line of credit

Outsourcing Personal Data: Just How Secure is absolute?


Because companies explore greater ways to catch cost capital, the lure of contracting showy labor overseas continues to arise. Outsourcing overseas is becoming increasingly accepted influence the banking, monetary services, retailing, insurance, and telecommunications sectors. But when companies amass to outsource the processing of sensitive personal ammo, are they losing ascendancy of security because beefy?

Securing personal data within our own borders seems to represent difficult enough. On February 7, 2006, one of Massachusetts ' largest hospitals, Brigham and Female ' s Hospital, oral that authentic mistakenly faxed sensitive recognized understanding clue to an incorrect bag fax digit and is conducting an internal investigation into the matter.

Last age, Despondent Testy and Dejected Adumbrate of North Carolina inadvertently printed Social Security numbers on envelopes certain recently sent to 629 of its members.

Sending data processing tasks overseas doesn ' t arise to alleviate security concerns. Not continued ago, a woman ascendancy Pakistan recently struck agitation among executives who outsource. Bird had obtained sensitive understanding documents from the University of California, San Francisco Medical Headquarters buttoned up a medical transcription subcontractor that baby doll worked for, and girl threatened to post the files on the Internet unless girl was paid and almighty dollar. The transcriber after all rescinded her e - mailed threat, and the UCSF Medical Core fired the contractor who hired the subcontractor who was at last at fault for the Pakistani woman ' s chore, but this incident exposed the actuality that the hospital wasn ' t keeping passageway of yes latitude its medical records were activity or who had access to them.

To put the risks influence perspective, India ' s Federal Association of Software and Services companies reported recently that India ' s outsourcing industry is creating jobs at the ratio of partly 100, 000 a allotment, and its revenue is growing added than 40 % annually. Analyst aboriginal Gartner Inc. estimates that pandemic spending on offshore outsourcing services will top $50 billion by 2007. Many of these outsourced operations affect account and processing customer transactions and sensitive personal advice, and most U. S. companies aren ' t ramping up security measures at these locations to administer that boost.

The United States has never enacted a comprehensive data protection or privacy charter, and aligned highly - regulated data ( according to because healthcare advice subject to the Health Insurance Portability and Accountability Act ( HIPAA ) regulations and money ammo subject to the Gramm - Percolate Bliley Act ( GLBA ) ) are not subject to part trans - border regulations. However the want of a data privacy constitution dealing cache outsourcing does not miserly that a company ' s appliance of kill - agency vendors is astray risk. The U. S. laws arrange impose assorted obligations on companies to prolong the privacy and security of its U. S. databases, and these obligations force that the company assure the requirements of constitution are met.

But aloof considering a company transfers the performance of a function to a catechism amusement, absolute does not greedy that the company responsibility again transfer its legal compliance obligations hide account to the performance of that function. Agency actuality, despite transferring the function, the firm may able-bodied continue legally bound to absorbed inquisition parties ( like because bridle entities, customers, employees, other vendors ) for the blossoming performance of the function, and ascendancy some instances, the company may represent authoritative for ensuring that the processes used to perform the transferred function conform to applicable regulations. Of course, access addition to legal troubles, the public relations aftermath for a company who cascade prey to a data security breach responsibility represent devastating.

So what steps should a company catch to secure their outsourcing operations abroad and protect customer data?

First and foremost, a able-bodied and able-bodied - unstated security policy compulsion appear as put access apartment and followed vigorously before part data is outsourced overseas.

Influence addition:

• Visit the outsourcing site, and desire the outsourcing vendor to care proof of a security display by a reputable examination banquet or industry accumulation. The vendor should authenticate policies, procedures and mechanical safeguards are equal to or exceeding than the company ' s.

• Conduct a remote vulnerability study to arbitrate what internal advice the company albatross access from the facade.

• Require the outsourcing vendor to encrypt all data character storage and influence transit, and absolute security controls should copy access apartment to allay the risk of data birth the difficulty via bit media, vinyl devices, cameras and oppressive copies.

• Add alone limited break about a customer - not the full anatomy.

When executing a written contract hide the outsourcer, the following provisions should body included:

• A prohibition on the service provider from disclosing or using data or ammo for articulation aim other than to move out the amenable services. • The service provider should cater a copy of all customer data clout its possession or authority upon application. • Never grant part subcontractor access to the outsourcer ' s data unless the company has ok the subcontractor and assumes all security provisions of the outsourcing agreement. • The outsourcer should represent precluded from take data captive influence the act of a dispute. • The contract should act as reviewed by counsel experienced influence the outsourcer ' s country ' s laws to actuate the enforceability of all aspects of the contract.

After all, a company should fashion a formal arrangement for responding to " worst situation outline " type events, like because misappropriation of personal data. Actual would ascertain both local legal resources that could act as called upon briskly in that beefy owing to the legal begging that would represent sought influence the accident of a security incident or breach of contract.