Skip to content
Awareity
Awareity

The Pre-Incident Prevention Experts

Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • In The News
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Partners in Prevention
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Third-Parties and the Protection of Sensitive Information: Is Your Organization Lacking Contractual Assurances?

By: Awareity
On: September 17, 2010

 

A recent GAO report has revealed that federal agencies utilizing contracted workers are failing to implement contractual assurances with third-parties regarding the protection of sensitive information.

GAO auditors examined the contracting practices of three of the largest federal agencies and of those three, only one (DHS) required third-party companies to sign standard contracts requiring the contractors to follow best practices in safeguarding sensitive information.

In a recent data breach, a TSA contractor allegedly provided a Boston couple the social security numbers for more than a dozen TSA workers.  Third-parties are increasingly responsible for data breaches, but most often, the hiring agency or company will face the resulting lawsuits, reputational damages, fines, etc.  Outsourcers, consultants, contractors and business partners were responsible for almost half of the data breach incidents in 2008 and recent incidents show third-party gaps are mounting.

It is critical for organizations to require third-parties to be aware of, understand and acknowledge their responsibilities for protecting all types of information.  Organizations should:

  • Train contractors  on best practices for protecting information
  • Require contractors to sign non-disclosure agreements
  • Require contractors to review and acknowledge organization-specific policies and procedures
  • Require contractors to review ongoing updates as risks, challenges, requirements change
  • Track all contractor agreements with legal-ready and audit-ready documentation

 

Lessons learned have shown that third-party data breaches will continue to occur if organizations do not change their status quo processes and connect the dots with third-parties more effectively.

How are you addressing your third-party relationships today?

Have your business partners, contractors, etc. signed off on your organization’s policies and procedures?

Do they understand their individual roles and responsibilities for protecting your customer / sensitive information?

2010-09-17
Previous Post: If I Knew Then What I Know Now…
Next Post: Social Engineering: Need $11K?… Just Ask a Wal-Mart Employee

READ MORE:

WATCH MORE:

Not seeing the form to request information? Drop us a line and we’ll send you more information!

Recent Blog Posts

Higher Ed Research facts, silos, and different actions

April 10, 2025

Community Research facts, silos, and different actions

April 10, 2025

K12 Research facts, silos, and different actions

April 3, 2025

Bias-based Decisions Can Be Overcome

December 4, 2024

First Preventers Believe…

October 18, 2024

Rick Shaw, Founder & CEO

Click here to learn more about Founder, CEO, and Prevention Specialist, Rick Shaw.

Awareity on Twitter

Tweets by Awareity

Search

Tweets by Awareity

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

 | |

Designed using Dispatch Premium. Powered by WordPress.

This site uses cookies to ensure that we give you the best experience on our website. Continuing to use this site means you are agreeing to the use of cookies.Ok