The Vendor Who “Helped” by Exporting Everything
A helpful vendor sending a CSV via email is not a service; it is a breach waiting to happen. We discuss how to stop the proliferation of uncontrolled copies.
The “Helpful” Breach
You are struggling with an integration. The software is clunky. You complain to support.
Ten minutes later, an email arrives from your account manager: “Hi there! I went ahead and exported the full client list for you so you can check the formatting. See attached: All_Clients_Full_Export.csv.”
You smile. They solved the problem.
Stop smiling. You have just witnessed a compliance disaster.
That file now lives in their “Sent” folder. It lives in your “Inbox.” It lives in your “Downloads” folder. It lives on the email server of every intermediary between you and them. And it is entirely unencrypted.
We accept this because it feels like service. Enfin, it is actually negligence.
When a vendor treats your data with this level of casualness, they are not helping you; they are exposing you. They are taking your most valuable asset—your client list—and throwing it out the window to see if it flies.
The Liability: The Uncontrolled Copy
The problem with digital data is that it multiplies effortlessly.
Every time a vendor “exports” data to help you, a new, uncontrolled copy is born. This copy does not follow your retention policy. It does not have your access controls. It is a rogue element.
[Image of a data flow diagram showing a ‘Secure Database’ leaking into multiple ‘Uncontrolled CSVs’ via email]
If that vendor gets hacked next year, that “helpful” CSV from 2025 will be leaked. Your clients will not care that the vendor was trying to be nice. They will care that you allowed their private details to wander out of the secure environment.
This is not agility. This is a loss of chain of custody.
The Safeguard: The Ironclad Handshake
To operate with class, we must retrain our vendors. We do not ask for speed at the expense of safety. We demand Process Hygiene.
We implement three non-negotiable rules:
- The No-Export Clause: Our contract states explicitly that raw data exports are never to be sent via email. If a transfer is needed, it goes through a secure, encrypted tunnel (handled by a specialist like Lars).
- The Principle of Least Privilege: If the vendor needs to check formatting, they do not need the full database. They need three dummy rows. Give them the dummy rows.
- The Certificate of Destruction: When the project ends, the vendor does not just “close the account.” They sign a document confirming that all local copies, exports, and backups have been purged.
This might feel stiff. It might feel “difficult.”
But remember: you are not paying them to be your friends. You are paying them to process your data. If they cannot handle that responsibility with the gravity it deserves, they are not enterprise partners. They are amateurs.
Protect your perimeter.
FAQs
Is it really unsafe to email a CSV?
Yes. Email is like a postcard. Anyone handling the mail can read it. Never send client lists via postcard.
How should we transfer data then?
Secure, encrypted portals with expiring links. If the vendor cannot support this, find a new vendor.
What if the vendor refuses to sign a deletion agreement?
Then you refuse to sign the check. You are the client; you set the standard.