Data security can present challenges in third-party vendor relationships. Such vendors and contractors often have access to confidential information and are rightfully expected to take appropriate precautions to keep that data secure. At the same time, a single misstep doesn’t necessarily spell the end of a third-party vendor relationship. Many in-house counsel prefer to work with valued vendors and contractors to bring them into compliance, rather than restart the vendor selection process.
Womble Bond Dickinson attorney Tara Cho recently discussed the challenges surrounding third-party vendor contracts and data security with Law.com’s Legaltech News. Cho, who leads the firm’s Privacy and Cybersecurity Team, regularly guides companies in privacy and data security issues involving third-party vendors.
Cho told Legaltech News that healthcare, financial services and some other highly regulated industries have clear-cut data security standards that vendors must meet. In many cases, these vendors must obtain industry-recognized certification.
But in other, less heavily regulated industries, “she recommended understanding the potential data vulnerabilities customers may face and proactively implement multi-factor authentication, encryption, disaster recovery and other protocols as its own cybersecurity standard. Cho said service providers want to avoid creating customized cybersecurity environments to meet each client’s requirements because it is impractical and expensive.”
Cho also said that the importance of maintaining security standards in third-party vendor relationships will only increase as stricter data privacy laws take effect and consumers become more aware of the data privacy issues.
Also, click here to read “Slate Turns to Womble Bond Dickinson’s Tara Cho for California Consumer Privacy Act Insights”.
Tara Cho chairs Womble Bond Dickinson (US) LLP’s Privacy and Cybersecurity Team. Her practice is dedicated to counseling clients on privacy and data security issues across industries such as technology, retail, e-commerce, and life sciences, with an emphasis on compliance risks and regulatory requirements affecting the healthcare and healthtech sector.