On Guard: Vendors of Data Companies Likely to Feel Compliance Pressure

Get Your Cyber Security Insurance, Says One Privacy Lawyer

By Published on .

Credit: akindo
Most Popular

This year guarantees to bring a surge in the use of data-security services. And some expect that companies that collect and manage a lot of data also will keep a watchful eye outside their own operations towards their vendor partners.

Acxiom's Chief Privacy Officer Jennifer Barrett-Glasgow calls it "vendor credentialing," and she anticipates the data-services firm will give more scrutiny to its vendor partners than ever before. Acxiom's vendors, the better known of which include Google's Doubleclick and TV data firm Rentrak, have access to select sets of data that flow through Acxiom's system, some of which could be proprietary information owned by Acxiom clients and managed by the data firm, but passed along to those partners for ad targeting or other purposes.

"[Clients] want to make sure, 'If we give our data to Acxiom, is it going to be safe?'" said Ms. Barrett-Glasgow. Along with applying its own data-security protection measures, she added, "We're pushing all of that upstream to our vendors."

Acxiom Privacy Chief Jennifer Barrett-Glasgow
Acxiom Privacy Chief Jennifer Barrett-Glasgow

That added pressure on vendors, many of which are far smaller than Acxiom partners Doubleclick, Facebook and AOL, is spurred in part by a realization that vendors are sometimes at fault for data breaches. Smaller vendors, said Ms. Barrett-Glasgow, "They're just not as sophisticated."

Indeed, legislative and regulatory attention may shift away from a long-anticipated comprehensive federal privacy law to a federal data-breach law, one which many data industry bodies support. "I frankly don't see congress being willing to spend the time it's going to take to pass an omnibus privacy bill," said Ms. Barrett-Glasgow, adding, "I think we stand a better chance this year of getting a federal breach-notification bill passed then we have in some time."

Gartner projects that by 2018, more than half of companies will employ data protection and other data-security services. The research firm reported in August that spending on data security will grow by 8.2% in 2015 to hit nearly $77 billion.

Financial-services firms, already not strangers to information-security compliance, may have to up their games, said Donna Wilson, partner and co-chair of the privacy and data security practice at law firm Manatt, Phelps and Phillips. Financial-services vendors, she said "are going to be vetted more and that's not necessarily a bad thing."

Yet, she continued, the increased focus on security measures could deter some companies from getting into certain markets, especially heavily regulated ones such as financial services and healthcare. "If you're a regulated entity, compliance cost could become a barrier to entry," said Ms. Wilson.

Her suggestion for concerned data holders and their vendor partners? "Get your cyber insurance. Everybody who touches sensitive data should have it."