Regulators are becoming ever-more aggressive in penalising companies which do not comply with data security and data protection requirements, imposing fines on them and publicising data breaches. Intellect, the UK technology trade association, believes that companies which fail to take data issues seriously will be subject to increased scrutiny and will compromise the trust that staff and clients place in them.
Intellect is publishing a checklist for avoiding the common data security and protection issues encountered in outsourcing projects. If followed by IT outsourcers and their customers, the guidelines will greatly diminish their chances of losing or compromising data, breaching regulations and facing fines.
The guidelines provide a clear overview of the types of issues outsourcing projects might encounter, when the best time to address them is and which party is legally obliged or best placed to deal with them. For each of the seven stages of a project Intellect provides a checklist of data security and protection related actions that must be taken, ranging from determining the volume of data that will flow between outsourcer and customer, to procedures for destroying retained data at the end of a project.
David Evans, senior data protection practice manager at the Information Commissioner’s Office, comments: “Outsourcing IT operations often involves the transfer of personal data to a third party, either in the UK or overseas. For an organisation to retain the trust of its staff and clients it is important that their outsourcing complies with the Data Protection Act. This means ensuring that personal information is stored and processed securely, that is accurate and up to date and accessed only by those with justifiable reason.“
The data protection laws of the EU require careful consideration in the context of outsourcing, especially where personal data is transferred outside of the EU. The guidelines have been written with this in mind and also include information on non-European countries that have data protection laws, including the United States, Canada, Russia, Dubai, Korea and Australia.
John Higgins, director general of Intellect comments: “The money that outsourcers and their customers pay in data breach fines would be better spent improving data security processes, so these breaches don’t occur in the first place. Consumer data is a highly valuable commodity and should be treated as such. Companies recognise their responsibility towards consumers’ data but don’t always understand the best way to achieve this. We believe our guidance can help address the situation.“
Outsourcing and offshoring are an integral part of business in the 21st century. But they do mean that companies have to be more vigilant than ever in assuring the security of the data their customers trust them with. If followed by both outsourcers and their customers, our guidance will help ensure consumers’ details remain secure.“
The guidelines state that vendors and customers must work together more closely to anticipate and address data security and protection issues, which may affect the success of their project. The lead-time that anticipation provides can be critical to developing efficient solutions.
The guidelines are available to download free of charge from www.intellectuk.org/dataguidelines.