going to get data handling under control is to give the victims of data abuse financial beneficiaries of liability through the courts and insurance companies.
Better yet: make willful violation of constitutional rights a crime, with repeat violations punishable by prison, and an independent body empowered to investigate and bring charges against officers.
... a neutral third party where the some of the board of directors have a seat at the camera company, or city concil seat?
This all ends in corporate feudalism, doesn't it?