Cybersecurity Industry Must Find Solutions for Third Party Data Security

Cybersecurity Industry Must Find Solutions for Third Party Data Security

Organizations must take more responsibility for the security of third party providers that access their data, according to experts speaking during a webinar session organized by Atakama.



Moderating the discussion, Brian Herr, field CISO at Mainline Information Systems, firstly highlighted how organizations are becoming increasingly reliant on third parties, meaning growing numbers of entities are getting access to their confidential information. “Organizations are putting more data outside of their control,” he explained, adding that “the regulatory and legal landscape is trying to keep tabs on this and it’s changing the way we do business.”



The EU’s GDPR legislation is generally seen as the pioneer for data protection rules, with other countries such as the US starting to follow suit in terms of their own regulations. There are now some clarifications emerging in regard to third party data access from the GDPR, which are likely to have implications throughout the world. Patrick Burt, former NY regulator/privacy attorney at Philip Nizer, outlined that “there is more and more focus on third parties.” Under GDPR, organizations are given clear responsibilities to undergo risk assessments and other checks when handing over data to a third party.



Burt noted that in a number of recent cases in which fines were handed out by the UK’s Information Commissioner’s Office (ICO), including against BA, Marriott and Ticketmaster, it was argued that third parties were liable, “but in each case, the ICO fou ..