Cybersecurity Industry Must Find Solutions for Third Party Data Security
Moderating the discussion, Brian Herr, field CISO at Mainline Information Systems, firstly highlighted how organizations are becoming increasingly reliant on third parties, meaning growing numbers of entities are getting access to their confidential information. “Organizations are putting more data outside of their control,” he explained, adding that “the regulatory and legal landscape is trying to keep tabs on this and it’s changing the way we do business.”
The EU’s GDPR legislation is generally seen as the pioneer for data protection rules, with other countries such as the US starting to follow suit in terms of their own regulations. There are now some clarifications emerging in regard to third party data access from the GDPR, which are likely to have implications throughout the world. Patrick Burt, former NY regulator/privacy attorney at Philip Nizer, outlined that “there is more and more focus on third parties.” Under GDPR, organizations are given clear responsibilities to undergo risk assessments and other checks when handing over data to a third party.
Burt noted that in a number of recent cases in which fines were handed out by the UK’s Information Commissioner’s Office (ICO), including against BA, Marriott and Ticketmaster, it was argued that third parties were liable, “but in each case, the ICO fou ..