Manufacturers face data privacy requirements for the personal data they might keep on employees or third parties. Those demands come from source such as: HIPAA, the Gramm-Leach-Bliley Act, the EU General Data Protection Regulation, and state breach disclosure laws.

Manufacturers also need strong assurance over the security of subcontractors, technology vendors, and other business partners that might touch the companies valuable intellectual property. Suppliers to the Defense Department, for example, must meet the NIST cybersecurity standards to maintain DFARS compliance and their eligibility to bid on government contracts. That security must extend down through a manufacturer’s supply chain.

Finally, manufacturers also have reporting requirements around product safety from agencies such as the Consumer Products Safety Commission as well as environmental, health, and safety standards from agencies such as OSHA or the EPA. If that data is stored or processed with outside technology vendors, the security of those vendors must be assured as well.

So manufacturers not only have a large regulatory burden but they have a diverse burden that cuts across different types of data and risk.