Thinking About Data Privacy in Outsourcing

Two forces are shaping privacy and security in outsourcing: Companies’ increased use of outsourcing driven by the desire to achieve greater efficiency coupled with a rapidly evolving privacy and security environment.

What your vendor partner does with your company’s data (or that of YOUR customers) and how it protects—or fails to protect—it can put your  company at risk vis-à-vis data protection laws not to mention putting the reputation of your firm at risk, as well.  It is your responsibility to assure that your vendor partners have good policies and practices in place to protect your firm’s image in the marketplace as well as shield you from legal liability.

Some things to consider:

1.  Do your vendor agreements have specific language obligating them to protect the confidential information of your firm and your clients?

2.  Do you perform “due diligence” to assure that your vendor/partners have implemented good security policies and procedures and are not merely paying lip service to your security obligations in order to gain/retain your business?

3.  Do you share privacy practices with your partners?  As outsourcing grows, the need for collaborative interaction where both parties share information and improve processes and procedures becomes increasingly important.

4.  Do you maintain a compliance log?  A useful tool, a compliance log will maintain a list of vendors with whom you share confidential information and track the status of your agreements, status of your due diligence, and renewal dates and terms.

Speak Your Mind