No great surprises, but a new survey, Securing Outsourced Consumer Data,commissioned by Experian Data Breach Resolution and conducted by the Ponemon Institute reveals that many organizations (46%) do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information.
The survey polled nearly 750 individuals in organizations that transfer consumer data to third-party vendors.
When sharing sensitive and confidential consumer information, nearly half of respondents (49%) said that they do not monitor — or are unsure whether their organization monitors — vendor security and privacy practices. Additional key findings from the survey include:
- Outsourcing consumer information demands oversight — Survey results indicate that organizations that transfer or share consumer data with vendors experience data breaches more often than not
- Sixty-five percent of respondents said their organization had a data breach involving the loss or theft of their organization’s information, and the majority (64%) report that it has happened more than once
- Sixty-four percent of respondents reported their organization has experienced more than one data breach
- Training is essential to protect against data breaches — Causes for data breaches can be reduced significantly through enforcement of policies and effective training
- Forty-five percent of respondents reported negligence as the root cause of third-party data breaches
- Forty percent of data breaches were the result of lost or stolen devices
- Security and control procedures need improvement
- More than half of respondents (56%) said their organization learned about a data breach accidentally
- Only 27 percent said the organization’s security and control procedures uncovered the incident; only 23 percent said the vendor’s security and control procedures alerted the organization to a breach
To access the full report, Securing Outsourced Consumer Data, visithttp://www.Experian.com/ConsumerDataStudy.
I don’t like these Saps. They have all of our contact information and they at their discretion sends it to 3rd party advertisers which is unethical in my opinion. When I open up a piece of – – – – junkmail and look on the “opt out” and see a relationship to a credit reporting agency, that’s over the line.
Anything the foul credit reporting agency has to say is crap IMO.