A recent survey conducted by the Ponemon Institute LLC finds that 37% of companies that outsource services do not believe that their primary third party vendor would notify them in the event of a breach of the company’s confidential data. The percentage jumps to 73% when companies were asked about breach notification from vendors utilized by their primary third party vendor.

The survey was conducted of 598 companies across various industries. Every company responding to the survey indicated that it has a vendor data risk management program. However, the survey results reflected that most companies do know now how many third parties have access to their confidential data and do not evaluate or monitor third party security and privacy practices. The survey suggests that many companies could benefit from stepping up governance of their vendor management programs.

The survey report is available here. Contact us at Ossian Law regarding any information technology law matter.

© 2016 Ossian Law P.C.