Assessing the cybersecurity risk of your broadcast and publishing partners | Venable LLP
Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to think of the cyber issue as relevant to digital communications and networks, the rules and issues apply with equal force to ordinary paper content provided by the Postal Service, such as subscriber information. , marketing mail, and nonprofit fundraising solicitations.
Increasingly, federal and state laws require that this information be protected by cybersecurity safeguards and require notification to consumers in the event of unauthorized access or breach. Liability and loss of donor and member trust are significant risks that organizations often manage by updating their legal and technical processes to better reflect the modern cyber threat environment.
As business mail and publishing continues to digitize, business operations rely on sharing increasing volumes of data. This includes, for example, sharing subscriber and shipping information with the United States Postal Service (USPS), data aggregators and other partners.
The ability of nonprofit organizations to keep this data confidential from their competitors and to protect the data from unauthorized access or breaches often depends on the resilience not only of organizations’ cybersecurity programs, but also those of the partners with whom they share data.
Compounding this challenge, a growing number of regulations require nonprofits and other entities to maintain internal safeguards for sensitive information and ensure that partners and service providers protect that information. However, it is not always clear how partner organizations adequately protect shared data against unauthorized access, breaches and misuse.
For example, the USPS Inspector General (IG) recently released an audit report that raised serious security concerns for the USPS. The report notes that the USPS’ cybersecurity “lacks maturity, which limits its ability to fully understand its risk exposure and protect the agency from cyberattacks.” According to the IG, these and other issues expose USPS to potential exploitation by malicious actors, which could lead to major data breaches and disruptions.
While the extent to which such alleged USPS security breaches endanger donor/member data and other personal information is unclear, organizations should assess their legal liability, security posture, and their processes to ensure they minimize risk and respond to security breaches and other incidents, including those that may arise with fundraising contractors. The integration of digital and paper-based communication is just beginning, and the issues facing players in these markets are just beginning to surface. Now is the time to take action to protect your data.