All the latest UK technology news, reviews and analysis

TV show exposes offshore data risks

by Dave Neal

More from this author

20 Oct 2009

Comment: 1

  • Tweet this
Data
Stolen data is often gathered from call centre workers

An ITV news investigation has exposed the risk of offshoring data abroad and putting personal information into the hands of unsecured third parties.

Last night's Tonight programme investigated the sale of British medical records held offshore, in this case in India. ITV reporter Chris Rogers was able to find criminals who were prepared to sell supposedly confidential and private medical and financial records.

Further reading

According to one insider, name and address data could be bought for as little as 50p, while credit card information is "five bucks" and credit history is "20 bucks".

Once the data is gathered, often just from call centre workers, it is sold to companies and individuals looking to use it for direct marketing and cross selling. The programme described the scale of the problem as alarming.

The thousands of files bought by Rogers included up-to-date and accurate medical information. One victim said that he was "angry" about the disclosure, adding that the information was "very, very private".

The information related to private medical patients and came from one facility, the London Medical Clinic, which had outsourced its data scanning. The firm it chose then outsourced the data again to India, and it is here that the leak is said to have occurred.

"It is useful for programmes like Tonight to be exposing these crimes, but not to disparage a largely trusted and successful outsourcing and offshoring industry. It's important that this is understood to be a data crime, not an offshoring crime," said Mark Kobayashi Hillary, director of the National Outsourcing Association.

Andy Jones, European director and general manager of Xerox Global Services, urged firms to consider a number of things before signing up with a third-party outsourcing provider.

He said that in order to avoid similar problems firms should, understand their contracts.

"What are the terms of the contract and what has the outsourcing company committed to? Will they be using third parties? If so who - and will your documents and data be protected? What access rights will they have? What document standards do they adhere to?," he added.

"These are all questions that need to be asked at the outset."

The Tonight episode can be seen here.

Do you agree?

Add your comment

Offshoring data entry presents numerous security challenges

The Tonight team should be commended for exposing with their report a shocking abuse of NHS confidential patient data, but we must not fall into the trap of labelling this as just an NHS problem, as we have seen how lax controls and monitoring of both workers and their access to key systems can put data security at risk. Offshoring data entry presents numerous security challenges for any organisation, regardless of whether they are public or private sector. Organisations that lack the controls to manage user access often run into problems with staff acquiring access rights to data and software that may exceed their role, or gaining access to systems without detection. As well as the potential for malicious damage or data theft, the risk of accidental damage and deletion of data is raised considerably. For any company involved in outsourcing data entry, it is essential that clear processes and policies are in place not only for monitoring the physical activities at the offshore location, but also to ensure that access to key information systems by those offshore workers is appropriately managed, provisioned and monitored by the IT department.

Posted by: Stuart Hodkinson, UK general manager, Courion 21 Oct 2009

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Services

Oracle logo

Oracle splashes out $2bn on cloud computing personnel specialist Taleo

Related white papers

Related articles

Related jobs

Today's top stories

heartvalentinesday

Top 10 Valentine's Day technology matches made in heaven

Microsoft Windows 8 start screen

Microsoft talks up Windows 8 for ARM hardware

Security enhancements will be added with the Chrome 17 update

Chrome for Android hands on review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

PHP Web Developer - html, css, javascript

The Company: My client based in Sheffield are one...

BPSK / QPSK Modulation Consultant-Belgium

Binary Phase Shift Keying (BPSK) Modulation Consultant...

Java Developer, Online Gaming, London

Java Games Developer, Online Gaming, London Key words...

Quant Dev, Hedge Fund, FX, Excel VBA

Quant Dev, Quantitative Developer, RAD, Hedge Fund, Asset...

To send to more than one email address, simply separate each address with a comma.