In this episode, Arohi Kashyap tears down the Salesforce Data Processing Addendum (DPA). Companies that deal with private data every day may not see managing data as mission-critical. However, as Kashyap points out, corporate counsel needs to understand and manage data risks. Kashyap uses Salesforce's agreement to illustrate a few important principles: •Roles must defined, particularly as they shift during an engagement, •Liability should be clear in the event of a plausible data breach, and •Counsel must understand that not-urgent is not the same as not-important when it comes to data risks. Review the contract here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf