Even though data thefts are very frequent in this industry, a few get reported in the press and attract attention. In Apr. '05, several employees of MphasiS, a Business Process Outsourcing (BPO) firm, were caught in the act of using customer passwords to fraudulently withdraw funds from the New York accounts of Citibank customers. In June of the same year, an employee at another BPO firm Infinity e-Systems sold the account numbers and passwords of 1,000 bank customers to a reporter from the British tabloid The Sun for $5,000. And, in Nov. ’05, four former employees of Parsec Technologies were arrested for allegedly stealing classified information. Parsec services housing mortgage originators in the U.S., and the ex-employees had diverted the contact information of potential mortgage finance customers to a firm they had set up called Telequest Systems, which in turn passed the information on to other call centers. The scandal came to light when there was a sudden drop in the productivity of call centers hired by Parsec.

Data Security Breaches: Best Practices

Collaborative effort is required: In a recently taken step, Nasscom, an association of software and service companies in India, has put together several measures to address data-security concerns regarding service provider employees The association has set up the “National Skill Registry” for IT professionals to conduct background checks on employees by tracking such information about employees such as employment history Nasscom has also set up independent self-regulatory organization to set and monitor data security and privacy “best practices” by outsourcing service providers in India. Partners should increasingly adapt compliance programs and comprehensive security audits including personnel and equipment audits to put specific checks in place to prevent misuse of sensitive information and data Enforcement agencies should also be set up to work with BPOs to conduct workshops to enable employees to improve knowledge and skills to prevent and prosecute misuse of data. Source: Mayer Brown

NextGen Outsourcing Risk 4: Institutional Knowledge Loss

Outsourcing is  no longer in the pilot stage. Companies are aggressively inking long-term outsourcing contracts. But one of the biggest drawbacks of such engagements is the loss of institutional knowledge — an organization losing its knowledge to execute the outsourced tasks, if the selected services provider fails to perform. And the greater the amount of outsourcing tasks, the bigger the level of institutional knowledge at risk. The most severe drawback of this is to lose the capacity to retain an understanding of underlying business processes, data and technology. Even though such cases of institutional knowledge loss is so common in the knowledge world, one will not be able to get any example of such cases easily because of obvious reasons.

Institutional Knowledge Loss: Best Practices

Customers should include obligations in the contract that ensure their service provider is required to maintain up-to-date records and information about the services, service levels, the infrastructure used to provide the services, and manuals and documentation necessary to run the services  A detailed exit-management plan will also assist the customer to have access to valuable know-how — the customer may also want to pay their provider for training or to work alongside a replacement provider Arguably, the most important way in which the service provider can ensure it retains some knowledge about the services after a long-term outsourcing is to retain a core group of people who can not only assist in managing the service provider but also act as the interface between the provider and the customer’s business By retaining a significant level of control over the outsourced services, customer is less likely to find itself unable to take the services back in-house, or to transition them across to a replacement provider. Source: Global Services

NextGen Outsourcing Risk 5: Agitation Among Employees

Sometimes even unionization and agitated employees make things difficult. In a recent example, after the announcements made by Westpac to outsource 3,000 jobs to destinations like India over the next three years, the Australian worker union appealed to the government to review “bank licensing arrangements” to stop outsourcing of back-office work. Even though Westpac Bank had denied any such plans, it had also made clear that the bank would increase offshoring in future. The similar situation aroused in the case of ANZ, one of the largest bank in New Zealand, when the outsourcing plan angered worker unions in New Zealand.

Agitation Among Employees: Best Practices

Companies must be aware that incumbent employees are likely to react negatively to outsourcing rumors, and may seek to undercut the initiative or to spread rumors and unrest. To counteract this, it is important to develop and execute an internal communication plan that includes impacted employees. Companies can also use severance payments, and even retention bonuses to generate employee good will and incentivize employee cooperation Deal fairly, and as per applicable laws, with incumbent employees Both customers and service providers must be aware of government employment laws in certain jurisdictions, such as the EU Acquired Rights Directive, and how to address and mitigate the impact and risk of such laws. Source: Mayer Brown