No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Data is Power: Wield it Wisely

by Chris Olson
April 16, 2018
in Data Privacy, Featured
man at laptop

The Importance of Digital Vendor Management

As the digital landscape grows and changes, businesses rely on an increasingly sprawling network of third, fourth, and fifth parties to render final, consumer-facing content. Chris Olson, CEO at The Media Trust, explains why a sound digital vendor management strategy is so crucial not only for compliance purposes, but also for brand health.

The digital age breeds constant change – none more powerful than the availability of data and, more specifically, the ease of collecting and using personal data. For industry, this data has the power to both accelerate new opportunities for growth and act as an anchor to drag down momentum. In an era where businesses prize data and guard against its misappropriation, its troubling that this discernment doesn’t carry over to the digital environment, where countless third parties and partners on enterprise websites and mobile apps have access to personal user data, often without a company’s knowledge.

Impending regulations and the changing political landscape require a more cautious approach to the collection, use and sharing of personal data. Threats of not only hefty fines, but also long-term reputational damage induce enterprises to take a closer look at their own websites and mobile apps to understand exactly which partners execute code and which capture personal data. This basic knowledge — standard elements in a vendor risk management program — could very well be the key to mitigating future troubles if adapted for a digital-first economy.

The Legal Landscape

Thanks to more than 1,500 data breaches in 2017 alone that exposed more than 9 billion personal records and ongoing high-profile consumer data misuse, data privacy issues dominate today’s news headlines. Not just a flash in the pan, data privacy issues present critical, long-term challenges that affect both U.S. citizens and the U.S. economy.

The U.S. government has taken notice. Federal and state governments are instituting new data privacy laws that will include significant penalties against companies. California was the first state to enact a security breach notification law.[1] Following suit, the Illinois state legislature also passed a groundbreaking data privacy bill requiring internet companies and entities to clearly communicate to consumers about the collection of geolocation data, purpose of the data and with whom it is shared (e.g., business partners). Massachusetts state law mandates the technical, physical and administrative security protocols required to protect personal information, as well as a full-scale security program. Thus far, 48 states in all have enacted privacy laws requiring notification of security breaches involving personal information.[2] Echoing global initiatives, especially the EU’s GDPR, the trend to more closely govern personal data will continue.

The Digital Malaise

Despite new legislation and rising public sentiment, companies are not doing enough to secure data privacy according to PwC’s 2018 Global State of Information Security Survey (GSISS).[3] The report reveals that only 51 percent of respondents have an accurate inventory of what employee and customer personal data is collected, transmitted and stored, and only 53 percent require employees to complete training on privacy policy and practices. Clearly, enterprises are not aligning with government directives.

While efforts are being made to identify personal data sources across the enterprise, very few address the digital environment – specifically their own websites and mobile apps designed for public consumption. Many companies look to their IT departments to ensure that their website is operational, but many departments such as marketing, product, legal and more contribute to this digital environment. As a result, no one individual or department directly manages the entire corporate digital footprint. Making matters worse, the internet’s highly complex and dynamic environment means a host of third parties operating outside the IT infrastructure are relied upon to render final, consumer-facing content such as product research, price comparisons, recommended content, product reviews, social media feeds and more.

This is a serious problem in today’s changing regulatory environment. Third-party code accounts for between 50 and 78 percent of a typical website’s code base. While companies test their own code, they cannot see nor test code from those third parties that have unfettered access to the personal data of your digital consumers. Premier analyst firm Gartner projects these kinds of “shadow IT” sources to be the root cause of 33 percent of security problems by 2020. The lack of general digital oversight combined with third-party code poses significant security and legal risks for corporations.

Securing the Digital Environment

In this ever-changing digital morass, it is not enough for corporations to leave their digital risk to chance. Collaboration at all corporate levels — from the boardroom and security/IT to marketing, risk and compliance departments — is necessary to effectively govern digital assets. To avoid regulatory scrutiny, enterprises need to oversee this new frontier and update vendor risk management strategies to include the digital environment.

This digital vendor risk management plan should outline rules, technologies, procedures and best practices for all parties executing in websites and mobile apps, with particular attention paid to those third, fourth and fifth parties. Organizations need to discover and identify all active digital vendors and communicate their digital asset management policy, a process to inform partners of expectations and set parameters to measure compliance with relevant policy directives. With continuous monitoring, companies can proactively detect unauthorized digital activities, block code and remediate any damages with the offending vendor. In addition, a documented and operationalized process creates an audit trail.

A sound digital vendor management strategy is key to protecting personal data traversing the digital ecosystem unchecked. These steps can protect corporations from regulatory scrutiny while enhancing brand reputation and customer satisfaction. You have the power to protect personal data; wield it.

[1] https://content.next.westlaw.com/6-502-0467?transitionType=Default&firstPage=true&bhcp=1&contextData=(sc.Default)

[2]  https://www.cyberadviserblog.com/2018/03/oregon-new-york-alabama-rhode-island-join-list-states-considering-data-breach-legislation-post-equifax/

[3]  https://www.pwc.com/us/en/cybersecurity/information-security-survey.html


Tags: Data BreachGDPRThird Party Risk Management
Previous Post

Regulators Catching Up with the Crypto Craze

Next Post

FireMon Introduces New Global Policy Controller, Delivers Frictionless Network Security Management for the Hybrid Enterprise

Chris Olson

Chris Olson

Chris Olson is CEO and Co-founder of The Media Trust, the global leader in continuously monitoring and protecting the online and mobile ecosystem. The Media Trust works with the world’s largest, most-heavily trafficked digital properties to provide real-time security, first-party data protection, performance management and quality assurance solutions that help protect, monetize and optimize the user experience across desktop, smartphone, tablet and gaming devices.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

Build and Scope Better Vendor Due Diligence Questionnaires

Build and Scope Better Vendor Due Diligence Questionnaires

by Corporate Compliance Insights
January 18, 2023

Make sure you're asking all the right questions when onboarding new third-party vendors White Paper Build and Scope Better Vendor...

SWISS GRC DAY 2023

SWISS GRC DAY 2023

by Aarti Maharaj
December 15, 2022

The SWISS GRC DAY brings together interested parties from all over Switzerland and nearby countries. Topics include first-hand news, challenges...

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

by Aarti Maharaj
December 8, 2022

The GFMI 16th Edition Third Party Vendor Risk Management for Financial Institutions conference taking place in New York, NY on...

Next Post
FireMon Introduces New Global Policy Controller, Delivers Frictionless Network Security Management for the Hybrid Enterprise

FireMon Introduces New Global Policy Controller, Delivers Frictionless Network Security Management for the Hybrid Enterprise

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT