The risks of outsourcing sensitive information have not been lost on security and compliance managers. It remains a critical issue, as the outsourcing imperative continues to heat up.

To the list of risks, we can add another: Legal risk. At least three lawsuits have been filed against Bank of America and American Express, alleging all kinds of privacy breaches, notes Nearshore Americas. The gist of the suits, which are seeking class-action status, is that by sending customer calls abroad, these companies have also sent relevant customer financial data to foreign nationals and possibly U.S. security officials.

One suit contends that American Express' outsourcing arrangement with an overseas company provides an opportunity for the U.S. government, via the NSA, to obtain financial and personal information that should be private and protected by law. The suit doesn't actually say what the NSA is doing, but the plaintiff's point is that a breach could occur. The plaintiffs lawyers think there ought to be some sort of disclosure.

So is this a legitimate concern? Or the active imagination of plaintiffs' lawyers bent on a big payday? I doubt the suit has legs, but at the same time, it does represent a cost to the companies. That qualifies it as a risk. Just a note, this is being portrayed in India as yet another challenge to their considerable outsourcing business.

For more:
- here's the article

Related articles:
Why is Goldman Sachs creating jobs overseas?  
How to know if your compliance program is successful