When the Channel 4 programme Dispatches announced it had been able to obtain the personal banking details of UK consumers, alarm bells sounded throughout the outsourcing community. But it’s not the first time such a blunder has been made.

Over a year ago when a tabloid newspaper claimed it had purchased the financial details of customers of several UK banks from an employee of an outsourcing supplier in Delhi, there was equal dismay.

These breaches in security involving some of the biggest names in the financial services sector have sparked concern over data management security in outsourcing and caused customers and companies to question how safe their data is in an outsourced environment.

The real issue was not that the call centres were offshore; there is nothing to suggest that foreign call centre workers are any less moral than those in the UK. But it does go to show that security breaches take many forms.

They can come in the shape of internal risk, such as data being stolen or misused by an employee; external risk from outside the company, for example from a threat such as a hacker; and IT risk which may be a threat posed by a virus.

The wooliness around the division of responsibility of security protocol is often the reason behind security lapses. When working with a supplier, the issue of responsibility is always a potential problem. This can often be exacerbated by an ‘out of sight out of mind’ attitude that too many companies have with outsourcing.

Letting a supplier act independently of an organisation is risky and may result in misaligned data management objectives and achievements. Contracts should be structured to clearly define areas and divisions of responsibility. Careful management and service level agreements are necessary to ensure that there are no holes in any process.

As the problems behind security issues in outsourcing are often contractual, there can be a power struggle between the end user and the supplier over who leads the policy and who implements the operational aspects.

However, it does tend to be the end user who has the strategic influence and drives the initiative. But this should be done in close collaboration with the supplier, who will then be responsible for implementing the security procedures.

An outsourcing project, like any other business environment can never be 100% secure, however, with forethought and insight, organisations can do their best to protect themselves.

Andrew Rigby is a partner at Addleshaw Goddard