Want to share this?

Third Party Privacy: Balancing Value-Add and Risk

By Greg Sikes, VP of Product at RadarFirst

greg sikes headshot Greg Sikes Senior Vice President of Strategy

As Senior Vice President of Strategy, Greg brings over 25 years of experience in product and strategic business leadership roles across global operations.

I’m visiting my dad this week in Colorado and am reminded of how deeply environmental conditions can have an effect on you. From my home base of Portland, OR, there’s normally plenty of water in the air; not so much here in the southwest corner of Colorado, where I feel like a dried sponge.  

Relating my challenges to the reason for this blog, we hear from our customers about the conditions their businesses are subject to:

  • Regulations—both external and internal
  • Reputation judgments from the marketplace they serve
  • Limited budgets

Regarding the latter, limited headcount budgets do not translate into less demand on the internal teams that serve the market. Rather, businesses will turn to outside parties for help, for example, data processing, data analytics, and communications with individuals with PI.  

These third parties add significant value. At the same time, our recent benchmark report shows that they can add risk to the business as well. Our 2023 privacy incident management benchmarking report shows that when a data breach of private information occurs within a third party, the notification obligations increase nearly 4X. 

Benchmarking graph "Notification Obligations V. Incident Source | 2023 Privacy Incident Management Benchmarking Report" shows that from internal sources, 5.5% of incidents arise to be notifiable breaches, while 94.9% are not notifiable. When originating from external sources, 19% of incidents qualify as notifiable breaches. v 81% that are not notifable under applicable regulations.
Notification Obligations V. Incident Source | 2023 Privacy Incident Management Benchmarking Report
When caused by a external business entity, the requirement to notify is nearly 4X higher at 19%.

There’s no way around the environment that you live in, so you have to adapt and take the appropriate actions to thrive. In the case of a business’ use of third-party services, a risk assessment of a potential provider is a no-brainer. Having a privacy incident management process in place also seems obvious. Waiting until an incident has occurred to start preparations just doesn’t make sense in our current regulatory climate.  

To discover all of the opportunities to prepare and mature your Privacy program in a climate of ever-increasing and changing regulations, download the 2023 RadarFirst Privacy Incident Management Benchmarking Report. The report highlights the numerous benefits and ROI our customers are realizing by being prepared for the inevitable privacy incident with RadarFirst’s intelligent privacy incident management solution.

Build Trust & Accelerate Maturity