When it comes to Americans’ feelings about offshoring personal data, much depends on the type of information and where it’s being sent, according to a recent survey by the Ponemon Institute. “Anecdotally, people seem to have pretty mixed feelings. You talk to one person and they say they hate the idea of sending their personal information offshore; another person will say it doesn’t make a difference to them at all,” says Larry Ponemon, who conducted the survey of more than 1,200 Americans. “This research is empirical validation that the public has mixed feelings.”
When asked about an American company sending basic information such as name, address or phone number to another country, only 42 percent of the survey’s respondents were opposed to the idea. But as the nature of the data going offshore became more sensitive, so did respondents: 64 percent did not want employee records offshored; 69 percent were opposed to credit card information leaving our shores; 74 percent were against sending banking data abroad; and a whopping 83 percent didn’t want their health records leaving the country. (See “Degrees of Touchiness,” this page.)
Where the information is going is as important as what it is. Canada, Ireland, India and Wales received the highest overall trust rankings out of a total of 47 countries. (For more on the pros and cons of outsourcing around the world, see “Global Outsourcing Guide 2006,” Page 64.) “I was surprised about India. I expected people to say it’s a developing economy and could be dangerous, especially with some publicized incidents of data exposure and theft there,” says Ponemon. “Yet, we found that most people felt pretty comfortable with information being sent there. They have a track record; they’re an English-speaking culture that, for the most part, seems dedicated to good security.” At the bottom of the trust index were the Philippines, Mexico, Haiti and Russia. Political unrest both in the Philippines (a large call center location) and Haiti may have tarnished the image of those countries, says Ponemon. Russia’s well-known high piracy rates and the recent publicity surrounding Mexico’s border security may have triggered negative feelings about data traveling to those nations, Ponemon posits.
The bottom line for CIOs? Factor the cost of public concern into your ROI when making a business case for offshoring. Although only 9 percent of respondents would pay more to ensure that their personal information was not sent offshore, the impact of an actual security breach could be costly. “If you have a privacy meltdown, and, oh, by the way, it happened in the Philippines, watch out. It can be a pretty large cost,” says Ponemon. “You’ll need to do a lot more explaining up front if you choose to send data to a country that people deem dangerous. Factor trust into the equation.”