Tighten Up Data Protection Policies in Outsourcing or Prepare to Pay Penalty

Western Mail (Cardiff, Wales), June 24, 2009 | Go to article overview
Save to active project

Tighten Up Data Protection Policies in Outsourcing or Prepare to Pay Penalty

RECENT data losses by local authorities, the MoD and NHS, together with a radical report highlighting changes which will be necessary in Data Protection law in the UK, have highlighted the need to review privacy and data security obligations under outsourcing agreements.

The UK Information Commissioner's office has recently endorsed calls for a rewrite of the EU Data Protection Directive following publication of a critical report by the RAND Institute. A number of high profile data security breaches involving outsourcing arrangements have made this issue a key component in negotiating outsourcing structures.

Customers and suppliers need to address data security and data protection issues under all outsourcing arrangements. It is frequently the case that planning for these issues is left unaddressed until the last minute. Dealing with these issues late in the outsourcing negotiating arrangements often results in higher costs, unwieldy solutions and the increased risk of regulatory intervention.

With more and more data being stored by organisations and transferred by removable data, including the NHS, which is now storing patient records electronically, organisations need to address their security and privacy policies, to safeguard the data that they hold, outsourcing service providers must protect personal data to avoid penalties and distrust. These issues need to be reflected clearly in any outsourcing arrangement and the obligations between the customer and the supplier in respect of data security, data transfer and the compliance with data protection regulation needs to be signed off at board level.

The position is now clear; any data handler that loses sensitive personal data having failed to take reasonable precautions will face civil penalties under the UK and European legislation.

Following the press coverage of the loss of sensitive data by the MoD and NHS in the past couple of months, the public and private sector must realise that unless they address the security of data management penalties will follow.

This is particularly the case in outsourcing arrangements which usually underpin data transfer arrangements.

Data controllers failing to protect sensitive data face damage to their reputations, commercial loss and a regulator who can, and increasingly will, make them pay.

The practical position is that companies are now forced to take data protection issues seriously under outsourcing arrangements and the requirements for data protection audit controls are now a matter of operational risk management for most major companies and subject to intense scrutiny by regulators and stakeholders alike.

Common problems in relation to data protection principles frequently arise as a result of misunderstandings between customers and suppliers in respect of each party's obligations applying to the transfer of data.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Tighten Up Data Protection Policies in Outsourcing or Prepare to Pay Penalty


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?