My Photo

Recent Posts

Categories

Archives

More...

Blog powered by TypePad

Subscribe

  • Subscribe in podnova

    Add SourcingTalk to ODEO

TPI - Legal Disclaimer & Privacy Policy


  • This Web site is for the purpose of disseminating information, which may include confidential and or proprietary data. Such information is entitled to the protection specified therein, but does not represent an offer by TPI to perform any services as such an obligation only arises pursuant to an agreement specific to the parties covering the terms and conditions applicable to such services.
  • TPI's Legal Disclaimer
  • TPI's Web Privacy Policy Statement

« End (to End) Game: Managing the Multi-Provider Service Chain | Main | 2008 – And Beyond »

January 02, 2008

Unto the (Data) Breach: A 2008 Topic

Concerns about data privacy are rising in the sourcing industry, and I expect the issue to get a real workout in 2008.

Which is fine. But first a couple of points: From the earliest days of outsourcing there have always been third parties involved in processing client information. More to the point, data breaches can and do happen with in-house operations, too.

Still, the data issue is gaining traction in light of legislation aimed at protecting financial and medical data. Both clients and providers are feeling the heat.

The sourcing industry has already adopted safeguards and best practices to protect information, but the question remains in the mind of many: Does sourcing mitigate or exacerbate data risks?

Companies are calling us seeking advice on the capabilities of service providers to help reduce the perceived risks relating to data protection. At the same time, providers are starting to squirm at contractual terms aimed at allocated damages due to breeches in data security policies.

We shall see whether the sourcing industry is a source of extra risk or solution. But there are two things we already know: Whether data are processed in country or offshore doesn’t matter, so don’t believe in headlines about “outsourcing” as a culprit. And the market can and will play a regulatory role, as it always has, because reputations and bottom lines will suffer if customers suffer. 

Posted at 03:14 PM in Data Security |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1135658/24726516

Listed below are links to weblogs that reference Unto the (Data) Breach: A 2008 Topic:

Comments

I certainly agree that service providers will see an increasing focus by their clients on assessing their information security risk, given the regulatory and reputational issues fir enterprises. I also agree that whether it is off-shore or onshore isn't the defining factor in whether an SP is secure or not - it's the policies, procedures, technologies, and governance in place within the SP environment being used to perform the services.

As we are building an vendor info risk rating service here at Moody's, I obviously think it is a good thing for service providers to get assessed. Better to be assessed and know where your risk areas might be, than have your clients put overarching, generic contractual terms on you because they don't know your current posture. I also think that clients will look more kindly on service providers who proactively get their security posture assessed versus waiting till they are forced to.

The stick approach is what I see being used mostly by enterprises right now to push service providers to be assessed, but one thing I would be interested in hearing from service providers is what would incent you to proactively get an assessment. Our early observations are that most service providers don't too willingly go out and get assessed until a key client pushes them to.

Posted by: Ed Leppert | January 07, 2008 at 11:26 AM

Post a comment

If you have a TypeKey or TypePad account, please Sign In