What's keeping CLOs up at night? The recently released 2019 ACC CLO Survey found that in 2019, CLOs have their eyes on data. Data breaches, regulatory changes, and information privacy top the list of CLO concerns in 2019.
Third parties are the #1 risk to personal data and cause of breaches:
66% of third parties that receive personal data are non-technical service providers.
59% of breaches are caused by a third party.
66% of companies don't have a comprehensive inventory of the third parties they share personal data with.
60% of respondents do not require third parties to fill out a security questionnaire or conduct remote or onsite assessments to assess security practices and controls.
The California Consumer Privacy Act requires companies to know—with great certainty—the specific types of personal data disclosed to all third parties and how they are protecting that data. Download the Vendor Risk Profiling Whitepaper for details on requirements.
The exploitation of weak third-party defenses by bad actors continues to be a concern for U.S. companies. Just this week, headlines featured an inappropriate disclosure of the sensitive personal information of 2.3 million disaster survivors by the Federal Emergency Management Agency (FEMA)to a contractor.
"The privacy incident occurred because FEMA did not take steps to ensure it provided only required data elements to [the contractor]." - Office of Inspector General, Department of Homeland Security
Are you confident that your organization is sharing only pertinent information with its third parties? Are your third parties adequately protecting the sensitive information you do share?
The Ponemon Institute recently published a report, Data Risk in the Third-Party Ecosystem, which highlights the risks associated with third parties.
63% of respondents say they do not have sufficient resources to manage third-party relationships
57% of respondents do not know if their organizations' vendor safeguards are sufficient to prevent a breach
61% of US respondents confirm their organizations experienced a data breach caused by one of their third parties.
The ACC Vendor Risk Service is the most cost-effective way to mitigate your third-party data risks, avoid costly surprises, and comply with California's Consumer Privacy Act.
Fully supported turnkey service
Risk profile all third-parties in 30 days
Identify regulated and high-risk vendors
Identify personal data at risk
Develop a comprehensive vendor inventory