We’ve all heard of the “Weakest Link”.
It’s how your parents figured out what really happened when a good piece of china was broken. You hear about it on police shows all the time. It’s even a game show.
It’s also a key part of data compliance for a business or non-profit of any size. In most parts of our lives – business and personal – we tend to look after things that directly affect us, and accept that we can’t change what other people do. We mow our lawns and keep the yard neat. We can only hope the neighbors do the same, but we don’t have any method to enforce it, and most people don’t want the conflict.
However, data privacy and protection laws take the exact opposite approach. As a business, you are equally responsible for the actions of any other entity that you share information with. Being compliant yourself is only a part of the battle. It doesn’t matter how big or small you are, or the size of your partner. You can be a two-person office sharing information with a multinational. If they have a data breach, and your customer information is exposed, you are just as responsible as they are…..unless you have the right agreements in place. In short, you are responsible for your “extended family”.
It can be complicated, and it can be simple. You have a legal obligation to put the proper safeguards in place to ensure, to the best of your ability, that any information you share with partners is safe and protected. This is only achieved by having processor agreements in writing that spell out everyone’s responsibilities.
You may wonder what difference it makes. If a breach occurs, the data is compromised regardless of whether you have an agreement in place or not. That is true.
However, there is a practical and legal reason to have agreements in place.
The practical is you want to be able to tell your customers that you took the proper steps to protect their data as much as possible. They will still be upset, but they will be more understanding than if you did nothing and hoped your business partners were doing the right thing.
The legal is because the privacy authority that governs your state or province will be much more forgiving if you put the proper safeguards in place to protect personal data. These authorities have the power to fine you heavily for data infractions. They can also publicize their findings and let the world (or at least your customers!) know that you violated data protocols.
Be it legal or practical, more and more of your customers only want to do business with people who take their privacy seriously. This number will continue to grow as more people understand what’s at stake with all the info we are required to share for everyday transactions.
We are here to help. Contact us now for a complimentary conversation!
Leave a Reply