Data security has become the number one issue in outsourcing contract negotiations at some firms. Here's why. Say an outsourcing buyer gathers personal data and then shares it with its outsourcing supplier. Then the supplier has a data breach.
Here's the conflict: Buyers believe outsourcing suppliers should have superior processes and technologies, so they should be responsible for all data security breaches. Buyers feel the supplier is better positioned to deal with these risks.
But suppliers know no system is immune from a data security incident. They want to work with buyers to create a list of things the buyers expect them to do. Then, if they are compliant, they are not responsible if a data breach occurs.
But buyers know they can't list everything. Contract negotiations try to figure out processes and liabilities to keep both parties happy (or at least equally unhappy).
