Data security extends beyond your company’s internal operations. You also need to keep a watchful eye on service providers you hire. Includes tips for working with service providers to keep your data safe. ******************************************** Transcript: [MUSIC PLAYING] Data security for your business extends beyond your company’s internal operations. It’s critical to also keep a watchful eye on the service providers you hire. These might include the businesses you engage to develop your apps, or the companies that process the personal information you collect from your customers. The Start with Security video series and resources at business.ftc.gov offer valuable tips for working with providers and implementing policies to keep your data safe. To begin, it’s always smart to set clear expectations. Put your security requirements in writing as part of any service provider contract. In one FTC case, a transcription company failed to include language requiring its contractors to implement reasonable security measures, like encryption. As a result, files containing highly confidential health information, including psychiatric notes and children’s medical exams, were exposed on the internet. Once you have written service provider requirements in place, verify them by building oversight into your process. A college savings company’s failure to verify lead to an FTC case. The program issued personalized offers through a toolbar that collected customers’ browsing information. The company promised that any personally identifiable information would be removed before transmission, and that any data would be encrypted in transit. However, the college savings company didn’t check to confirm that the firm it hired to design the toolbar followed through on these promises. The toolbar actually transmitted the data collected– customer’s personal data as well as their browsing information– in clear text. So when you’re working with a service provider on new features or apps, ask questions and follow up during the development process. To keep service providers in line with your security standards, set reasonable expectations, select firms that can meet these expectations, and put processes in place to hold them to their word. For more useful tips about crafting and enforcing policies for service providers, and building a culture of data security in your business, visit ftc.gov/startwithsecurity ******************************************** Comment Moderation Policy We welcome your comments and thoughts about the information on this page. If you do have something to say, please be courteous and respectful to other commenters. We won’t routinely review or edit any comments before they are posted, but we will delete any comments that: 1) contain spam or are off-topic 2) use vulgar language or offensive terms that target specific groups or contain personal attacks 3) are sales pitches, promotions, urls or links to commercial sites 4) spread clearly misleading or false information or 5) include personal information, like home addresses