Outsourced data is outsourcer's liability

The Information Commissioner’s Office in the UK has issued a guidance to organisations which outsource their data. According to the guidance, a company outsourcing its data can be held responsible for any security breaches that may be executed by a third party.

A number of large organisations today are outsourcing their data processing needs to contractors. This means that the data is physically travelling out of the company’s premises and going into the hands of a third party. While most contractors may assure the company of complete protection of data, there have still been instances of it being leaked out. And this guidance may have come in response to the constant rise in items of private information such as names, dates of birth and security numbers of clients being leaked.

In most cases, if data loss or theft is reported at a company’s site, it may be held legally liable for the loss. Now however, with the guidance coming into the picture, organisations will be forced to make sure that precautions are taken to safeguard data, even if it is on another continent. This could call for amendments in the security policies of organisations; both large-and medium-sized ones.