||CONTRACT VENDORS CAUSING MANY BREACHES
Does your company maintain, transmit, store or process identifiable information from other businesses? How you safeguard your client’s critical information could result in damaging consequences.
A review of Reported Data Breaches and Disclosures during 2008 lists a significant amount of breaches caused by third-party vendors. The breaches were attributed to internet exposure, stolen computers or laptops that were not encrypted, printing errors, and unprotected servers. Not only is a data breach likely to place liability with your company, it could cost you thousands in credit monitoring fees, litigation, and damage your relationship resulting in loss of business.
Take for instance the Web content-management company, Verus Inc., who ultimately went out of business last year after it was disclosed that 91,550 patient records from at least five hospitals were exposed. The breaches were attributed to Verus’ IT employees that left a firewall down after transferring data between servers. Hospitals immediately terminated their contracts and investors pulled out. Then there was a class action suit against Certegy Check Services brought on last fall by 8.5 million consumers nationwide whose financial and personal data were stolen. The suit claims they did not “adequately protect confidential and personal information of its clients” when a senior database administrator employed by Certegy took confidential information of consumers’ records and sold them to a third party marketer. The first settlement was proposed this month and could cost Certegy millions of dollars.
Vendors who handle human resources data or process customer identifiable information must continually evaluate their privacy policies and procedures to reduce the risk of a breach. When an outside vendor assumes the responsibility of personally identifiable information, it becomes their duty to safeguard the