You have built the business case, investigated locations and possible partners. You are happy that you are able to demonstrate a compelling case to the board and it is achievable, BUT...

What about the security of your data? What if:

• your customers' data is stolen and sold for fraudulent purposes;
• your company data is stolen and sold to unscrupulous competitors;
• your secrets are stolen and published on the web?

If you read the popular press you may be under the impression that all of these things are more likely to happen if you send work offshore. Since a recent survey suggested that 70% of people would not use a company that has had a data breach, this would indeed be a genuine reason to halt the outsourcing process.

Don't abandon your plans yet though, because in actual fact you and your customers' data could actually be safer outsourced and offshore than here in the UK.

The unfortunate reality is that your data is probably not as safe as you hope and believe it is even here in the UK. So if you take the right steps and consider security from the outset the risk of data theft can be brought down significantly, even to levels lower than those in your home market. After all the WiFi and internet age means data held at a corporate HQ can be accessed from anywhere if a constant state of vigilance is not maintained.

So, how can you minimise the risk of data theft?

Need to Know

Work with your supplier and IT provider to ensure that only the information required to conduct a transaction or the appropriate level of analysis is available to the people carrying out the work. For instance a credit management clerk does not need to know bank account details to chase a customer regarding late payment. When conducting security checks the clerk should be prompted to enter the answer provided by the customer not given the answer to all possible questions. This will cost more to implement and marginally increase processing times but really does make the processes more secure. The tools exist to achieve this control yet far too many organisations rely on standard package access to maximise the amount of information a clerk can see thus marginally increasing efficiency but significantly reducing protection.

Detect and Deter

Implement a full audit trail on systems. Know who has accessed a record, when and why. This may seem like a negative action, but it does ensure people know they will be caught and caught quickly thus increasing the power of the deterrent.

If you choose the jurisdiction the deterrent is also somewhat greater than that available in the UK or the US. In certain jurisdictions the theft of information is considered a serious threat to the national economy and previously sleepy judicial systems suddenly spring to life. In 2006 you may have seen the UK's Channel 4 broadcast a documentary that showed how easy it was to buy information in India sourced from the offshored operations of UK companies. What you may not be aware of is that by early 2007, as a result of the theft, a number of individuals were serving significant prison sentences for breaking the tough data theft laws in the state concerned, and acting as a deterrent to future thefts.

Know your people

Finally, engage with your supplier to ensure only people who have a known background are given access to the data. Who do they employ, who did they work for last, why did they leave, what is their credit score. This may seem like a lot of hard work but remember that most the staff employed to service your requirement will be graduates who have invested in their future. This develops a trail that can be easily followed and may save you a lot of money and aggravation in the future. One of the additional big benefits of using a jurisdiction such as India here is that employers are able to freely exchange information on employees.

The Real Question

The question we should be asking is "How safe is our data?" rather than "Is our data less safe in offshore locations?". Organised crime is operating here in Britain and the US. In Glasgow, Strathclyde Police believe that crime gangs have infiltrated every financial services' call centre is their region. In San Diego there is an active trade in personal data, a single individual's details can earn you $50; in the UK they can be purchased for even less.

The advantage of offshoring is that the labour arbitrage alone can make the system enhancements required for data security affordable whilst still making a considerable saving. However, if they are not made requirements of a deal from the outset they may be lost to take cost out and make the price attractive.

Don't make security the last problem, make it your number 1 requirement and you can have security to match and probably even better than that of a UK operation.

Simon Inglis is a Managing Consultant with Alsbridge, the independent advisors on outsourcing, shared services and offshoring. Simon can be contacted on +44(0)20 7242 0666 or email simon.inglis@alsbirdge.eu