Deeper Dive: Vendor Management Crucial for Data Protection

Organizational obligations regarding data privacy and security extend not only to the data in a company’s possession, but also to its data in the possession of a third-party service provider or business partner.

Extract from article by Alan Friel

In our 2017 Data Security Incident Response Report, we found that of the 450+ incidents we worked on last year, network attacks that succeeded due to vendor wrongdoing were significantly more common (15 percent) than those due to employee wrongdoing (9 percent). Vendors were also found to be the cause of technical and security failures and lost/stolen devices or records. Indeed, some of the highest-profile breaches to date have been traced back to vendors (e.g., Target 2014).

Organizational obligations regarding data privacy and security extend not only to the data in a company’s possession, but also to its data in the possession of a third-party service provider or business partner. Outsourcing information processing to a third party, or sharing data with business partners, does not relieve an organization of its privacy and security obligations. For instance, businesses need to scrutinize the security measures of the outsourced providers with which they contract and the providers’ in-place measures – contractual and otherwise – to respond to breaches.

Management of vendors is one of the seven recommendations in the report for minimizing your data privacy and security risks, and we provide you with key questions to ask regarding your vendors and data protection.

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien
Read previous post:
The Negative Consequences of ‘Da SIlva Moore’

Predictive coding methods have come a long way since Judge Peck first approved predictive coding in our Da Silva Moore...

Close