Fowler said you should also know exactly what that third party is going to do if something goes wrong. Does it have a roadmap or contingency plan in the event of a data or security breach? Is it contractually obligated to disclose any breaches? How often is it updating its security policies, software and services?
The buck doesn't stop with the ESP or service provider, either. Marketers should ask ESPs or vendors to disclose any third-party hosting companies they work with and get details on their policies as well. “The reality is, unless you own the entire network [that data resides on and email is sent from], then there's always going to be a door open for something to occur, so you need to go in with eyes open,” Fowler said.