close encounters of the third party supplier kind
play

Close Encounters of the Third (Party Supplier) Kind IAPP - PowerPoint PPT Presentation

Sep 24, 2022 •295 likes •649 views

Close Encounters of the Third (Party Supplier) Kind IAPP KnowledgeNet Detroit May 7, 2015 Agenda Intros, announcements and administration Discuss privacy aspects of vendor management process Time permitting open discussion: 2

  1. Close Encounters of the Third (Party Supplier) Kind IAPP KnowledgeNet Detroit May 7, 2015

  2. Agenda • Intros, announcements and administration • Discuss privacy aspects of vendor management process • Time permitting open discussion: 2

  3. Intro Matters • New KnowledgeNet Chairs – Art, Doris, Keith • Meeting dates – May 7, July 29, September 16, November 5 • Upcoming IAPP Academy – Las Vegas September 29 – October 1 • Today’s program 3

  4. Purpose • Provide a forum to discuss privacy aspects of Vendor management • Discuss factors to consider with vendor relationships pertaining to – Vetting, contracting, monitoring and resolving disputes • Engage in an interactive session to highlight concerns and possible solutions from the session learning. 4

  5. Background • Organizations are accountable for the protection and appropriate handling of personal data entrusted to them. • Data protection laws hold organizations accountable for protecting the privacy of any personal data accessed by their data processors or third-party vendors. • Organizations spend resources to screen vendors primarily to: – 1) avoid potential legal liability if the vendor for any reason fails to keep necessary information private; and – (2) avoid of loss of goodwill with customers, employees, and others whose personal information has been entrusted to the organization. 5

  6. Background • Organizations know the personal data protection requirements and obligations they are required to follow. • Organizations want to maintain a comparable level of personal data protection and security from third party vendors. • Organizations must determine what they will require in data protection requirements applicable to the selection of prospective vendors, as well as requirements those vendors are expected to follow. 6

  7. Background • A matrix of requirements applicable to the type(s) of personal data involved will help define necessary protections. • The level of information about a vendor may vary by sensitivity and volume of personal data involved and any special requirements associated with the type of data. • Important to determine and specify the vendor characteristics and your performance requirements to ensure you engage vendors capable of processing and safeguarding the personal data you entrust to them as they work for your organization or on its behalf. 7

  8. VETTING 8

  9. Determining Attributes In determining attributes desired in a vendor, and the standards that could be included in the contractual relationship, consider: – Reputation/Standing in the Community – Geographic location – Industry Specific Experience – Vendor Actual Operations – Audits/Business Reviews 9

  10. Attributes – Reputation Are there recent news stories about the vendor? • What is available through Google or other web searches? • Is there a reporting service with information about the vendor (e.g. • Dunn & Bradstreet type reports, BBB etc.)? How long has the vendor been in business? • Is there litigation in which the vendor is the defendant? • If there is litigation, are there cases other than minor, normal • business matters? Is the vendor publicly traded? If so, do the vendor’s government • document filings provide additional information? Would a failure of the vendor’s business affect the organization? • Has the vendor had data breaches in the past? What were the • circumstances? Have any deficiencies been addressed? 10

  11. Attributes - Geographic location • Where is the vendor located? • Do laws, regulations, trade codes or existing contracts to which your organization is subject affect location? • Does the vendor have an established location? • Is it owned or leased? • How long has the vendor conduct business at the location? • Are there other locations where the vendor does business? 11

  12. Attributes – Industry Specific Experience • Does the vendor have experience in your industry? • How is the vendor regarded by other industry participants? • Does the vendor have necessary or appropriate certifications regarding their service? • Is the vendor certified as compliant to a specific or industry specific standard (e.g. ISO, CPI-DSS, NIST etc.)? • Has the vendor delivered similar services for others and is there a contact or other method to confirm? 12

  13. Attributes - Vendor Operations • Does the vendor have documented processes and procedures for processing personal data? • Has the vendor been subject to any regulatory enforcement or litigation? • Does the vendor have a documented and operational employee training program? • Are vendor employees required to sign non-disclosure agreements or confidentiality agreements? • Are there any special industry-imposed requirements and have they been met? • Will the vendor need to certify compliance with applicable industry regulations or other similar requirements? 13

