Whether it is data security, management of information or how to outsource a business function, one of the main questions or challenges I have to overcome is the secure management of customer data files in the form of payslips, cheques, statements and invoices.
When organisations consider outsourcing one of their business processes data security is the first area of concern that needs to be addressed and quickly.
Data, information security and privacy is an extensive topic in its own right too long to cover in one blog post but let’s start with a definition which I think wikipedia sums up very well:
Information privacy, or data privacy (or data protection), is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues.
The issue with data privacy is to share data while protecting personally identifiable information.
There has been a seismic shift in how information is used, everyday we find ourselves either completing online forms, signing in and entering passwords or subscribing to newsletters and updates.
And whilst we were initially cautious about how and what our personal information is being used for we are, as consumers more comfortable with understanding how our data is being used.
But when it comes to a company outsourcing a process that involves handing over data files that contain sensitive information like an employee’s payslip this is a very different ball game because the company is responsible for how they manage their employees or customers information.
In 2014 there were over 1,800 incidents of mismanagement of information that was reported to the Information Commissioner’s Office leading to fines in excess of £5 million.
The DMA (Direct Marketing Association) conducted a study to understand how we, the customer view data privacy and what we think about it.
The infographic below summarises the findings:
Millions of data files are transmitted daily to third party providers from payroll, billing and cheque data.
From an organisation’s perspective looking to outsource that kind of information to third party for printing and mailing payslips through to electronic distribution of secure transactional documents there are some key points to consider.
Does the supplier hold the most up to date ISO 27001 Information Security standard – the latest version is 2013. This is the main standard for information security ensuring confidentiality and integrity of your data.
The service provider should be able to demonstrate compliance and guarantees in respect of the handling of your data files.
Are they on the Data Protection register?
This ensures personal data is processed in accordance with the rights of data subjects under the act and protects how your personal information is used.
What security infrastructure for receiving and sending data files is in place?
Do they have SFTP (secure file transfer protocol) which is more secure than FTP and allows for automated transmission of regular data files reducing the potential for
What audit procedures do they have to ensure the receipt and transfer of your data?
Do they have a comprehensive disaster recovery system that enables you to continue to forward your files?
And finally, how do they manage and store your data once the file has been processed, printed and despatched or electronically distributed?
For more information about data security and outsourcing feel free to ask a question here.