Hey, Service Providers! Time To Focus On Your Customer’s Privacy Requirements

The concept of holding service providers accountable is not new. The Health Insurance Portability and Accountability Act ("HIPAA") requires covered entities to enter into contracts with their business associates. However, GDPR and other major privacy laws like CPRA (California), CPA (Colorado), VCDPA (Virginia), which apply broadly to businesses and not just to one sector, have certainly highlighted the importance of this obligation requiring increased scrutiny between organizations and their service providers to meet security and privacy principles. Moreover, pending legislation in Ohio and at least two other states are suggesting Safe Harbor for those that use the National Institute of Standards and Technologies Security and Privacy Frameworks (NIST CSF and NIST PF). If your organization processes personal identifiable information on behalf of your customer -- whether you’re a managed service provider (MSP) who handles backups of your client’s data or you’re providing software that stores sensitive customer data in your application ---you're on the hook to comply with these privacy laws in order to retain customers and make new sales. In this webinar, hear from privacy and compliance experts from Omnistruct and XPAN Law Partners to learn: - Why most MSPs and many SaaS companies would be considered as “data processors” under privacy laws like GDPR and California’s CPRA - The legal obligations and compliance requirements you need to meet if you are considered a “data processor” - How to build a plan to become compliant with privacy laws including GDPR and California’s CPRA - How to use best-in-class privacy frameworks like the NIST Privacy Framework to establish a baseline of security/privacy controls -- to meet your compliance obligations and become more secure