Sayoko Blodgett-Ford, along with Alexis Goltra, Vice President & Chief Privacy Officer at Oracle, co-chaired the Vendor Management – Priorities, Audits & Security Panel. The event was part of the Boston Bar Association’s inaugural Privacy & Cybersecurity Conference on Wednesday, May 24, 2017 from 9am-4pm at the Courtyard Boston Downtown: http://privacyandcybersecurityconference.bbablogs.org/
The Vendor Management panel featured Scott Semel, recent Executive Vice President and General Counsel at Intralinks Inc. (acquired by Synchronoss Technologies), Andrew Graziani, Senior Legal Director & Senior Privacy Counsel, Cimpress, and Katherine Fick, Privacy/Brand Counsel, IBM Corp. The panel provided practical guidance on management of a vendor privacy & security compliance program, including efficient contract intake, risk assessment, prioritization, audits, and security review (with a focus on encryption). While it has always been important to manage vendors, renewed attention is warranted given the upcoming European General Data Protection Regulation (“GDPR”) requirements and severe potential fines, as well as the stronger emphasis on supply chain risk management in the January 2017 update of the National Institute of Standards and Technologies (“NIST”) Cybersecurity Framework.