Privacy Incident Management | RadarFirst – this image contains a deep astral field full of distant stars and galaxies. RadarFirst blue sheens across the cosmos to evoke feelings of vast potential and the possibilities for growth and exploration through digital transformation.
Benchmarking Series

Third Parties: Balancing Value-Add and Risk

Want to share this?

Third Party Privacy: Balancing Value-Add and Risk

By Greg Sikes, VP of Product at RadarFirst

greg sikes headshot Greg Sikes Senior Vice President of Product

As Senior Vice President of Product, Greg is responsible for the product management and product marketing functions at RadarFirst. He brings over 25 years of experience in product and business leadership roles across global operations.

I’m visiting my dad this week in Colorado and am reminded of how deeply environmental conditions can have an effect on you. From my home base of Portland, OR, there’s normally plenty of water in the air; not so much here in the southwest corner of Colorado, where I feel like a dried sponge.  

Relating my challenges to the reason for this blog, we hear from our customers about the conditions their businesses are subject to:

  • Regulations—both external and internal
  • Reputation judgments from the marketplace they serve
  • Limited budgets

Regarding the latter, limited headcount budgets do not translate into less demand on the internal teams that serve the market. Rather, businesses will turn to outside parties for help, for example, data processing, data analytics, and communications with individuals with PI.  

These third parties add significant value. At the same time, our recent benchmark report shows that they can add risk to the business as well. Our 2023 privacy incident management benchmarking report shows that when a data breach of private information occurs within a third party, the notification obligations increase nearly 4X. 

Benchmarking graph "Notification Obligations V. Incident Source | 2023 Privacy Incident Management Benchmarking Report" shows that from internal sources, 5.5% of incidents arise to be notifiable breaches, while 94.9% are not notifiable. When originating from external sources, 19% of incidents qualify as notifiable breaches. v 81% that are not notifable under applicable regulations.
Notification Obligations V. Incident Source | 2023 Privacy Incident Management Benchmarking Report
When caused by a external business entity, the requirement to notify is nearly 4X higher at 19%.

There’s no way around the environment that you live in, so you have to adapt and take the appropriate actions to thrive. In the case of a business’ use of third-party services, a risk assessment of a potential provider is a no-brainer. Having a privacy incident management process in place also seems obvious. Waiting until an incident has occurred to start preparations just doesn’t make sense in our current regulatory climate.  

To discover all of the opportunities to prepare and mature your Privacy program in a climate of ever-increasing and changing regulations, download the 2023 RadarFirst Privacy Incident Management Benchmarking Report. The report highlights the numerous benefits and ROI our customers are realizing by being prepared for the inevitable privacy incident with RadarFirst’s intelligent privacy incident management solution.

The cover page of the Privacy Incident Management Benchmarking Report 2023: Data to Build Trust and Accelerate Privacy Maturity
Privacy Incident Management Benchmarking Report 2023: Data to Build Trust and Accelerate Privacy Maturity

Build Trust & Accelerate Maturity

Download the 2023 Privacy Incident Management Benchmarking Report for KPIs that will help you build a more proactive and mature privacy program.
Download Now