Third Parties & Your Data

What's keeping CLOs up at night? The recently released 2019 ACC CLO Survey found that in 2019, CLOs have their eyes on data. Data breaches, regulatory changes, and information privacy top the list of CLO concerns in 2019.

Third parties are the #1 risk to personal data and cause of breaches:

  • 66% of third parties that receive personal data are non-technical service providers.

  • 59% of breaches are caused by a third party.

  • 66% of companies don't have a comprehensive inventory of the third parties they share personal data with.

  • 60% of respondents do not require third parties to fill out a security questionnaire or conduct remote or onsite assessments to assess security practices and controls.

The California Consumer Privacy Act requires companies to know—with great certainty—the specific types of personal data disclosed to all third parties and how they are protecting that data. Download the Vendor Risk Profiling Whitepaper for details on requirements.

The exploitation of weak third-party defenses by bad actors continues to be a concern for U.S. companies. Just this week, headlines featured an inappropriate disclosure of the sensitive personal information of 2.3 million disaster survivors by the Federal Emergency Management Agency (FEMA)to a contractor.

"The privacy incident occurred because FEMA did not take steps to ensure it provided only required data elements to [the contractor]." - Office of Inspector General, Department of Homeland Security

Are you confident that your organization is sharing only pertinent information with its third parties? Are your third parties adequately protecting the sensitive information you do share?

The Ponemon Institute recently published a report, Data Risk in the Third-Party Ecosystem, which highlights the risks associated with third parties.

  • 63% of respondents say they do not have sufficient resources to manage third-party relationships

  • 57% of respondents do not know if their organizations' vendor safeguards are sufficient to prevent a breach

  • 61% of US respondents confirm their organizations experienced a data breach caused by one of their third parties.

The ACC Vendor Risk Service is the most cost-effective way to mitigate your third-party data risks, avoid costly surprises, and comply with California's Consumer Privacy Act.

Benefits include:

  • Fully supported turnkey service

  • Risk profile all third-parties in 30 days

  • Identify regulated and high-risk vendors

  • Identify personal data at risk

  • Develop a comprehensive vendor inventory

Request a Demo of the ACC Vendor Risk Service


Contact Us

© 2019 Jordan Lawrence. No legal representation made.

Jordan Lawrence is not a law firm and does not provide legal advice.