The Privacy Concerns and Risks of Offshore Outsourcing

Offshore outsourcing companies continue to hit it big time as more and more industries are seeing them as a viable option in providing service flexibility. With the increasing demands of the consumer that comes with technology innovation across industries (administration, human resources, contact centers, and telemarketing) and the amount of cash that they can save with this. It will be no surprise offshore outsourcing companies are becoming popular.

According to U.S. Federal Deposit Insurance Corporation, the rapid increase in offshoring by many U.S. financial institutions and their data vendors is due to the fact that it has potential cost savings that are attainable because of the low-wage labor pools that are tapped in foreign countries. It is estimated that financial institutions that utilizes offshore outsourcing companies achieve average cost savings of 39 percent, with one in four institutions surveyed achieving savings of more than 50 percent.

But there are also risks that can be encountered when a company relies too much on outsourcing. Domestic outsourcing and offshoring almost share the same risks. However, the more complicated chain of control incurred when offshoring financial services and related data may create new risks when compared to domestic outsourcing. Offshoring also introduces an element of distance constraints with regards the outsourcing process. Particularly the geographical distance from the function and timing lags in reporting heightens the potential risk exposures. Other than that, it can also be affected by political conflicts, socio-economic problems, or other factors that may amplify any of the traditional outsourcing risks. The control for customer privacy may also be put into question with the regulations that are being imposed of offshore vendors. There are country laws that may not protect a client-company’s “trade secret”. And the financial losses on the vendors end may lead to breaches on the agreement.

Several U.S. laws require companies to maintain reasonable technical, physical and administrative safeguards. Gramm-Leach-Bliley Act imposes on outsourcers the same limitations on use and onward disclosure of non-public personal data that apply to the outsourcer’s enterprise customer. In the case of a lender that discloses customer information to a service provider responsible for mailing account statements, it is not allowed to sell the information to other organizations or use it for marketing. In the same case, if the privacy statement gave the consumer a right to opt out of disclosures to a third party, the outsourcer could have the same rights to use and disclose the data as the financial institution as set forth in the privacy notice. Thus, the privacy notice can be designed in different ways that affect the scope of the service provider’s privacy obligations. In addition to confidentiality provisions in contracts and trade secret principles of Common Law, the Federal Computer Fraud and Abuse Act imposes criminal penalties and imprisonment for between 10 and 25 years for unauthorized access to “protected computers.” Under this statute, a crime is committed where a person “intentionally accesses a computer without authorization or exceeds authorized access” and thereby obtains certain categories of information.

It is important to understand the risks that may come up with any business decision. But it is also important to know which laws can reduce these risks.