IT outsourcing has been on the rise in recent years, but there are many issues that can easily disrupt the development of a contract and service level agreement. According to a recent CIO magazine report, the responsibility for data breaches is the most contentious point of all.
The core issue in this division between service providers and clients is a shift in historical practices. The news source explained that it used to be fairly easy for organizations to establish liability guidelines when establishing a service level agreement.
Basically, a business remained responsible for securing all of its own systems and was liable for the costs of any data breach. The service provider, on the other hand, was bound to protect any of its client data that it controlled within the arrangement. In the event of a breach that falls under the service provider’s area of protection, the vendor would typically take full financial responsibility for the event, paying up to a year’s worth of revenues from the outsourcing deal, the report said.
This plan worked well for a while, then the Health Information Portability and Accountability Act (HIPAA) came along. HIPAA, combined with a variety of other federal regulations for data breaches have added a layer of complexity to the arrangement. According to the news source, costs for records lost are rising at a meteoric pace, as regulations mandate that customers with affected data are notified of the risk, credit-monitoring services are purchased in some cases and other provisions are taken.
Essentially, the cost of a data breach has risen so quickly that many major IT outsourcing providers are no longer willing to take on the full costs of major data breaches, leading to a major shift in how they define liability. What was once a black and white issue now features plenty of grey area, creating complexity that leads to contention between service providers and clients.
Having a good working relationship with a service provider is necessary to the success of any IT outsourcing plan. Businesses that are working to find the right third-party provider for records storage, technology escrow services or data backup and recovery may want to consider working with Iron Mountain, as the company’s expertise in a diverse range of industries positions it perfectly to understand the full implications of liability assessment.