by Daniel J. Solove
In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider.
Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible for the actions of their independent contractors. But even though an organization might have to pick up the tab, it can still put all the blame on the vendor.