An increasing number of companies are outsourcing internal functions to provide a significant cost savings and other benefits to the company. While outsourcing can be extremely beneficial, companies must carefully manage the risks created by placing data into the hands of an outsourcing provider. Outsourcing frequently results in a company’s data being stored outside of the company’s firewalls, often in systems managed by the outsourcing provider. Outsourcing can also result in movement of the company’s data to new and different countries, particularly when the outsourcing involves cloud computing.
Placing company data into the hands of an outsourcing provider raises various risks, perhaps none more pronounced than in data privacy and security. New laws and regulations, an increase in technology solutions and providers, and increased cybersecurity threats heighten the concerns in this area. Companies must respond to these increased risks in three key ways, through: (a) security assessments that lead to a comprehensive written data security plan, (b) the careful selection and monitoring of outsourcing providers and (c) well-crafted contractual protections with those providers. This article discusses some of the key considerations for companies to evaluate in implementing privacy and security protections in outsourcing