In the age of endless supply chain attacks, a strong cybersecurity program involves an established process for identifying and managing risks from third-party service providers. Demonstrating an effective third-party risk management in this context is not limited to preparing the paperwork alone. It also means understanding and monitoring the actual practices of the third-party service providers at hand and continuing to seek further improvements.
Growing seeds of conflict — whistleblowers and creative litigants
The days of only widely publicized data breaches leading to relatively simple class action lawsuits are far behind us. There has been a proliferation of cybersecurity and privacy claims due to the increasing number of laws and regulations alongside creative arguments manifested in government enforcement initiatives, strike forces and lawsuits making use of broad interpretation of old laws.
The False Claims Act, originally of the Civil War era, illustrates this point. Federal government (and state governments with their corresponding laws), may rely on private whistleblowers who make qui tam filings on behalf of the government under this law. In fact, the Department of Justice is looking to rely on whistleblowers as key sources for detecting potential noncompliance related to cybersecurity. State regulators are evaluating how this approach may be replicated not only under the state False Claims Act, but in other state laws. Many state regulators rely heavily on consumer complaints in forming the agenda. As the world becomes more cybersecurity and privacy-conscious, inaccurate statements around cybersecurity and privacy are projected to have greater impact.
Click Here For The Original Source.
