A survey called "Securing Outsourced Consumer Data" outlines the 10 most common mistakes organizations make when outsourcing data to third-party vendors.
The survey, commissioned by Experian Data Breach Resolution, a provider of data breach resolution solutions, and conducted by the Poneman Institute, a research center, polled 748 individuals in organizations that transfer or share consumer data to vendors. The organizations represent a number of different industries and are not limited to healthcare.
The 10 most common mistakes, according to the survey, are:
1. Organizations do not hold vendors to the same security standards as they do for their own in-house security practices.
2. Organizations do not know how frequently the vendor is losing their consumer data.
3. Organizations do not take action following a breach such as requiring the vendor to fix the problem (if known) that caused the data breach.
4. Organizations do not require the vendor to conduct an audit and detailed assessment to understand the source and cause of the incident.
5. Organizations accept the fact that most data breaches are discovered by accident and not as a result of having appropriate security and controls procedures in place.
6. Organizations rely on contracts that legally obligate the vendor instead of security certifications or audits of the vendor's security and privacy practices.
7. Organizations select vendors on quality of service and price, not on their security or privacy practices.
8. Organizations do not know whether they are monitoring the security and privacy practices of vendors they share consumer data with on an ongoing basis.
9. Organizations depend upon reviews made by purchasing or legal instead of annual self-certifications, independent audits or automated monitoring tools.
10. Organizations do not require background checks for employees who access confidential information.
EHR Vendor Reports Data Breach
University of Connecticut Health Center Data Breach Affects 1,400 Patients
The survey, commissioned by Experian Data Breach Resolution, a provider of data breach resolution solutions, and conducted by the Poneman Institute, a research center, polled 748 individuals in organizations that transfer or share consumer data to vendors. The organizations represent a number of different industries and are not limited to healthcare.
The 10 most common mistakes, according to the survey, are:
1. Organizations do not hold vendors to the same security standards as they do for their own in-house security practices.
2. Organizations do not know how frequently the vendor is losing their consumer data.
3. Organizations do not take action following a breach such as requiring the vendor to fix the problem (if known) that caused the data breach.
4. Organizations do not require the vendor to conduct an audit and detailed assessment to understand the source and cause of the incident.
5. Organizations accept the fact that most data breaches are discovered by accident and not as a result of having appropriate security and controls procedures in place.
6. Organizations rely on contracts that legally obligate the vendor instead of security certifications or audits of the vendor's security and privacy practices.
7. Organizations select vendors on quality of service and price, not on their security or privacy practices.
8. Organizations do not know whether they are monitoring the security and privacy practices of vendors they share consumer data with on an ongoing basis.
9. Organizations depend upon reviews made by purchasing or legal instead of annual self-certifications, independent audits or automated monitoring tools.
10. Organizations do not require background checks for employees who access confidential information.
More Articles on Data Breaches:
Stolen Laptop Contains Info on 4k Oregon Health & Science University Hospital PatientsEHR Vendor Reports Data Breach
University of Connecticut Health Center Data Breach Affects 1,400 Patients