• Home
• Jurisdictions
  • Countries
  • Multinational Organizations
• Services Outsourced
  • Finance/ Accounting
  • Legal
  • Human Resources
  • Information Technology
  • Customer Care
  • Other
• Industries
• Sourcing Models
  • Shared Services – Captives
  • Alternative Structures
  • Pricing
  • Financial Engineering
  • Innovation
• Resources
  • Software Tools
  • Definitions
  • Outsourcing 101 – Basics
  • Sourcing Advisors
  • Benchmarkers
• Events
  • Press
  • Past Events / Webinars
  • Upcoming Events
• Archives
  • Newsletter Article Archives
  • Newsletter Archives

Data Protection

 Print This Page

Data protection is vital to all business process management, regardless where data is gathered, analyzed, processed, stored or communicated. Data protection is everyone’s business and concern. Those who collect and process data have a duty under various laws to maintain the confidentiality and security of that data.

What is “Data Protection”?
By definition, the protection of data from hackers and intruders, as well as authorized parties abusing their access privileges, is particularly sensitive for enterprises that collect data from commercial transactions. As a data processor, the outsourcer needs to offer sufficient comfort that such data will be secure and used only for processing transactions in accordance with instructions in the statement of work. As a data owner, the enterprise customer has a duty to its customers, suppliers, employees, regulators, shareholders and management to seek and verify the conditions that might give such comfort.

How Does “Data Protection” Differ from Privacy Rights?
Data protection differs from privacy rights. Privacy rights involve the right to freedom from unwanted intrusion into one’s personal life.

Instead, data protection is a function of security and is intended to protect the data from abuse that could result in identity theft, extortion and other crimes that might occur even though there is no invasion of privacy. In turn, security depends on technology, the authorization levels for individuals and the monitoring of suspicious or abusive access by both authorized and unauthorized persons. Accordingly, data protection is one of the first elements for inspection during due diligence.

Classes of Sensitive Data
Data need to be sorted into different classes, since legal consequences of breach may be more secure for the most sensitive data. Personally identifiable information (“PII”) merits special attention. Legislation and regulation on different classes of data continue to evolve, so the outsourcing lawyer needs to monitor legal developments and integrate them into contract documents and process management.

Duty of Care by Outsourcing Lawyers
Outsourcing lawyers and their clients need to understand the web of laws, common law duties and emerging technological protections that protect data from unauthorized access. Beyond security controls, personnel having access to protected data should be supported by a corporate framework of policies, procedures, training, monitoring and supervision for purposes of ensuring data protection.

• Publisher’s Blog

  Visit our publisher's blog, Bierce on Business, for commentary on current events.
  
  Registered Users
  We are currently not accepting new registrations, but existing users can still log in.