The document discusses how IT agreements can lead to data security breaches and provides recommendations to address this issue. It finds that third-party IT providers and their subcontractors are common causes of breaches due to security deficiencies. To prevent breaches, the document recommends conducting reviews of existing IT contract provisions, including security standards, auditing practices against contracts, and renegotiating contracts to include up-to-date data security requirements. It also provides a checklist of security-focused provisions that should be included in new contracts, such as requirements for encryption, audits, and cooperation on improving security practices.