October 12, 2018Nelson Mullins’ Toni Peck Selected as Chair for Lucy Daniels Center
American Lawyer Media’s Cybersecurity Law & Strategy
Reprinted with permission from ALM's Cybersecurity Law & Strategy
Understanding third-party service provider relationships and the security risks they present to any organization is an essential element of cybersecurity planning. Bad actors continue to exploit the risks presented by third-party service providers that maintain access to corporate-owned information systems. Over the last several years, companies have found themselves the victim of costly and high profile data breaches occurring as a result of a third-party service provider’s security failures. See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d 1154 (D. Minn. 2014); In re: The Home Depot, Inc., Customer Data Sec. Breach Litig., No. 1:14-MD-2583- TWT, 2016 WL 2897520, at 1 (N.D. Ga. May 18, 2016).
In an era of ubiquitous data collection, reliance on these third parties for virtually all aspects of the business’ technical operations has become standard operating procedure for many companies. At times, this reliance makes sense, as the provider may be better positioned to reduce risk in providing this service. To that end, the client must ensure it has the oversight capability to ensure the provider is successfully managing risk.
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.