Learning from the Target Data Breach About Effective Third-Party Risk Management  (Part One of Two)

Companies and law firms are increasingly partnering with vendors and other third parties to outsource formerly in-house functions in order to reduce operating costs and increase focus on core businesses.  But, as Mintz Levin attorneys Cynthia Larose and Peter Day said during a recent webinar, the potential consequences of failing to adequately manage the risks associated with giving third parties access to highly confidential systems and information can be disastrous, as evidenced by the 2013 Target data breach.  In part one of our two-part article series, Larose and Day discuss lessons from Target’s breach and business and regulatory justifications for a strong third-party risk management (TPRM) program.  In part two, they will detail strategies for implementing and monitoring a TPRM program that protects companies’ data – and their clients’ and customers’ data – from third-party security breaches.  See “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two),” Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015); Part Two of Two, Vol. 1, No. 2 (Apr. 22, 2015).

To read the full article

Continue reading your article with a CSLR subscription.