Nearly every organization uses third-party companies to handle some function whether it’s sending billions of emails or processing private information such as medical, financial or otherwise personally identifiable information. Headlines continue to circle around yet another third-party data breach in what will likely remain an ongoing sore point for organizations that use third-party companies. Recent stats from the Ponemon Institute’s Cost of a Data Breach report indicate that 39 percent of data breaches involve third-party outsourcers.  Third-party servicers generally try to do their best to protect information, but often fall short. Much of the time, it’s due to the fact that they’re not behaving or thinking like the company(s) they do business for, especially those with regulatory or industry regulations or standards.

What’s interesting is that many of the companies that outsource these functions seem to rely on either contractual language in the agreements and/or perform cursory assessments of those third parties before agreements are signed.