CSID’s Tim Brown joined local security professionals and lawyers as a panelist on the panel “Who Watches the Watchers?: Third-Party Vendor Privacy and Data Security Issues” earlier this week. The panel discussed privacy and data security issues facing organizations that work with a multitude of third-party vendors as well as the challenges faced by both the organization and the third party vendor in managing privacy, data security, and risk issues.
Some key findings from the panel included:
- It is the data owners’ responsibility to inform the vendor of what type of data is being handled, describe its sensitivity and assess compliance needs.
- A vendor should disclose its security compliance, breach history and be transparent with an organization when working through MSA’s, contracts and processes.
- The cost of the contract should be assessed and compared with the value of data being exchanged in the event that data is exposed and responsibility for the data is taken.
- Challenges that organizations face when working with vendors include comparing vendor compliance and performance; time frame for when security issues and data exposure should be resolved; and on-going monitoring to increase security efforts.
The panel also discussed FISMA (Federal Information Security Management Act) regulation and its impact on selecting vendors as well as meeting federal criteria and guidelines for various information systems.