Privacy Advisor

KnowledgeNet

October 1, 2008

Miami KnowledgeNet: Managing vendors to ensure privacy

By Luis Salazar

Tropical storm Faye delayed, but didn't dampen the first-ever Miami KnowledgeNet event on August 27. Ten IAPP members attended, including Emmet Lange, Betsy Paneque, Robert Kantor, Carlos Echeverri, Miriam Lang, Ricardo Johnson, Jorge Rey and Luis Salazar. Sunera LLC Director Eric Dietrich presented "Managing Vendors to Ensure Data Security and Privacy."

Managing vendors has become a core concern for privacy professionals due to regulator focus on this issue and the inherent privacy and security weaknesses that vendors often bring with them. Eric and Sunera were particularly well suited to present on this topic. Eric has developed and implemented privacy and security programs for multi-national organizations, assisting them in their effort to become compliant with local and international data privacy laws. He has experience performing data privacy risk assessments, privacy awareness training sessions, policy development and data breach due diligence. Sunera, a Silver IAPP sponsor, is a provider of business and technology risk consulting services throughout the United States, Canada and the United Kingdom. They are dedicated to helping organizations achieve and sustain cost-effective corporate governance by delivering innovative solutions tailored to clients' needs.

Eric's comprehensive presentation provided attendees with a framework to analyze potential vendor issues, along with best practices to embrace and pitfalls to avoid. In particular, participants found Eric's security consideration checklist a great resource.

During the lively presentation, many attendees agreed that they faced similar challenges at their companies. Executives often first selected providers and then asked security and practice groups to review the provider's practices, or legacy providers resist audit efforts seeking to ensure that their security practices are at required levels.

Assuming Miami survives hurricane season, the KnowledgeNet intends to meet once again before the end of the year.

For more information on IAPP networking events in your area, please visit: www.privacyassociation.org and click on "network."