I stumbled across this article on data privacy and what problems outsourcers are having. My general opinion is that even with the heightened awareness we have in the U.S. about data privacy and identity theft, HR organizations have not really thought much about how their vendors treat employee data and the security measures behind it.
Most of our outsourcing relationships in the U.S. fall around 2 areas: first does the vendor comply with Sarbanes Oxley, and second, do they provide an appropriate amount of value (service vs. cost) to the relationship. Based on my experiences, most clients simply trust that employee data is going to be safe.
As more and more outsourcing goes on, clients are at greater risk. What I always find disappointing is the pure amount of denial that seems to happen. We always see surveys that say only 70-80-90% of companies outsource anything at all. This would mean that 10-20-30% of organizations think they are 100% in-house. If someone outsources payroll or benefits administration, that’s easy to see. But what about background checks, COBRA, FSA, 401(k) administration? I’d say that maybe less than 1% of the U.S. Fortune 1000 are fully in-house.
All of the above examples between payroll, benefits, background are areas where you are giving away sensitive employee data. The environment changes when you start talking about offshoring.
"The Indian BPO industry is in its infancy, and when one tends to hire 400 to
500 people every month, we often fail to scrutinize the employees closely,"
conceded Mphasis chairman Jerry Rao at a National Association of Software and
Service Companies summit in June.
Now I don’t want this to be a negative commentary on offshoring, and anyone who has been reading this blog knows that the economic advantages to offshoring are theoretically obvious. (Intro to MacroEconomics 101). What I want to bring up is the idea that most organizations simply are not focused on their vendor’s employee population, whether domestic or offshore.
The laws governing privacy and information access vary from country to
country. India makes it relatively easy to obtain information, while Japan has
strict privacy regulations. Hong Kong has a fairly strict information-protection
act, and European countries adhere to Safe Harbor regulations, which prohibit
the transfer of personal data to non-European Union nations that don't meet the
European standard for privacy protection.