  14. Attributes - Vendor Operations If the industry or business sector your organization participates • requires a written contractual undertaking or determination of a particular status (e.g. HIPAA BA, GLBA Supplier) will the vendor or agree to execute the necessary agreement? Is the vendor a member or participant in professional or trade • associates that require maintenance and adherence to specified standards? (e.g. DMA, NAB, BBB, etc.) Will any aspect of the vendor’s services be subject to • subcontracting? If the vendor uses subcontractors, where are the sub-contractors • located? If the subcontractors are in other countries, what is the anticipated reaction of your organization’s customers? Will there be any adverse consequences from a business standpoint to your organization? 14

  15. Attributes - Vendor Operations • Will the vendor use cloud services in its delivery of services? • If so, what form of cloud services are used (private cloud, public cloud or some other form)? • How is the information in the cloud protected? • Will your organization’s personal data be comingled with the personal data of other clients of the vendor? • What type of data segregation will the vendor use? Logic, separate devices, other methods? • Will vendor’s IT personnel be segregated by vendor client or will the employees have access to personal data from multiple clients? 15

  16. Attributes - Vendor Operations • Does the vendor have a written data security plan? • Does vendor have a physical security plan? • Does the vendor have a written administrative security plan? • Does the vendor have a written business continuity plan? – Has the plan been used? – If so, when was the last time? – When was the last time the plan was tested through a table top or similar exercise? 16

  17. Attributes - Audits/Business Reviews • When was the vendor’s last SOC II audit? • Does the vendor have a SOC II audit sufficient to address the services it will provide for your organization? • Will they provide a copy of the audit or arrange an audit to address your concerns? • Does the audit address the obligations or personal data processing your organization will contract to have them deliver? • Annual or regular recertification? 17

  18. Attributes – Use of Tools • Supplier Information Gathering Questionnaire (SIG) Supplier Information – Comes in multiple version e.g. SIG Lite – Standardized and computerized – SIG Lite addresses 13 categories with 68 questions • SIG information online • Nymity Privacy Management Accountability Tool • Others 18

  19. Attributes – Use of Tools • Supplier Information Gathering Questionnaire (SIG) Supplier Information – Comes in multiple version e.g. SIG Lite – Standardized and computerized – SIG Lite addresses 13 categories with 68 questions • SIG information online • Nymity Privacy Management Accountability Tool • Others 19

  20. CONTRACTING 20

  21. Contracting • Create and maintain contract templates that address data privacy obligations so they are consistent across similar vendors – different contract templates may be created for different classes of vendors and different types of personal data (e.g. sensitive, non-sensitive) and – address data protection legal requirements 21

  22. Contracting Topics • Data protection responsibilities – acceptable use of personal data – use of subcontractors – restrictions on further transfers, disclosures or uses, • Data security requirements, • Data disposal at contract-end, and • Breach response obligations 22

  23. Considerations in Template Contracts Creation and Content • Access, review, correction and choice • Audit • Business continuity • Compliance with law • Definitions • Incident processing and breach response • Indemnification • International transfers of personal data to processing vendors 23

  24. Considerations in Template Contracts Creation and Content • International transfers of personal data to processing vendors • Post termination • Damages • Security • Service specification • Term and Termination • Use limits • Vendor employees • Vendor sub-contracting 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OCELOTL: CLOSE ENCOUNTERS OF THE THIRD KIND 8th International Parallel Tools Workshop 1st

OCELOTL: CLOSE ENCOUNTERS OF THE THIRD KIND 8th International Parallel Tools Workshop 1st

OCELOTL: LARGE TRACE OVERVIEWS BASED ON MULTIDIMENSIONAL DATA AGGREGATION OCELOTL: CLOSE ENCOUNTERS OF THE THIRD KIND 8th International Parallel Tools Workshop 1st October 2014 Damien Dosimont 1 2 , Youenn Corre 1 2 , Lucas M. Schnorr 3 ,

611 views • 46 slides
Close Encounters of a Special Kind Aussois Workshop Manfred Padberg Memorial Session January 6,

Close Encounters of a Special Kind Aussois Workshop Manfred Padberg Memorial Session January 6,

Close Encounters of a Special Kind Aussois Workshop Manfred Padberg Memorial Session January 6, 2015 Martin Grtschel Zuse-Institut, M ATHEON & TU Berlin 1 Contents 1. Introduction 2. Brief CV 3. My first encounter with Manfred:

1.37k views • 101 slides
An encounter with the temple traders John 2:16 ACC AUTUMN SERMON SERIES 2019 CLOSE ENCOUNTERS OF

