Shawn Tuma's presentation with Christopher Mitchell (of Crowe Horwath) at The Institute of Internal Auditors 9th Annual Fraud Summit. The title of the presentation is The Legal Side of Data Breach and Third Party Risk.
The main point of the presentation is that when a company is breached through the fault of one of its third-party business associates, or other third-parties, the company is still responsible for all of the repercussions arising out of the breach and, at best, will then have to go and pursue its rights against the third party. Thus, companies need to ensure that their business associates and other third parties adhere to proper data security practices and they should be audited to ensure compliance.