Home : Networking : News

Government investigates outsourced data security

Information Commissioner launches official investigation over data security standards

By Iain Thomson, 9 Oct 2006 at 11:20

Following an undercover investigation by Channel 4's Dispatches the Information Commissioner has launched an official investigation into data security standards in offshore call centres.

The program found that call centre staff were willing to sell credit card and password information on individual customers for a few pounds. The details were bought from a call centre that serviced the billing systems for a British mobile phone network operator.

"It appears that some mobile phone companies' call centres in India are being targeted by criminals intent on unlawfully obtaining UK citizens' financial records and this will be the focus of our investigation," David Smith, deputy information commissioner, said in a statement.

He said that British companies may be forced to bring data handling back into the UK if they cannot guarantee the security of their outsourcing partner.

"There is a market for your data - and if you don't take care to protect it and its use, it can easily get into the wrong hands," said Matt Fisher, vice president of software auditors Centennial Software.

"Seemingly innocuous devices, such as USB memory sticks, can easily be used to remove vast amounts of data from a business, in an incredibly short space of time. You can't physically search every employee as they leave the building at the end of every day, so companies desperately need to get a grip on the use of these devices within their business."

He continued that the problem was not just confined to offshore companies; with recent research showing over half of UK businesses have no controls in place to manage workplace use of removable media devices and 86 per cent of employees use removable media devices on a daily basis.

"I was surprised the angle of the inquiry was on individual people taking small amounts of data," said Paul Harris, managing director of storage encryption specialist DISUK.

"I don't believe Indian call centre industry is naÃ¯ve enough to make their stations open to USB data withdrawal."

He felt that the focus of any inquiry should also include an examination of the record of British banks on managing data security here and with outsourced partners.