An encounter with the temple traders John 2:16 ACC AUTUMN SERMON SERIES 2019 CLOSE ENCOUNTERS OF

An encounter with the temple traders John 2:16 ACC AUTUMN SERMON SERIES 2019 CLOSE ENCOUNTERS OF THE CHRIST KIND T o learn how following Jesus & spending time with him awks causes us to share our faith with others. Finding out why

288 views • 16 slides
Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD

Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD

Close Encounters Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD Argyle Community Church Autumn 2019 Sermon Series An encounter with the Jewish Leaders John 5:3940 ACC AU TUMN SERMON SERIES

406 views • 17 slides
Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD

Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD

Close Encounters Of the Christ kind H O W A N ENCOU NT E R W I T H J E SUS DR AWS U S C L OS E R T O G OD Argyle Community Church Autumn 2019 Sermon Series An encounter with the disciples John 15:117 ACC AU TUMN SERMON SERIES 2019

591 views • 18 slides
Close Encounters with Non-Normal Worlds Franz Berto F.Berto@uva.nl f.berto@abdn.ac.uk 1 0.

Close Encounters with Non-Normal Worlds Franz Berto F.Berto@uva.nl f.berto@abdn.ac.uk 1 0.

Logic, Language, and Computation 2014 Close Encounters with Non-Normal Worlds Franz Berto F.Berto@uva.nl f.berto@abdn.ac.uk 1 0. What are they? (Definitions) 1. Why should we have them around? 2. The logic(s) 3. Back to metaphysics 4.

707 views • 33 slides
CLOSE ENCOUNTERS BETWEEN REQUIREMENTS AND SYSML EclipseCon France 2016 | Mauricio Alferez and

CLOSE ENCOUNTERS BETWEEN REQUIREMENTS AND SYSML EclipseCon France 2016 | Mauricio Alferez and

CLOSE ENCOUNTERS BETWEEN REQUIREMENTS AND SYSML EclipseCon France 2016 | Mauricio Alferez and Patrick Tessier WHAT WE DO Papyrus REQ = Papyrus for Requirements A set of Eclipse plugins for model-based requirements engineering integrated in the

532 views • 32 slides
Foreign Supplier Verification & Third Party Certification Allen Sayler, Vice President,

Foreign Supplier Verification & Third Party Certification Allen Sayler, Vice President,

FSMAs Update: Proposed Preventive Controls, Foreign Supplier Verification & Third Party Certification Allen Sayler, Vice President, Center for Food Safety & Regulatory Solutions, ( CFSRS ) Woodbridge, Virginia asayler@cfsrs.com

470 views • 24 slides
Close E Encou ounter ers o of t the e Reptile K Kind: Two Cases of Enteric Zoonoses in New

Close E Encou ounter ers o of t the e Reptile K Kind: Two Cases of Enteric Zoonoses in New

Close E Encou ounter ers o of t the e Reptile K Kind: Two Cases of Enteric Zoonoses in New Mexico Nicole West Arizona Infectious Disease Training and Exercise July 23, 2015 Salmonellosis Salmonella spp. cause 1 million illnesses,

359 views • 15 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
Encounters Shop Andover Findings and Recommendations Ruth Ben-Tovim Creative Director Encounters

Encounters Shop Andover Findings and Recommendations Ruth Ben-Tovim Creative Director Encounters

Encounters Shop Andover Findings and Recommendations Ruth Ben-Tovim Creative Director Encounters Arts Overview From 15th May - 16th June Encounters Arts set up shop at 91 High Street to engage local residents Commissioned by Test Valley

538 views • 19 slides
Whether it is a Launch, a Business Presentation, any kind of Product Presentation, you have

Whether it is a Launch, a Business Presentation, any kind of Product Presentation, you have

HOW TO CLOSE A GROUP PRESENTATION As your presentation comes to a close, it is time for you to get ASKING with purpose. Whether it is a Launch, a Business Presentation, any kind of Product Presentation, you have had your eyes and ears

210 views • 4 slides
Last time System F K 1 is a kind K 2 is a kind -kind K 1 K 2 is a kind A :: K 1

Last time System F K 1 is a kind K 2 is a kind -kind K 1 K 2 is a kind A :: K 1

Last time System F K 1 is a kind K 2 is a kind -kind K 1 K 2 is a kind A :: K 1 K 2 , :: K 1 A :: K 2 B :: K 1 -intro -elim :: K 1 . A :: K 1 K 2 A B :: K 2 (and encoding data

