Securing Outsourced Consumer Data

No great surprises, but a new survey, Securing Outsourced Consumer Data,commissioned by Experian Data Breach Resolution and conducted by the Ponemon Institute reveals that many organizations (46%) do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information.

The survey polled nearly 750 individuals in organizations that transfer consumer data to third-party vendors.

When sharing sensitive and confidential consumer information, nearly half of respondents (49%) said that they do not monitor — or are unsure whether their organization monitors — vendor security and privacy practices. Additional key findings from the survey include:

  • Outsourcing consumer information demands oversight — Survey results indicate that organizations that transfer or share consumer data with vendors experience data breaches more often than not
    • Sixty-five percent of respondents said their organization had a data breach involving the loss or theft of their organization’s information, and the majority (64%) report that it has happened more than once
    • Sixty-four percent of respondents reported their organization has experienced more than one data breach
  • Training is essential to protect against data breaches — Causes for data breaches can be reduced significantly through enforcement of policies and effective training
    • Forty-five percent of respondents reported negligence as the root cause of third-party data breaches
    • Forty percent of data breaches were the result of lost or stolen devices
  • Security and control procedures need improvement
    • More than half of respondents (56%) said their organization learned about a data breach accidentally
    • Only 27 percent said the organization’s security and control procedures uncovered the incident; only 23 percent said the vendor’s security and control procedures alerted the organization to a breach

To access the full report, Securing Outsourced Consumer Data, visit

About the author: Dissent

Has one comment to “Securing Outsourced Consumer Data”

You can leave a reply or Trackback this post.
  1. IA Eng - February 26, 2013

    I don’t like these Saps. They have all of our contact information and they at their discretion sends it to 3rd party advertisers which is unethical in my opinion. When I open up a piece of – – – – junkmail and look on the “opt out” and see a relationship to a credit reporting agency, that’s over the line.

    Anything the foul credit reporting agency has to say is crap IMO.

Comments are closed.