Joint Control Addendum Template for the United States

Generate a bespoke document

Trusted by 200k+ teams

4.7 Capterra
4.8 Product Hunt
4.6 Trustpilot

What is a Joint Control Addendum?

The Joint Control Addendum is essential when two or more parties need to formalize their shared control over specific assets, operations, or data processing activities. This document is particularly relevant in the United States where complex regulatory requirements, including federal and state privacy laws, necessitate clear documentation of joint control arrangements. The addendum typically includes detailed provisions on decision-making processes, responsibility allocation, compliance requirements, and risk management procedures. It serves as a critical supplement to primary agreements, ensuring all parties understand their roles and obligations in the joint control relationship.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

United States

Publisher

GenieAI

Sector

Business

Cost

Free to use

Last updated

About the Joint Control Addendum

A Joint Control Addendum is a specialized legal document that formalizes shared control arrangements between multiple parties over data processing activities, operations, or assets. In the United States, this document is essential for ensuring compliance with federal and state privacy laws while clearly defining each party's roles and responsibilities in joint control relationships.

When do you need this document?

You need a Joint Control Addendum when your organization shares control over data processing activities with other entities. This commonly occurs in business partnerships where companies jointly collect and process customer data, healthcare collaborations involving patient information sharing, financial services partnerships handling sensitive financial data, or technology integrations where multiple platforms process user information. The document is also crucial when implementing shared marketing campaigns that involve customer data, establishing joint research projects with data collection components, or creating multi-party service arrangements where data flows between organizations. Without this addendum, you risk regulatory violations, unclear liability allocation, and potential disputes over data handling responsibilities.

Key legal considerations

The addendum must clearly define the scope of joint control, specifying exactly which data processing activities fall under shared control versus individual control. Decision-making procedures are critical, establishing how joint decisions will be made regarding data processing purposes, methods, and security measures. Responsibility allocation clauses must detail each party's specific obligations for data protection, breach notification, individual rights responses, and regulatory compliance. The document should include comprehensive liability and indemnification provisions to protect parties from actions or omissions by their joint control partners. Risk management procedures, including regular compliance audits and breach response protocols, must be clearly outlined. Additionally, the addendum should address data transfer restrictions, retention policies, and procedures for handling data subject requests across multiple organizations.

Legal requirements in United States

Under United States law, joint control arrangements must comply with multiple federal and state regulations depending on the type of data involved. The Gramm-Leach-Bliley Act (GLBA) governs joint control of financial information, requiring specific safeguarding and disclosure provisions. HIPAA applies when healthcare data is jointly controlled, mandating business associate agreements and stringent privacy protections. The Children's Online Privacy Protection Act (COPPA) imposes additional requirements when children's data is involved in joint control scenarios. State privacy laws like the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA) create specific obligations for businesses jointly controlling residents' personal information. The addendum must include appropriate legal bases for data processing, ensure adequate data protection measures meet regulatory standards, and establish clear procedures for regulatory reporting and cooperation. Failure to properly structure joint control arrangements can result in significant penalties, regulatory investigations, and civil liability under these various legal frameworks.

GOVERNING LAW

Applicable law

This Joint Control Addendum is drafted to comply with United States law. Key legislation includes:

GLBA: Gramm-Leach-Bliley Act - Federal legislation that governs the collection, use, and protection of financial data and applies when financial information is involved in joint control arrangements

HIPAA: Health Insurance Portability and Accountability Act - Federal regulation governing healthcare data protection and sharing between joint controllers in healthcare contexts

COPPA: Children's Online Privacy Protection Act - Federal law that imposes specific requirements when collecting and processing children's data under joint control scenarios

CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act - State-specific privacy laws that define obligations for businesses jointly controlling California residents' personal information

VCDPA: Virginia Consumer Data Protection Act - State privacy law establishing requirements for joint controllers processing Virginia residents' personal data

CPA: Colorado Privacy Act - State legislation defining obligations and responsibilities for joint controllers handling Colorado residents' personal information

UCC: Uniform Commercial Code - Standardized business laws affecting commercial transactions and contracts, including joint control arrangements

Antitrust Laws: Federal regulations governing business competition and preventing monopolistic practices in joint control situations

State Corporation Laws: State-specific regulations governing corporate formation, operations, and joint ventures within specific jurisdictions

Insurance Requirements: State-specific insurance laws and regulations affecting liability coverage and risk management in joint control arrangements

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it