Nobody wants to be left holding all of the legal jeopardy when a data breach exposes the personal information of thousands of consumers. But where companies used to be able to forge deals with data processing and storage providers that foisted the majority of the liability for a breach into the arms of the vendor, an increasingly complex web of global privacy laws and the advent of remote working may be tipping the balance of power.

Brian Hengesbaugh, chair of the global data privacy and security business unit at Baker McKenzie, noted that vendors are approaching contracting much more thoughtfully in terms of limiting their liability. “It used to be back in the day that [vendors] would have unlimited liability for any kind of breach of confidentiality, right? And vendors have been much focused on that as a reason and particularly focusing on caps around data security breach,” he said.