I Know You’re in a Hurry but Before You Decide…

June 9, 2022

When hiring a typical service provider – a painter or carpet cleaner, for instance – it’s expected that you’ll have questions. How much will it cost? When can you be here? How long will it take?

There are some services, however – like those where you entrust the vendor with regulated, personal information – where regulations require you to investigate more thoroughly before making a decision.

Every organization is legally responsible to protect the personal information of their clients and employees. And, it just so happens, the laws requiring this, also require that the security and compliance of data-related service providers be evaluated before they are hired. As a result, those typical question, such as how much it costs or when they can get there are secondary. In fact, to give a service provider access to other people’s personal information based solely on price or availability is risky and negligent at best… and illegal at worst.

So, while price and availability can certainly be considered when hiring a data-related service provider, it is more important to verify they are certified by a reputable third-party organization and that you obtain their written policies and procedures, and that you review their terms and conditions, and to retain evidence that these items were verified.

(Here are the types of questions NAID AAA Certification or PRISM Privacy+ Certification ask.)


Robert Johnson, CSDS, is the CEO of i-SIGMA, and is widely considered one of the leading authorities on information disposition and regulatory compliance.