Due to data breaches, protection of personal and health information has become a vexing issue. Numerous organisations, including health care industries have lost sensitive data. The data typically includes details of vendors, patients, staff, health id numbers, contractors, etc. When such data loss happens at a hospital, the hospital in question usually apologizes for the inconvenience that staff and patient have faced due to the data breach. In some cases, they try to shift the responsibility to some other entity, claiming that the data theft was a “result of negligence by an outside contractor” that was initially hired as an “expert” in handing sensitive data.
But, does shifting blame to a third party right? Third party companies are selected due to their surety to store and handle sensitive data properly to begin with. They make their living handling such data and it is not in their best interest to lose any data.
To gain the trust of affected individuals, some vendors who lost data due to breach, take the responsibility of providing timely information and offer credit monitoring services for the affected accounts. Providing these services shows that the company has taken the responsibility and acted on it to calm down individuals, who are worried about their sensitive data.
While the vendor has acted to address its responsibilities to communicate affected accounts according to legal mandates and federal regulations, the fact is that sensitive data, including identities have been stolen. It is annoying that theft of information will impact on affected parties for a longer period of time. There is the possibility that the affected parties can sue the organization for negligence for a millions of dollars. Such type of incidents raise questions about data security and precautions against data breaches.
• Is it good to share sensitive information with third parties for data storage?
• How do third parties give assurance to organizations that data will be protected and will never be accessed inappropriately or misused?
• What is the liability of a third party for the data in their custody and what type of charges can be applied when information is misused?
Though the answers of these queries are not easy, the popularity of cloud storage services, as third party service providers, has brought these questions to the forefront.
Enterprises trusting their data to third parties must make an effort to ensure that the data is safe and secure. Enterprises should spend their time and energy to weigh up the reliability of the third party and their data protection claims. Here are some questions that can help in searching suitable third part cloud storage service:
• What is the method of data storage in repository?
• Is the encryption methodology certified by a reliable authority?
• How do people access sensitive data and who has access to the data?
• What are the liabilities and rights of an organization in case of data breaches?
• Does the vendor share sensitive data with anyone? If so, with whom and why?
• Does the secure cryptographic mode of data security are really impregnable or not?
• Does assurance of sensitive information protection check in veracity by service vendors?
• Does the vendor take the responsibility of data protection and guarantee of data breaches due to negligence?
When your company gets the answers of these questions, it becomes easy to evaluate your service provider and their security protocol. Answers to these questions will help in understanding the level of data security and selecting the suitable service to protect sensitive information.