Do you agree or disagree with it, show proof why you believe you agree or disagree, also In your response, recommend controls that will mitigate the risks. Ensure the recommended controls are in compliance with industry standards. In this post below.

North American companies are some of the largest offshore outsourcers. It gives organizations access to high-quality services at lower operating costs. It is estimated that financial institutions that utilize offshore outsourcing companies achieve average cost savings of 39 percent, with one in four institutions surveyed achieving savings of more than 50 percent (Connor, 2016).

Risks of Offshore Outsourcing

1. Confidentiality Risk - The up-side of outsourcing offshore is cost reduction; however, one of the major concerns in this arrangement is risk of confidentiality breach. The outsourcing arrangements often involve cross-border transfers of large proportions of a client's proprietary and confidential information assets. In most cases these external companies deal with sensitive information, such as financial data, medical data, payroll and benefits information, social security numbers and purchasing histories. This way any business that is outsourced virtually may get involved in privacy violations due to mistakes or negligence.
2. Diversion of Funds - In June 2004, the Federal Deposit Insurance Corporation (FDIC) published a study on the risks associated with offshore outsourcing for financial institutions. According to the report, in addition to the risk of data privacy breach there is also the potential for a diversion of funds due to the sensitive material handled by vendors (Clayton, 2005). Specifically, overseas subcontractors may have access to bank account numbers and other documents required for a letter of credit. Some vendors may also process loans and have full access to loan data spanning the life of the loan.
3. Reputation Risk - The offshoring also involves reputation risk as the result of negative publicity stemming from adverse events, such as a violation of consumer law, disruption of service, or poor service.

Organization's Responsibility

When outsourcing involves turning over confidential information to a third party, it is organization's responsibility to institute an oversight strategy that includes a comprehensive due diligence examination on a prospective vendor, a determination as to whether the vendor will subcontract the work, and inclusion of appropriate contractual language to protect the organizations and individuals who provided the personal information.

The exposure a company risks by not taking additional steps to oversee its vendors can be illustrated by this one incident of Ziff Davis Media. The company ran a promotion on a website hosted by a third-party vendor. Due to what was termed as a "coding error," the third party's site exposed credit card information of some of the customers participating in the promotion (Connor, 2016) . This violated Ziff-Davis' privacy policy and they wound up settling with attorneys general from California, New York, and Vermont for $125,000 (Connor, 2016).

Conclusion

The practice of outsourcing has many financial and operational benefits for companies. Although there are potential risks that may arise in an outsourcing arrangement, those risks should not preclude a company from outsourcing as long as the proper precautions have been instituted to protect the privacy and security of the underlying personally identifiable information.

The company I work for is a financial institution that deals with stock market. The company has outsourced late night operations to India so when we sleep, they carry on the work. To mitigate the risks, the company practices separation of duties, peer reviewing, and supervisor's approval on all key matters. In addition to externa auditors, the company also have a team of internal auditors who run their reports daily, weekly and monthly. As long as accessing credential data, there multiple layers of verifications and controls placed, it anything is retrieved, it will give user name, and exact time of information retrieved. It is rather very quick to spot if there is any mistake, confusion, or breach. I believe Talent is not confined to United States :) and it is a smart solution to outsource offshore for to reduce cost. There are definitely plenty options and solutions to address the complexities of such arrangements, some of them are discussed in above.

References

Connor, M. (2016, December 9). The Privacy Concerns and Risks of Offshore Outsourcing. Medium. Retrieved from h../@martconnor312/the-privacy-concerns-and-risks-of-offshore-outsourcing-ea9ef7aceb12.

Clayton, G. (2005, March). Privacy: Outsourcing and the need for a vendor compliance strategy. Cyber and Privacy Risk and Insurance. Retrieved from https://www.irmi.com/articles/expert-commentary/privacy-outsourcing-and-the-need-for-a-vendor-compliance-strategy.