Data has become an extremely valuable commodity.

The act of data management has also become increasingly complex, especially as there’s data collection inherently in almost everything these days. And with this, concerns over data privacy, security, and compliance have also grown – rightfully so.

Here are some considerations to ask third-party partners and vendors when embarking on a partnership:

• Where is the data being housed? In Canada or offshore? Although there is no right answer here, many prefer data storage in Canada. Not only is there an economic benefit to our country, but Canada has strict privacy laws.
• What type of data is collected from users, especially personal data? How is this data used by the organization?
• Who has access to this information – both from the partner side and your own organization?
• How often is access reviewed to ensure that only those requiring the information have access? It's recommended that you review on an annual basis at a minimum; depending on the data and turnover within your company, you may even want to review your team’s access on a quarterly basis to ensure that only those requiring access have it, and ensure that your team has the right level of access to perform their job successfully.
• How long is the data stored? Is there a destruction date, and what is the process?
• What sort of policies and processes are in place to protect data, i.e., from cybersecurity threats, to ensure business continuity and redundancies to prevent disruptions, etc.?
• If you decide to end the partnership, who retains the data – your organization or the partner? What is the process for you to download the data? 

Proceed to ask your team the same questions above to ensure that your organization is retaining information properly – and that everyone is aligned with the approach. 

There are no right or wrong answers to the above questions…it really depends on the needs of your team and what you think is acceptable – but it is essential to ask the right questions.