Due Diligence Required: Big Data Can Mean Big Risk

Breaches involving “Big Data,” mass amounts of customer information most often associated with (but not limited to) large retailers or service providers, have upped the stakes considerably in terms of risk and liability issues. In spite of this, mergers and acquisitions among large corporations have continued to increase in our global economy.

Even before potential data theft became such a critical danger area for businesses, there were plenty of risks in acquiring new companies and partners: the threat of fraud, possible harm to reputation, unknown or hidden business practices. Yet the trend toward massive data thefts might represent the most significant risk factor of all. Do any of your partners handle sensitive client information – of their own clients, your clients, or both? Can you ensure that they have effective controls in place to protect their data, and yours?

If the answer is “no,” then you are putting your clients and your company at a significant level of risk. In one shocking case, Gap, Inc. reported that an “unnamed contractor” for the worldwide retailer was responsible for a data breach affecting 800,000 people. When a breach affecting U.S. government employees was revealed this summer, it was the result of an attack against a private contractor. Also, a medical center in Boston fired a contractor after patients' “names, addresses, and medical information, including what drugs they were taking”were posted to a public website by accident.

Naturally, it's not the small, private contractors who end up in the headlines in cases like the above. It's the affected corporations like the Gap who bear the brunt of their reputation being damaged. Also, companies seeking to avoid potential litigation will have to be able to demonstrate that they performed extensive due diligence on their contractors in an effort to avoid such a scenario. To not do so in this climate appears irresponsible at best and downright reckless at worst.

At CRI Group, our due diligence process is designed to find security shortfalls that even your third-party partners themselves may not be aware of. We understand that when you partner with a contractor, you are assuming much of the risk that their controls (or lack thereof) create for your clients and your business. That's why our experts leave no stone unturned in checking their systems, personnel, history and any past incidents to help you be fully informed and aware before entering a partnership.

The next time you seek to make an acquisition or enter into a partnership, ask yourself: How much do you really know about your potential partner? Would you be willing to risk your business on the assumption that they can protect their data – and yours?