Engagement Letter for Attestation Services between PricewaterhouseCoopers LLP and E-LOAN, Inc.

Contract Categories: Business Operations Services Agreements
Summary

PricewaterhouseCoopers LLP (PwC) agrees to examine E-LOAN, Inc.'s management assertion regarding the effectiveness of its information privacy practices on its website for the period from November 1, 2000, to April 30, 2001. PwC will issue a report based on this examination, which will be valid for 180 days. E-LOAN is responsible for providing necessary information and removing the report from the internet after the validity period. The agreement limits PwC's liability and requires E-LOAN to indemnify PwC except in cases of willful misconduct or fraud.

Read More Arrow
EX-10.8 9 c20960_ex10-8.txt PRICEWATERHOUSECOOPERS LLP Exhibit 10.8 [GRAPHIC] PricewaterhouseCoopers LLP 333 Market Street San Francisco CA 94105-2119 Telephone ###-###-#### Facsimile ###-###-#### February 12, 2001 Matthew Roberts Chief Financial Officer E-LOAN, Inc. 5875 Arnold Road Dublin, CA 94568 Dear Mr. Roberts: The purpose of this letter is to confirm our understanding of the terms of our engagement to provide services to E-LOAN, Inc. (the "Company"). SERVICES AND RELATED REPORT We will examine Management's Assertion stating that the Company's management maintained effective internal over the Company's information privacy practices at the E-LOAN.com US web site, www.eloan.com, to achieve the objectives set forth in the Assessment Criteria (see Exhibit I). Upon completion of our examination, we will issue our independent accountants' report stating whether, in our opinion, Management's Assertion referred to above is fairly stated, in all material respects, based on the Assessment Criteria. If for any reason we are unable to complete the engagement, we may decline to issue a report as a result of this engagement or may terminate this engagement. The report will only be effective for a period of 180 days from the date of our report and may not be used or distributed after such date. The Company agrees that our report and any references thereto will be removed from the Internet no later than such date. OUR RESPONSIBILITIES AND LIMITATIONS We will be responsible for examining Management's Assertion in accordance with Statements on Standards for Attestation Engagements established by the American Institute of Certified Public Accountants. These standards require that we plan and perform the examination to obtain a reasonable basis for expressing a positive opinion about whether Management's Assertion are presented in conformity with the Assessment Criteria. Matthew Roberts Exhibit 10.8 February 12, 2001 Our examination will cover your assertion only for the periods November 1, 2000 through April 30, 2001. Any projection of such information to the future is subject to the risk that, because of change, Management's Assertion may no longer be in conformity with the Assessment Criteria. We have no responsibility to update our report. Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that changes may alter the validity of such conclusions. Our engagement cannot ensure that errors, fraud or other illegal acts, if present, will be detected. Our examination is intended for the benefit of the Company. The examination will not be planned or conducted in contemplation of reliance by any third party or with respect to any specific transaction. Therefore, items of a possible interest to a third party will not be specifically addressed and matters may exist that would be assessed differently by a third party, possibly in connection with a specific transaction. MANAGEMENT'S RESPONSIBILITIES Management's Assertion referred to above is the responsibility of the management of the Company. Management also is responsible for making available to us, on a timely basis, information necessary for our examination and company personnel to whom we may direct inquiries. As required by professional standards, we will make specific inquiries of management and others about Management's Assertion. Those professional standards also require that we obtain written representations relating to Management" s Assertion from certain members of management. The results of our examination procedures, the responses to our inquiries and the written representations comprise the evidential matter we intend to rely upon in forming our opinion on Management's Assertion. As noted above, the Company agrees that the report and any references thereto will be removed from the Internet no later than 180 days from the date of our report. Management agrees to notify us of any changes in circumstances or controls or other matters affecting their assertions or compliance therewith that come to their attention within this period. The Company also agrees to remove our report from the Internet within this period upon reasonable request by PricewaterhouseCoopers LLP. The Company further agrees that we shall review and pre-approve any language to be included on the Company's Internet site or elsewhere reflecting or referring to PricewaterhouseCoopers LLP or our report. -2- Matthew Roberts Exhibit 10.8 February 12, 2001 RELEASE AND INDEMNIFICATION Because of the importance of oral and written representations to an effective examination, the Company releases PricewaterhouseCoopers LLP and its personnel from any and all claims, liabilities, costs and expenses attributable to any knowing misrepresentation by management. Further, the Company agrees to indemnify and hold harmless PricewaterhouseCoopers LLP and its personnel. from any and all claims, liabilities, costs and expenses relating to', PricewaterhouseCoopers LLP's services under this engagement letter, except to the extent finally determined to have resulted from the willful misconduct or fraudulent behavior of PricewaterhouseCoopers LLP relating to such services. In no event shall PricewaterhouseCoopers LLP be liable to the Company, whether a claim be in tort, contract or otherwise: (a) for any amount in excess of the total professional fees paid by the Company under this engagement letter; or (b) for any consequential, indirect, lost profit or similar damages relating to PricewaterhouseCoopers LLP's services provided under this engagement letter, except to the extent finally determined to have resulted from the willful misconduct or fraudulent behavior of PricewaterhouseCoopers LLP relating to such services. In the unlikely event that differences concerning our services or fees should arise that are not resolved by mutual agreement, to facilitate judicial resolution and save time and expense of both parties, the Company and PricewaterhouseCoopers LLP agree not to demand a trial by jury in any action, proceeding or counterclaim arising out of or relating to our services and fees for this engagement. TIMING AND FEES Completion of our work is subject to, among other things, 1) appropriate cooperation from the Company's personnel including timely preparation of necessary information, 2) timely responses to our inquiries, and 3) timely communication of all significant matters relating Management's Assertion. When and if for any reason the Company is unable to provide such information and assistance, PricewaterhouseCoopers LLP and the Company will mutually revise the fee to reflect additional services, if any, required of us to complete the examination. Our fee estimates are based on the time required by the individuals assigned to the engagement. Individual hourly rates vary according to the degree of responsibility involved and experience and skill required. We estimate our fees for this examination engagement will be $35,000, exclusive of out-of-pocket expenses. This estimate takes into account the agreed-upon level of -3- Matthew Roberts Exhibit 10.8 February 12, 2001 assistance from company personnel; we will advise management should this not be provided or should any other circumstances arise which may cause actual time to exceed that estimate. Invoices rendered are due and payable upon receipt. OTHER MATTERS Amy additional services that you may request and we agree to provide will be the subject of separate written agreements. In the event we are requested or authorized by you or required by government regulation, subpoena, or other legal process to produce our working papers or our personnel as witnesses with respect to our engagement for you, you will, so long as we are not a party to the proceeding in which the information is sought, reimburse us for our professional time and expenses, as well as the fees and expenses of our counsel, incurred in responding to such a request. The Company agrees that it will not, directly or indirectly, agree to assign or transfer any claim against PricewaterhouseCoopers LLP arising out of this engagement to anyone., This engagement letter reflects the entire agreement between us relating to the services covered by this letter. It replaces and supersedes any previous proposals, correspondence and understandings, whether written or oral. The agreements of the Company and : PricewaterhouseCoopers LLP contained in this engagement letter shall survive he completion or termination of this engagement. * * * * * If you have any questions, please call Todd Roof at ###-###-#### or Julianne DiFonzo at ###-###-####. If the services outlined herein are in accordance with your requirements and if the above terms are acceptable to you, please have one copy of this letter signed in the space provided below and return it to us. Very truly yours, /S/ J. TODD ROOF - ---------------- J. Todd Roof Partner PricewaterhouseCoopers LLP -4- Matthew Roberts Exhibit 10.8 February 12, 2001 The services and terms as set forth in this letter are agreed to. E-LOAN By: /S/ MATT ROBERTS /S/ STEPHANY FORTNER ----------------------------------------------- (Matthew Roberts) CFO ----------------------------------------------- (Chief Financial Officer) FEB 12, 2001 ----------------------------------------------- (Date) -5 Matthew Roberts Exhibit 10.8 February 12, 2001 EXHIBIT I: SAMPLE ASSESSMENT CRITERIA Note: These assessment criteria are taken from the AICPA's WebTrust 3.0 On-Line Privacy program. A. Disclosures 1. E-LOAN Inc. discloses on the E-LOAN.com US web site, www.eloan.com, its information privacy practices. These practices include, but are not limited to, the following disclosures: o The specific kinds and sources of information collected and maintained; the use of that information; and possible third party distribution of that Information; o Choices regarding how personal information collected from an individual online may be used and/or distributed. Individuals are given the opportunity to opt out of such use by either not providing such information or denying its distribution to parties not involved with the transaction; o Sensitive information needed for the electronic commerce transaction. Individuals must "opt-in" before this information is gathered and transmitted; o The consequences, if any, of an individual's refusal to provide information or of an individual's decision to opt-out (or not opt-in) of a particular use of such information; and o How personal information collected can be reviewed and, if necessary, corrected or removed. 2. If the E-LOAN.corn US web site uses cookies or other tracking methods (e.g. web bugs and middleware), E-LOAN discloses how they are used. If the customer refuses cookies, the consequences, if any, of such refusal are disclosed. 3. E-LOAN discloses its procedure for individuals, companies or other users to inform the entity about breaches or possible breaches to the privacy and security of its electronic commerce system(s). 4. E-LOAN discloses information to enable customers to contact it for questions or support. 