851 views • 62 slides
Encounters with Law Enforcement: Know Your Rights! Patricia Y. Hernandez Attorney at Law

Encounters with Law Enforcement: Know Your Rights! Patricia Y. Hernandez Attorney at Law

University of Toledo Catharine S. Eberly Center for Women Encounters with Law Enforcement: Know Your Rights! Patricia Y. Hernandez Attorney at Law September 27, 2019 Agenda Introduction Encounters with Law Enforcement: Police

313 views • 27 slides
Problem Formulation Organization of Parts and Manufacturing Facilities Supplier S 1 External

Problem Formulation Organization of Parts and Manufacturing Facilities Supplier S 1 External

Problem Formulation Organization of Parts and Manufacturing Facilities Supplier S 1 External Supplier Supplier S 2 Supplier S 3 Internal Composite Supplier Supplier S 4 Supplier S 5 Internal External Atomic Supplier Supplier Final Final

352 views • 12 slides
YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The

YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The

YOUR SUPPLIER PORTAL FOR BOTH IN AND OUTBOUND MANUFACTURING YO U R SUPPLIER PORTAL The portal digitally handles both your incoming purchases and works as customer portal for sales. Register all your current subcontractors and

585 views • 13 slides
Article Lessons from SWIFT: the 'controller' v 'processor' dilemma Jan 09 2008 Bridget C. Treacy

Article Lessons from SWIFT: the 'controller' v 'processor' dilemma Jan 09 2008 Bridget C. Treacy

Article Lessons from SWIFT: the 'controller' v 'processor' dilemma Jan 09 2008 Bridget C. Treacy Bridget Treacy Data protection issues dominated the news at the end of 2007 after the UK government admitted that it lost the data of 25 million

387 views • 3 slides
General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps

General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps

General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps (4) Q&A [GDPR] lays down rules relating to the protection of natural persons with regard to the processing of personal data and the free

759 views • 47 slides
Half Year Results Presentation FOR THE HALF YEAR ENDED 30 JUNE 2019 Disclaimer About this

Half Year Results Presentation FOR THE HALF YEAR ENDED 30 JUNE 2019 Disclaimer About this

For personal use only Half Year Results Presentation FOR THE HALF YEAR ENDED 30 JUNE 2019 Disclaimer About this Presentation For personal use only This presentation and these materials (together the Presentation) is general background

364 views • 17 slides
Summer Curriculum Projects November 21, 2016 1 The Purpose To promote the development of

Summer Curriculum Projects November 21, 2016 1 The Purpose To promote the development of

Blind Brook-Rye UFSD Summer Curriculum Projects November 21, 2016 1 The Purpose To promote the development of dynamic and enriching curriculum. The projects undertaken would not be possible to complete during the regular school day. Summer

574 views • 14 slides
The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially

The importance of personal data protection Personal data are accessed and processed exponentially Abuse of personal data exploded Risk of data theft, piracy New Cambridge Analytica scandal almost every week Need to

293 views • 14 slides
Why Digital Thread? 9.3 Game Changers Digital Thread and Digital Twin DISTRIBUTION STATEMENT A.

Why Digital Thread? 9.3 Game Changers Digital Thread and Digital Twin DISTRIBUTION STATEMENT A.

Why Digital Thread? 9.3 Game Changers Digital Thread and Digital Twin DISTRIBUTION STATEMENT A. Approved for Public Release - Case Number: 88ABW-2014-0721; Distribution is Unlimited DISTRIBUTION STATEMENT A. Approved for Public Release -

612 views • 6 slides
Reinforcing Bar Couplers Why use Couplers? Reinforcing bar couplers have many

Reinforcing Bar Couplers Why use Couplers? Reinforcing bar couplers have many

Reinforcing Bar Couplers Why use Couplers? Reinforcing bar couplers have many advantages over lapped joints because they: allow coupled bars to perform as an integral unit minimise steel congestion, particularly when using

978 views • 70 slides
Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are

Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are

Chapter 8 Applying Thread Pools Magnus Andersson Execution policies Not all task are suitable for all execution policies Dependent task Task exploiting thread confinement Response time sensitive tasks ThreadLocal tasks

358 views • 32 slides

More recommend