After their privacy snafu earlier this year, the Veterans Affair department is now imposing new requirements on how their contractors secure data. This is absolutely a best practice, and a new Forrester report will be published soon describing all of the issues you should consider when third parties are using your private information. These include:

  1. Training for proper data handling, just as you train your internal employees
  2. Right to audit to ensure they are following any processes you require.
  3. Technical security requirements for data at rest or in transit, such as encryption.

All precautions you’re using internally are worthless if the data is walking out the door of your contractors. Contracts can help you recover costs, but the damage to your reputation will already be done.