Last week the Home Office was again accused of a massive failure of duty after thousands of criminals’ details stored on a computer memory disk were lost. Details of 84,000 prisoners in England and Wales were lost by PA consulting, a service provider to the home office.
Yet again, this is another reminder of just how important it is to effectively manage your outsourcing relationships, especially when the contract involves handling sensitive information.
Regardless of whether data processes are outsourced or dealt with in house, when it comes to data security organisations need to have strict procedures and measures in place.
When dealing with a service provider, outsourcers must ensure that there are strict data processing obligations within the contract. It is equally as important to carry out suitable due diligence to determine any potential supplier's data security arrangements and regularly audit these throughout the contract.
We are seeing, time and time again, data security blunders within the public sector. It is imperative, especially within major public sector outsourcing arrangements, that a strategic relationship between supplier and end user is thrashed out during contract negotiation.
This way everyone will have procedures in place from the outset and failures in areas such as data security are either avoided or swiftly resolved. If this doesn’t occur we will see more and more data breaches occurring.