A commonly overlooked risk that organizations face is consumer information sharing in business to business relationships. The three parties in this relationship are the consumer, the sponsor, and the service provider. Each places the other at great risk if these relationships are not properly structured.
The Consumer
Consumers should take precautions before they share personal, financial, medical, or business information with any individual or organization. First, they should observe the environment around them where they transact or apply for service. Then they should request proof that the organization has taken steps to safeguard their information. Finally, they should only share information legitimately needed for the business at hand. A person’s information is their reputation.
The Sponsor
If you are a sponsor, then you collect information from a consumer and share it with another business. For example, consider the relationship that you have with your credit card processor. You collect credit card information from your customers and pass it along to the processor. (Note: This is just one example of many relationships that you may have.)
When the processor losses that information, your customers will hold you and the processor responsible for damages and legal costs. Moreover, government regulators will hold you responsible for state and federal vendor oversight requirements. Failure to comply leads to fines, penalties, and potential jail time.
The Service Provider
You may be a service provider. A service provider accepts consumer information from another business for the purpose delivering a product or fulfilling a service. For example, a payroll company receives employee information to fulfill payroll obligations.
The law requires sponsors to only share consumer information with businesses that can prove that they have an Identity Theft Prevention Program in place to safeguard personal, financial, medical, and business information. By taking the right action you can protect and grow your organization by attracting “sponsor” businesses looking for a compliant place to share their consumer information.
“A defensible position for vendor oversight must be derived through providing consumers and businesses proof of prudent privacy, security, usage, and response practices.”
A Medium to Large Organization A Small Business
