Third Party Breach
2:00 PM – 3:00 PM
The well-publicized data breach at Target in 2013 was the result of an intrusion into Target’s systems by attackers who stole network credentials from one of Target’s third party vendors (a refrigeration, heating and air conditioning subcontractor that worked at a number of Target locations). The most recent estimate on the cost of that breach to Target was approaching $300M. That breach and its impact highlights the importance of managing privacy and security issues relating to third parties. With companies and firms increasingly using third party service providers (and third parties increasingly subcontracting out parts of the work), the need for companies to conduct deeper reviews and have stronger requirements of third parties also must increase. Learn what type of due diligence should be done regarding a vendor’s data security and privacy program and controls, what kind of contractual language is needed to set out expectations and requirements, and general best practices with respect to third parties that may experience a data breach.
Specific discussion points include:
- Appropriate contractual pieces in place
- Establishing relationships
- Expectations & Communications with Vendors
- Interest in both client & vendor that process goes smoothly (common interest)
- Minimizing bad press
- Vendor Speaker – what are the trends vendors see?