The National Outsourcing Association (NOA) has been forced onto the back foot by recent revelations on ITN’s Tonight programme, broadcast on ITV 1. An undercover reporter demonstrated how he was able to purchase the medical records of UK patients from a criminal group based in India. Critics of outsourcing data were quick to blame the industry for the potentially damaging data leaks.
Chris Rogers, a reporter for the popular current affairs program, found that he was able to obtain medical records for around £4 each. Rogers was offered the chance to pick up in excess of 10,000 records if he was willing to make the trip to India. It was also made clear that these records originated from private organisations and not from the NHS.
A senior manager of the NOA’s offshore arm defended offshore data storage, asserting that location had little to do with the security of private data. Mark Kobayashi Hillary suggested that outdated security at a small number of offshore locations was the primary risk factor and that any such loss should be regarded as a data crime rather than an inherent issue with outsourcing.
Hillary went on to explain that the companies approved by the NOA worked in paperless environments and did not allow external access to email in order to avoid any chance of data theft or loss. He also reassured UK clients that the NOA would only deal with established, reputable offshore companies in order to guarantee the integrity of personal data.
Hillary was, however, forced to admit that while the issues exposed in the report were not solely related to outsourcing data storage to offshore providers, some offshore facilities were still suffering from archaic security, making it relatively easy for cybercriminals to steal from them.
Ultimately the revelations should lead to increased security and stability in the industry. The NOA followed up Hillary’s statements by suggesting that the outsourcing industry should require its offshore partners to reveal their country of origin and the specifics of their operating procedures. It was also suggested that increased transparency in the operation of offshore data processors would help to reduce the risk and occurrence of data theft.
