Secure Your Outsourcing Practices to Prevent Data Breaches

by Guest Contributor 3 min read April 15, 2013

Outsourcing can be risky business. The Ponemon Institute reports that 65% of companies who outsourced work to a vendor have had adata breachinvolving consumer data and 64% say it has happened more than once. Their study,Securing Outsourced Consumer Data,sponsored byExperian® Data Breach Resolutionalso found that the most common cause for breaches were negligence and lost or stolen devices. Despite the gravity of these errors, only 38 percent of businesses asked their vendor to fix the problems that led to the breach and surprisingly, 56% of the companies learned about the data breach accidentally instead of through security protocols and control procedures.

These findings come from a survey of 748 people in a supervisory (or higher) job who work in vendor management at companies that share or transfer consumer data mainly for marketing, finance and outsourced IT operations including cloud services and payment processing. The survey also polled the vendors and 57% of them reported that they in turn, outsourced work to a third party. 23% of vendors could not tell how often data loss happened which is a sign that they don’t have proper procedures and policies in place to know when incidents occur. When asked about theirdata breach notificationpractices, only 16 percent of vendors said they immediately notified their client after the breach investigation with 25 percent saying they don’t even tell clients aboutbreaches of data.

Keeping all work and information in house is not feasible in today’s multi-corporate companies, and outsourcing is a business reality, however, all parties have a responsibility to protect the sensitive and confidential data that is entrusted to them. When outsourcing consumer data to vendors, here are a few guidelines companies need to follow to safeguard the information:

1. Make sure you hold vendors to the same security standards as your own in-house security policies and practices.

2. Make sure the vendor has appropriate security and controls procedures in place to monitor potential threats.

3. Audit the vendor’s security and privacy practices and make sure in your contract with them, the vendor is legally obligated to fix data problems should a breach occur including notifying consumers.

4. Monitor the security and privacy practices of vendors you work with especially if you share consumer data with them.

5. Require background checks for vendor employees who have access to confidential information.

The goal of this study was to better understand what companies are doing to protect consumer data they outsource and where improvements could be made to insure privacy and security when sharing private information with third parties. The solution seems to be that all parties must first agree thatdata privacy and protectionis paramount and then work toward the mutual goal of achieving responsible privacy and security practices.

Related Posts

Explore how Experian Verify Hub is simplifying income and employment verification as Sophia Cheung shares insights on reducing complexity, improving data access, and helping organizations make faster, more confident decisions.

Published: July 3, 2026 by Ted Wentzel
How Union Credit Expands Access to Credit Unions with Experian

Discover how Union Credit and Experian help credit unions reach younger consumers through personalized digital lending experiences.

Published: July 1, 2026 by Scarlet.Nickel@experian.com
Faster Decisions, Better Outcomes: Experian Verify™ Now Available Through Centro, Mezzo’s Orchestration Engine 

Explore how Experian Verify™ and Mezzo’s Centro orchestration engine are helping mortgage lenders modernize income and employment verification, reduce workflow complexity, and make faster, more confident lending decisions at scale.

Published: July 1, 2026 by Lizel Ferrer