Rob Scott, Chief Innovator of Monjur and IT Attorney
Author(s): Scott Douglas Jacobsen
Publication (Outlet/Website): The Good Men Project
Publication Date (yyyy/mm/dd): 2025/01/17
Robert Scott is a thought leader in managed services and cloud law serving as the Chief Innovator for his latest venture, Monjur, with a mission to redefine legal services. Robert has been recognized as the Technology Lawyer of the Year by Finance Monthly and carries an AV Rating as Preeminent from Martindale Hubbell. He represents major corporations in strategic IT matters including cloud-based transactions, managed services contracts, data privacy, and cybersecurity risk management. Robert is licensed to practice law in Texas and holds memberships in several professional associations, including the Dallas Bar Association and the Managed Service Providers Alliance Board. He regularly shares his insights on the MSP Zone podcast and is a frequent presenter in the industry. He discusses how organizations across industries are increasingly adopting data processing agreements (DPAs) in response to data protection regulations like GDPR, HIPAA, GLBA, and state-specific laws (CCPA/CPRA, CPA, CTDPA, SHIELD Act, CDPA). Well-drafted DPAs clarify roles, reduce breaches, strengthen defenses, and demonstrate compliance to regulators. However, hidden risks include imprecise or conflicting terms and risk-shifting provisions that belong in broader contracts. Proactive management, such as Monjur’s subscription-based DPA update service, is essential to staying aligned with emerging regulations. Cybersecurity risk management is a critical component, requiring clear breach response protocols and security obligations. Effective DPAs bolster market credibility by safeguarding trust and operations.
Scott Douglas Jacobsen: What factors drive the recent increase in data processing agreements across industries?
Rob Scott: The rise in data processing agreements is largely tied to the growing number of regulations around data protection and privacy. Laws like GDPR in Europe, HIPAA and GLBA in the U.S., and CMMC for government contractors have pushed organizations to take a closer look at how they handle data. In the U.S., we’re also seeing state-specific laws such as California’s CCPA/CPRA, Colorado’s CPA, Connecticut’s CTDPA, New York’s SHIELD Act, and Virginia’s CDPA driving the need for clear agreements. These frameworks are designed to protect data and create accountability, and businesses are increasingly recognizing the need to formalize their practices to meet these standards.
Jacobsen: How does the increase in data processing agreements safeguard organizations?
Scott: Well-drafted DPAs clarify roles and responsibilities, ensuring that everyone involved understands how data should be handled. This reduces the risk of mismanagement or breaches and gives businesses a strong defense if something goes wrong. They also demonstrate to regulators that companies are taking privacy and security seriously, which is a critical component of compliance.
Jacobsen: Are there any hidden risks from this?
Scott: Absolutely. One issue I often see is that end-user-provided DPAs include risk-balancing provisions that really belong in the Master Services Agreement or other primary documents. This can create conflicts and unnecessary liability. Additionally, businesses sometimes sign agreements without fully understanding the implications of vague or overly broad terms, which can expose them to compliance risks or enforcement actions. It’s all about aligning the DPA with the broader contractual framework to avoid surprises down the road.
Jacobsen: How can companies navigate the complex legal landscape of data compliance?
Scott: It starts with a strategy. Companies need to prioritize understanding their obligations under various laws and regulations and then align their internal policies accordingly. Partnering with experts who can demystify the complexities is crucial. It’s also important to build flexibility into your approach, as the legal landscape is constantly evolving.
Jacobsen: What are common legal loopholes in data processing agreements?
Scott: One common problem is failing to clearly define roles—like data controllers versus data processors—which can cause disputes over responsibility. Another is overlooking indemnity clauses or jurisdiction-specific requirements, leaving businesses exposed to risks they didn’t anticipate. These gaps can lead to significant liability if not addressed properly.
Jacobsen: How has Monjur redefined legal services in the context of IT?
Scott: Monjur has taken a proactive approach to legal compliance with services like our DPA update offering. For a small monthly fee, we manage our clients’ data processing agreements as a service. This means that as new laws are enacted or existing ones are updated, we dynamically revise their DPAs to ensure they remain compliant. It’s a hands-off, worry-free solution tailored for small businesses in IT and software, helping them stay ahead of regulatory changes without disrupting their operations.
Jacobsen: What role does cybersecurity risk management play in negotiation?
Scott: It’s critical. Cybersecurity risk management has moved from being a background concern to a primary focus in every negotiation. A strong agreement will address breach notifications, security requirements, and even audit rights. These terms ensure that all parties are actively working to minimize vulnerabilities.
Jacobsen: How do data processing agreements, done right and done wrong, impact a company’s operations or reputation?
Scott: When done right, DPAs build trust and protect operations. They show clients and regulators that you’re serious about compliance. On the flip side, poorly constructed DPAs can lead to compliance failures, breaches, and reputational damage that’s hard to recover from. It’s not just about avoiding penalties—it’s about maintaining credibility in the market.
Jacobsen: What are the current trends for managed services and cloud law that companies should be aware of?
Scott: Two big trends are shaping the landscape right now. First, shared responsibility models in cloud agreements are becoming the norm, which requires companies to clearly define their obligations. Second, AI governance is quickly becoming a key focus. As businesses rely more on AI tools, they need to understand how these technologies fit into existing compliance frameworks.
Jacobsen: Is there a way to balance the benefits of cloud-based transactions with privacy and security risks?
Scott: Yes, but it requires intentionality. Companies need to be transparent in their agreements, invest in robust security measures, and stay proactive about compliance. The balance comes from viewing privacy and security as integral to the business, not as barriers to growth.
Jacobsen: Thank you for the opportunity and your time, Rob.
Last updated May 3, 2025. These terms govern all In Sight Publishing content—past, present, and future—and supersede any prior notices. In Sight Publishing by Scott Douglas Jacobsen is licensed under a Creative Commons BY‑NC‑ND 4.0; © In Sight Publishing by Scott Douglas Jacobsen 2012–Present. All trademarks, performances, databases & branding are owned by their rights holders; no use without permission. Unauthorized copying, modification, framing or public communication is prohibited. External links are not endorsed. Cookies & tracking require consent, and data processing complies with PIPEDA & GDPR; no data from children < 13 (COPPA). Content meets WCAG 2.1 AA under the Accessible Canada Act & is preserved in open archival formats with backups. Excerpts & links require full credit & hyperlink; limited quoting under fair-dealing & fair-use. All content is informational; no liability for errors or omissions: Feedback welcome, and verified errors corrected promptly. For permissions or DMCA notices, email: scott.jacobsen2025@gmail.com. Site use is governed by BC laws; content is “as‑is,” liability limited, users indemnify us; moral, performers’ & database sui generis rights reserved.
In-Sight Publishing 