5. E-LOAN discloses its procedures for consumer recourse for issues regarding privacy that are not resolved by E-LOAN. These complaints may relate to collection, use and distribution of private information, and the consequences for -6- Matthew Roberts Exhibit 10.8 February 12, 2001 failure to resolve such complaints. This resolution process should have the following attributes: o E-LOAN's commitment to use a specified third party dispute resolution service or other process mandated by regulatory bodies in the event the customer is not satisfied with E-LOAN's proposed resolution of such a complaint together with a commitment from such third party to handle such unresolved complaints. Procedures to be followed in resolving such complaints, first with E-LOAN and, if necessary, with the designated third party. o A description of what use or other action will be taken with respect to the private information, which is the subject of the complaint, until the complaint is satisfactorily resolved. 6. E-LOAN discloses any additional privacy practices needed to comply with applicable laws or regulations or any self-regulatory programs in which E-LOAN participates. 7. E-LOAN discloses changes or updates to its privacy practices. 8. E-LOAN clearly discloses to the site's visitors when they have left the site covered by E-LOAN privacy policy. B. Policies, Goals and Objectives 1. E-LOAN's policies regarding the protection of personal information include, but are not limited to, the following items: o Notice to the customer regarding the information collected; o Choice to the customer regarding the type(s) of information gathered and any options the customer has regarding the collection of this information o The procedures to add new users, modify the access levels of existing users, and remove users who no longer need access; o Employees who are allowed access based upon responsibilities and who authorizes that access; o Access by the customer to his or her private information for update and corrective purposes; o How complaints about privacy can be addressed; -7- Matthew Roberts Exhibit 10.8 February 12, 2001 o Procedures to handle security incidents; o Record retention and destruction practices; and o E-LOAN's commitment to use third-party dispute resolution that conforms to the Principles of Arbitration in Appendix C of the AICPA's WebTrust 3.0 On-line Privacy program. 2. E-LOAN's employees responsible for the privacy of personally identifiable information are aware of and follow E-LOAN's published privacy and related security policies. 3. Accountability for E-LOAN's privacy policy and related security policies has been assigned. 4. E-LOAN has allocated training and other resources to support its privacy and related security policies. 5. E-LOAN's privacy and related security policies are consistent with disclosed privacy practices and applicable laws and regulations. C. Procedures and Technology Tools 1. E-LOAN has appropriate security procedures to establish new users. 2. E-LOAN has procedures to identify and authenticate authorized users. 3. E-LOAN has procedures to allow users to, change, update or delete their own user profile. 4. E-LOAN has procedures to limit remote access to the internal network to only authorized personnel. 5. E-LOAN has procedures to prevent customers, groups of individuals, or other entities from accessing other than their own private or sensitive information. 6. E-LOAN has procedures to limit access to personally identifiable information to only authorized employees based upon their assigned roles and responsibilities. 7. E-LOAN utilizes a minimum of 128-bit encryption to protect transmission of user authentication, verification, and sensitive or private information that is passed over the Internet from unintended recipients. -8- Matthew Roberts Exhibit 10.8 February 12, 2001 8. E-LOAN has procedures to maintain system configurations that minimize security exposures potentially affecting private or sensitive information. 9. E-LOAN has procedures to ensure that private information obtained as a result of electronic commerce is only disclosed to parties essential to the transaction unless customers are clearly notified prior to providing such information. If the customer was not clearly notified when he or she submitted the information, customer permission is obtained before such information is released to third parties. 10. E-LOAN has procedures to ensure that private information obtained as a result of electronic commerce is used by employees only in ways associated with E-LOAN's business. 11. E-LOAN has procedures for personally identifiable information collected, created or maintained by it to subject the information to reasonable edit and validation checks as it is collected. 12. E-LOAN has procedures to obtain assurance or representation that the adequacy of information protection and privacy policies of third parties to whom information is transferred, and upon which E-LOAN relies, is in conformity with E-LOAN's disclosed privacy practices. 13. Customer permission is obtained before downloading files to be stored or alter or copy information on a customer's computer. o If the customer has indicated that it does not want cookies, E-LOAN has controls to ensure that cookies are not stored on the customer's computer. o E-LOAN requests customer permission to. store, alter, or copy information (other than cookies) in the customer's computer. 14. In the event that a disclosed privacy policy is changed or deleted to be less restrictive, E-LOAN has procedures to protect personal information in accordance with the privacy policies in place when such information was collected. Clear and conspicuous customer notification and choice are required to allow E-LOAN to follow the new privacy policy with respect to their personal information. D. Monitoring and Performance Measures 1. E-LOAN maintains procedures to monitor the security of its electronic commerce systems. -9- Matthew Roberts Exhibit 10.8 February 12, 2001 2. E-LOAN has procedures in place to keep its disclosed privacy and related security policies current with laws and regulations and to monitor adherence to its current privacy and security policy practices. 3. E-LOAN has procedures in place to test its privacy and security incident policy and update it as needed due to technology changes, changes in the structure of the electronic commerce system(s), or information gained from tests of its plan. 4. E-LOAN has procedures in place to monitor and act upon privacy and security breaches. -10-