Tuesday, May 03, 2005

Oh, Those  Dangers of Outsourcing, Part III

Excel-web sharing of spreadsheetsIn April, insurance firm Northwestern Mutual proudly announced to the world that it routinely ships policyholders' personal data overseas to save money on IT costs. The venue was Gartner's Outsourcing Conference.

NM CIO Barbara Piehler explained the rationale: they weren't getting enough out of offshore contractors because of an internal restriction on shipping customer data offshore. And that, "limits what you can do offshore." So senior executives removed the internal obstacle to allow customer data to transit overseas.

But some federal regulators believe that shipping customer data overseas carries significant privacy risks. The FDIC noted last year that service firms in the US adhere to a completely different standard than those overseas. Who vets the outsourcers' employees, for instance?

Worse yet, Northwestern Mutual hasn't informed its 3 million policyholders that their personal data can be viewed by offshore workers. Phil Fersht at the Yankee Group is not enamored with this practice. "Beyond... ethical responsibility, you don't want your customers to have a nasty surprise if something goes wrong."

In my opinion, NM is undertaking a huge set of risks for what appear to be minimal rewards:

  • Some customers, certain to be aware of the offshoring trend, will not be pleased to find out that their personal data is transiting back and forth to India. They will likely change insurers once they discover this nugget of information.

  • There's been no explanation of any vetting process for the outsourcer's employees (e.g., a background check that would be routine in the U.S.). The risk is that the NM will be victim to fraudulent transactions that are very difficult to detect. The recent Citibank call center fraud, in which twelve persons tied to the outsourcing firm were arrested, is a case in point.

  • The targeting of Indian IT outsourcing companies by terrorists raises the specter of other, even more serious risks.

  • There are rumblings in certain state capitols, as well as Washington, that something needs to be done about this practice. Here's hoping that regulators and legislators deal with this issue quickly and comprehensively. Consumers shouldn't have to worry that the next ChoicePoint-style privacy conflagration will begin burning in Bangalore.

    Anyone up for a blogswarm?

    Information Week: The hard road to offshoring

    No comments: