Skip to the content

Digital Connectivity and Data Protection in Supply Management


Brett J. Massimino, Ph.D.
Assistant Professor
School of Business
Virginia Commonwealth University

John V. Gray, Ph.D.
Fisher College of Business
The Ohio State University


The intellectual property an organization stores as digital assets ("data") presents a double-edged sword for supply management professionals. On one end, sharing such data throughout a supply chain is necessary for efficient and effective functioning. As such, supply managers face continual pressures to share their most sensitive data to improve their supply chains. Conversely, sharing increasingly valuable data with external organizations renders data management and protection much more complex and important. Given this dilemma, many supply managers struggle with how to manage and protect their shared data. The report Digital Connectivity and Data Protection in Supply Management addresses this struggle and assists by articulating best practices in protecting data shared with suppliers.

A Double-Edged Sword

Contemporary literature — academic and practitioner — has touted the necessity of data sharing to remain competitive. Sharing data with suppliers or vendors facilitates supply chain efficiency, adaptation, and coordination. It can also improve quality and customer service. In new product development, sharing data early and often can also improve the timeliness and effectiveness of innovations. Further, preparing for supply chain risks and disruptions requires sharing real-time data with suppliers. Many emerging technologies in supply management — such as the Internet of Things (IoT) — are also most effective when data is shared across organizations. Given these established benefits and enabling technologies, it is no surprise that contemporary businesses are more connected than ever.

Coupled with this increased sharing is its increased value. Companies now store digitally – and often share with their suppliers — valuable data such as production plans, inventory, product/process designs, real-time process characteristics, forward-looking strategies, and much more. With today's global supply bases – facilitated mainly by digital transmissions – such valuable data are often shared across national boundaries.

Protecting Shared Data

With data sharing's growing importance to an organization's success, supply managers need to develop the capability to protect their shared data. To assess the current state of this capability, extensive reviews were completed of the academic and practitioner literature, the popular press, and databases of breaches. Additionally, the research team interviewed 23 managers from 12 companies.

Based on that, researchers first documented best practices for protecting data within an organization, as these are ostensibly the best understood and documented. Drawing from those best practices, as well as literature on inter-organizational data protection, the interviews, and common best practices associated with other performance dimensions, a set of theoretical best practices for supplier data protection was developed. These span a variety of functional topics: establishing a solid business case for sharing; defending sharing needs; identifying the criticality of the shared data; qualifying and selecting suppliers; developing and negotiating contracts; onboarding; ongoing supplier management; and reassessing, renewing, and terminating the data sharing arrangement. These are labeled "theoretical" best practices, as the interviews unveiled that some of the recommended practices we gleaned from extant literature were not being employed. For each of these topics, researchers assessed the current state of practice and detailed specific actions and areas of improvement that may be considered.

The interviews indicated varying degrees of maturity in data-sharing practices; heavily regulated industries (e.g., defense, food and drugs, and payment processing) maintained quite mature practices. Less regulated industries, in comparison, were generally less mature. Regardless of industry, supplier data protection practices generally lagged behind the sophistication of supplier quality or social responsibility practices.

CAPS members can access the full research report, Digital Connectivity and Data Protection in Supply Management, by clicking here.

CAPS is a B2B nonprofit research center serving supply management leaders at Fortune 1000 companies. CAPS Research inspires leaders with profound discovery and executable strategies to shape the future of supply management. Research reveals the destination, benchmarking charts the course, and networking creates the path to transformation. All CAPS offerings are sales-free, bias-free, and practitioner-driven. CAPS was established in 1986 at the W. P. Carey School of Business at Arizona State University in partnership with the Institute for Supply Management. Learn more at

About the author

CAPS Research

CAPS Research

Take a survey,
get a report

Non-members can receive the report of each survey they submit.
Members can access all reports, but are encouraged to submit surveys to
increase the comparative breakouts only they receive.