Privacy and Data Security in Outsourcing


Summary

This practice note discusses privacy and data security issues in outsourcing. Outsourcing frequently results in a company’s data being stored outside of the company’s firewalls, often in systems managed by the outsourcing provider. Outsourcing can also result in movement of the company’s data to new and different countries, particularly when the supplier uses off-shore resources or the outsourcing involves cloud computing. For outsourcing transactions that involve the transfer and processing of personal data, privacy protection and data security are significant legal risks. A data breach negatively impacts customers, suppliers, financial markets, and business relationships. In 2017, Equifax, one of the big three credit reporting agencies in the U.S., admitted that its data breach exposed the sensitive personal information of 143 million Americans. It is estimated that the average cost to a company for a data breach in 2017 was $3.86 million. Thus, outsourcing IT and business systems ...