Privacy and Data protection is quickly becoming a bigger business issue with companies in the United States, making it a much larger concern for outsourcing providers around the globe. In addition, the way privacy and data protection is viewed is shifting from a compliance issue to a a board level business issue. Consequently, successful companies are seeing data protection as a value proposition that directly impacts the bottom line.
We spoke with Todd B. Ruback, an Attorney with DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer, P.C. whose practice concentrates on privacy/data protection and technology law, to address this topic.
It almost goes without saying that privacy and data protection applies to personal information such as customer names, addresses, and phone numbers. To assist with this, laws have been established to address the need to protect this data at both a broad level in Europe and at a state level in the United States. But the need for data protection isn’t limited to just these types of information. It also includes non-personal data such as trade secrets, confidential corporate information, intellectual property, and anything protected under a contract.
As the protection of all types of data becomes an increasingly vital concern for companies, it also becomes a point of interest for outsourced vendors. Outsourced vendors need to be aware of the privacy protection laws regarding the data they are receiving, and they need to be sure that they are employing privacy protection best practices.
According to privacy attorney Todd Ruback, privacy protection is shifting from an issue of compliance to a board level business issue for several of these reasons. After all, data protection used to be governed by privacy laws specific to an industry. With these laws, it would mandate a specific checklist of processes that a company would need to successfully have in place in order to comply. For example, there is the Gramm-Leach-Bliley Act created to govern the financial services industry, and the modification of the Health care HIPPA laws to include technology.
Recently, successful companies have begun to shift their thinking and see data protection as a value proposition rather than a compliance issue. Ruback notes that since the occurrence of this shift, it is now possible to see a direct link between best privacy practices and the bottom line. Not surprisingly, this shift also affects outsourcing providers. Recent studies show that as much as 30-40% of data leakage issues occur at the vendor level. This data leakage represents a significant risk to companies, a risk that includes damage controls costs, possible fines and litigation expenses that can impact the bottom line.
With the increase of data protection and privacy concerns toward this data, it becomes increasingly important to educate outsourcing vendors on best practices in privacy protection. Furthermore, as business’ alter their perceptions toward these concerns, outsourcing vendors must be aware of and actively employing privacy protection best practices.