Posts Tagged ‘vendor risks’

Be Aware of Risks with Outsourcing to Other Countries

Saturday, October 3rd, 2015

Businesses must be aware of risks with outsourcing to other countries activities involving personal information. Over the past couple of months I’ve heard over a dozen organizations express their opinion that if they hire organizations outside the U.S. to do work for them, then those organizations are not bound by U.S. laws. Most were from small to midsized organizations and startups. But it was somewhat surprising to hear also hear this sentiment from an organization with multiple locations and thousands of employees. This has been an incorrect belief of far too many organizations for decades.

I’ve also had clients in other countries ask about the need to comply with U.S. laws, such as for HIPAA compliance, when they provide services for U.S individuals and/or businesses.  Many believe they do not need to. (more…)

Laptop Containing PII of 1 Million+ People Sold On eBay for $141

Saturday, August 30th, 2008

I’ve been doing a lot of work with data retention and disposal policies and procedures lately, remembering the silly things I have read about with regard to organizations getting rid of their computers, such as selling their computers on eBay when they no longer need them…without removing the information! This is certainly not a phenomenon that is confined to the U.S.
Lo and behold, another situation has happened where an organization sold their old computer on eBay…for a bargain at £77 ($141), and it contained a a huge amount of personally identifiable information (PII), including credit card applications, on what is reported to be as many as over 1 million customers. Here are a few excerpts from the report in Forbes…

(more…)