Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
When you enter into a contract with a vendor that will access, use or disclose your customer or employee personal information, assume that you are responsible for any unauthorized access to, use, or disclosure of that protected information, whether by the vendor or a third party. This is true if the vendor or its employees misuse the protected information directly or if the vendor is hacked, as with Target’s HVAC provider. In that incident, the HVAC company didn’t even have direct access to protected information; the hackers allegedly worked their way from the HVAC vendor’s computer into Target’s vendor system and then into a protected database.