The spotlight is now shining on your third party relationships and the data you share

March 27, 2018

Although sharing information with third party applications, service providers, and partners has been going on years, the world just became acutely aware of how much is on the line when third party access goes wrong. With the recent news highlighting major companies battling to maintain the trust of their users while the spotlight shines on unauthorized sharing of data, the stakes for scrutinizing third party relationships just got exponentially higher. Not only do investors care (as evidenced by ~$50 billion in Facebook market cap evaporating last week), but end-users are more concerned than ever about what information the companies they trust are sharing with the third parties in their ecosystem.

In the wake of the announcement of the Facebook data scandal involving information on 50 million users leaked by one of Facebook’s third parties (Cambridge Analytica), Facebook is investigating every single app that had access to large amounts of data during the timeframe in question. This type of scrutiny on third parties with data access is now becoming table stakes for companies in every industry.

So what is happening in the news related to this topic and what should be done about it?

  • The #DeleteFacebook campaign goes viral over concerns about third party access to user data
  • Facebook takes out one-page ads in multiple newspapers apologizing and explaining that it is now “limiting the data apps get when users sign in” and “investigating every single app that had access to large amounts of data before it fixed the problem.”
  • Tesla’s chief executive Elon Musk made the news by announcing that his personal Facebook and company Facebook pages were to be deleted due to the lack of personal information security.
  • The timing of this incident is important in relation to the pending deadline of GDPR, which contains requirements for companies to perform due diligence on every third party with access to personal data of EU citizens or else be subject to significant fines.

Incidents such as these highlight the reasons why information security, data privacy, and third party risk management are quickly becoming a significant priority for companies. The security posture and actions of third party vendor relationships have proven to be as potentially harmful as many other traditional areas of the cybersecurity landscape, and vendor risk assessments are becoming a necessity.

If you feel that it is time to make sure your company has a third party risk management program in place to assess the risks that exist in your third party ecosystem, Whistic may be able to help.

Ready to Learn More?

Check out our resources below for more third party vendor best practices and insights on how your organization can effectively approach security assessments.


Why Third Party Security is Critically Important

Request a Live Demo with a Whistic Product Specialist

third party risk vendor risk facebook scandal facebook data privacy

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.