An ITV news investigation has exposed the risk of offshoring data abroad and putting personal information into the hands of unsecured third parties.

Last night's Tonight programme investigated the sale of British medical records held offshore, in this case in India. ITV reporter Chris Rogers was able to find criminals who were prepared to sell supposedly confidential and private medical and financial records.

According to one insider, name and address data could be bought for as little as 50p, while credit card information is "five bucks" and credit history is "20 bucks".

Once the data is gathered, often just from call centre workers, it is sold to companies and individuals looking to use it for direct marketing and cross selling. The programme described the scale of the problem as alarming.

The thousands of files bought by Rogers included up-to-date and accurate medical information. One victim said that he was "angry" about the disclosure, adding that the information was "very, very private".

The information related to private medical patients and came from one facility, the London Medical Clinic, which had outsourced its data scanning. The firm it chose then outsourced the data again to India, and it is here that the leak is said to have occurred.

"It is useful for programmes like Tonight to be exposing these crimes, but not to disparage a largely trusted and successful outsourcing and offshoring industry. It's important that this is understood to be a data crime, not an offshoring crime," said Mark Kobayashi Hillary, director of the National Outsourcing Association.

Andy Jones, European director and general manager of Xerox Global Services, urged firms to consider a number of things before signing up with a third-party outsourcing provider.

He said that in order to avoid similar problems firms should, understand their contracts.

"What are the terms of the contract and what has the outsourcing company committed to? Will they be using third parties? If so who - and will your documents and data be protected? What access rights will they have? What document standards do they adhere to?," he added.

"These are all questions that need to be asked at the outset."

The Tonight episode can be seen here.