Discussion 5A

Respond to the discussion post below with YOUR educated opinion in 3-4 sentences WITH scholarly source backing it up:

Preserving customer confidentiality is a major issue even here in the United States, however, when companies decide to offshore various parts of their information system an extra layer of concern comes into play. If and when a company decides to offshore some of there IS, they begin to run the risk of having a breach in their data security and protection components.  A major reason why offshoring part of a company’s information system poses a threat is due to the fact that not all countries have such high regulations and standards that America has. Due to so many cases of identity theft, and scams over the past could years here in America, the Financial Services Modernization Act, Health Insurance Portability and Accountability Act and countless other acts and regulations came into play to make sure that companies are doing everything they possibly can do to protect their customer’s private information. However, when a company chooses to offshore this area of IS, there is a great chance that these rules and regulations are not in place and customers information becomes much more vulnerable.

            One of, if not the most important tool for protecting confidentiality is having employees who are very well trained in the area; understanding what information is highly restricted, crafty at encryption and also basic things like not walking away from your computer with information still on the screen. This level of training and knowledge could easily be lacking when a company chooses to offshore this. In addition, the general knowledge of protection and security in terms of encryption and other arears may easily be subpar.  

            Organizations have a huge responsibility and duty to ensure that their customer’s personal information is protected. When a customer gives their information to a company they are trusting that the company does everything in their power to protect their information; and the company needs to do everything in their power to do so. Organizations should perform internal audits on their privacy and security measures, and also ensure that their offshoring organization is held to the same standards then American companies are. If an organization experiences a breach in their security system and personal information is revealed, the organization should face fines and penalties for not operating at the best of their ability.