Oh, Those Dangers of Outsourcing, Part III
In April, insurance firm Northwestern Mutual proudly announced to the world that it routinely ships policyholders' personal data overseas to save money on IT costs. The venue was Gartner's Outsourcing Conference.
NM CIO Barbara Piehler explained the rationale: they weren't getting enough out of offshore contractors because of an internal restriction on shipping customer data offshore. And that, "limits what you can do offshore." So senior executives removed the internal obstacle to allow customer data to transit overseas.
But some federal regulators believe that shipping customer data overseas carries significant privacy risks. The FDIC noted last year that service firms in the US adhere to a completely different standard than those overseas. Who vets the outsourcers' employees, for instance?
Worse yet, Northwestern Mutual hasn't informed its 3 million policyholders that their personal data can be viewed by offshore workers. Phil Fersht at the Yankee Group is not enamored with this practice. "Beyond... ethical responsibility, you don't want your customers to have a nasty surprise if something goes wrong."
In my opinion, NM is undertaking a huge set of risks for what appear to be minimal rewards:
There are rumblings in certain state capitols, as well as Washington, that something needs to be done about this practice. Here's hoping that regulators and legislators deal with this issue quickly and comprehensively. Consumers shouldn't have to worry that the next ChoicePoint-style privacy conflagration will begin burning in Bangalore.
Anyone up for a blogswarm?
Information Week: The hard road to offshoring