Is Your Customer Data at Risk from Suppliers and Partners

The Facebook and Cambridge Analytica debacle has shown how suppliers and partners can so easily put customer data at risk and has highlighted the need for organisations to urgently review their partner and supplier data practices.

Minimising Data Exposure Risks

In a nutshell, how can you:

• Mitigate data security risks within your organisation and supply chain?
• Ensure the integrity of customer data that you share?
• Give customers confidence that your processes protect their data, wherever located?

Ask the Right Questions

A staring place to protecting yourself and your customers is by asking the right questions of yourself and also of your business partners. In relation to personal data, the new General Data Protection Regulation (GDPR) requires you to satisfy yourself that all suppliers are compliant.

So here are some typical questions you might consider asking in relation to your partners’ and suppliers’ customer data handling practices:

• Am I happy that this potential supplier will not create a risk to our customer’s data?
  • What are their references?
  • Do they have any form of ISO 27001 Information Security Management certification?
• What data are we passing to them that are sensitive?
  • Does the data refer to a person’s
    • race
    • religion
    • politics
    • trade union membership
    • sexual orientation
  • What data is not sensitive?
    • How do you determine this?
  • How does my supplier ensure this data is managed correctly?
    • How is the data stored and who has access?
    • What are their data management, recovery and breach notification processes?
    • What data management training has been completed?
  • What technology is my supplier using:
    • To protect stored data?
    • Protect data in transit?
    • To minimise security breaches?
    • To identify security breaches?

With the introduction of GDPR in May 2018, it has never been more important to ensure that you undertake due diligence in protecting your customer’s data throughout your entire supply chain.

Don’t forget, you are likely to be a supplier to other organisations who will very likely be asking the same questions of you.

And if the supplier/partner questions have not already been considered, I hope this article is sufficiently thought provoking to start asking your suppliers for their data handling credentials.

Author: Andi Robinson (andi.robinson@egosecure.co.uk), CSO for EGOSecure UK  – a veteran of the IT Sector with 33 years in the industry, 18 years in IT Security of which 8 years have included international consulting. Currently

EGOSecure are the first manufacturer worldwide to combine the analysis of the data flow with the safeguarding of data, in one simple to deploy and use solution.