Tag Archives: vendor

Should Companies Terminate Third Party Vendors That Cause a Data Breach?

According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However, there are reports that … Continue Reading

Re-Emphasis on Third-Party Service Provider Security In Financial Services…A Reminder for All Businesses

A New York Times article earlier this week reported that top officials at the Treasury Department have identified a key area for strengthening data security – third-party service providers. Reuters reported that on Tuesday of this week New York State Department of Financial Services superintendent, Benjamin Lawsky, sent a letter to a number of banks inquiring … Continue Reading

Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012

Massachusetts service provider contract deadline - March 1, 2012 - should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.… Continue Reading

California and Massachusetts Legislatures Push Data Breach and Security Bills

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.   On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified … Continue Reading

Federal Agencies Tighten Data Security Screws on Federal Contractors

Federal contractors are subject to numerous requirements under federal law and, as we have previously highlighted here, need to keep pace with changes in law and regulation.  Under the Federal Information Security Management Act of 2002 (FISMA) each federal agency is required to develop, document, and implement an agency-wide program to provide information security for … Continue Reading

Is Shredding Enough?

Continuing our thoughts on how disclosures of private or confidential information may adversely impact the institution and the persons affected by such disclosure, we now focus on something near and dear to lawyers’ hearts: paper shredding. Many businesses regularly shred documents they no longer need to protect them from disclosure. While this may secure the information contained … Continue Reading
LexBlog