The Epsilon compromise should shine light on the frequently asked question: do I need to be as worried about personal data that is not subject to legal regulation as that is subject to regulation? The answer, of course, depends on the exact nature and type of data to be placed at risk. A growing number of companies are revising their approach to vendor contracts, making sure the contract has strong confidentiality and information security protections for all personally identifiable data, not just regulated data. The potential for guilt by association: if a breach with regard to one type of date (i.e., unregulated data), it may be likely to suffer a breach.”]
Source: https://www.csoonline.com/article/2136657/wake-call-for-data—150–post-epsilon.html