Cybersecurity is a growing concern for all organizations, especially those that store, process, and transmit sensitive data. As commercial mailing and publishing continue to digitize, business operations rely on sharing growing volumes of data. This includes, for example, sharing subscriber and mailing information with the U.S. Postal Service (USPS), data aggregators, and other partners.
Increasingly, federal and state laws require that such information be protected with cybersecurity safeguards and require notification to consumers in the event of unauthorized access or breach. Liability and loss of consumer confidence are important risks that organizations often manage by updating their legal and technical processes to better reflect the modern cyber threat environment.
Organizations’ ability to keep these data confidential from competitors, and to protect these data from unauthorized access or breach, often depends not only on the resilience of the organizations’ cybersecurity programs, but also on that of the partners with which they share data.
Compounding this challenge, a growing number of regulations require organizations to maintain internal safeguards for sensitive information, and to ensure that partners and service providers protect such information. However, it is not always clear how partner organizations adequately safeguard shared data from unauthorized access, breach, and misuse.
For example, the inspector general (IG) for the USPS recently released an audit report that raised serious concerns regarding USPS security. The report noted that USPS cybersecurity “lacks maturity, which limits its ability to fully understand its risk exposure and protect the agency from cyberattack.” According to the IG, these and other issues expose USPS to potential exploitation by threat actors, which could result in data breaches and major disruptions.
Although the extent to which such alleged gaps in USPS security put subscriber/mailer and other personal information at risk is unclear, organizations should evaluate their legal liability, security posture, and processes to ensure they minimize risk and respond to security incidents. The integration of digital communications and hard-copy mailing operations has only just begun, and now is the time to take steps to protect your data.
If you’d like to discuss your company’s postal cybersecurity concerns, reach out to Harley Geiger, Matt Field, or Eric Berman. For more insights into advertising law, bookmark our All About Advertising blog and subscribe to our monthly newsletter.