Question

Some organisations are outsourcing various information systems functions offshore. What risks does this pose regarding the principles of confidentiality and privacy? Required: Describe at least TWO possible risks offshore outsourcing of various information systems functions.

Answer 1

Data security and data protection are rated in the top ten risks of offshore outsourcing. A loss of control over possible access to the data is a key concern of outsourcing & when this is further complicated with legal issues arising across country borders ,it becomes even more complex and risky. Compliance with Privacy Act & the US Sarbanes-Oxley Act (SOX) are of particular concern to companies outsourcing work to offshore companies. Since offshore companies are not directly required to comply with the Australian Privacy Act, companies that contract with offshore providers do not have any enforceable mechanisms in place to protect and safeguard personal data. They essentially lose control of that data once it is processed by an offshore provider. Risks can be classifed as:-

1.Strategic Risk ( Inadequate risk)

2.Reputation Risk ( Poor Risk from the third party)

3.Operational Risk (Technology failure)

4. Compliance Risk (Privacy laws are not complied with)