THE HOME OF THE GLOBAL SOURCING STANDARD

  • 3 Jan 2008 12:00 AM | Anonymous
    Following a hold-up while it investigated accounting errors from prior years, CSC has finally reported on its Q1 and Q2 performance, which sees Europe coming out well.

    The delay was due to the discovery of certain accounting errors related to accounting for income taxes and for the effect of foreign currency exchange rates from previous financial years. The corrections in accounting for income taxes resulted in a cumulative charge of $303 million for fiscal years 1995 through March 30, 2007, the company said.

    CSC reported it swung to a first-quarter net profit of $108.1 million, or 61 cents a share, from a restated net loss of $59.9 million, while revenue for the quarter came in at $3.84 billion versus $3.56 billion the previous year. For the second quarter, the company posted net earnings of $75.8 million, while revenue for the period came in at $4.02 billion versus $3.61 billion.

    European revenues grew 18% during the quarter and 17% for the half year. In constant currency, second quarter and year-to-date revenues increased 9%, making Europe the firm's strongest performer. “The really pleasant change in the company's FY08 performance is in Europe,” said research house Ovum's Phil Codling.

    “While CSC as a whole stalled in FY07, in H1 Europe grew by 17% to $2.20 billion, with constant currency growth of 9%. CSC's expanded NHS commitments account for some of this improvement, but CSC Europe is proving it is no one-trick pony. Growth appears to be more broad-based, with higher revenue from consulting and SI business in Europe, reflecting CSC's hiring efforts in these areas.”

    CSC CEO Mike Laphen conceded that Europe was outperforming the US. “The European environment, I am pleased to say, has picked up for us quite nicely both in France and Belgium and in what we call our 'central market', with the exception of Italy – we are still struggled a bit there.”

  • 3 Jan 2008 12:00 AM | Anonymous
    Despite gloomy predictions about the impact of the credit crunch, Accenture reported first-quarter net earnings of $381.3 million, up from earnings of $284.2 million a year ago.

    Total revenue for the three months ended 30th November rose to $6.1 billion from $5.17 billion last year. Operating income of $726 million for the quarter grew at the same pace as revenues, leaving operating margin unchanged at 13 percent. Bookings were $5.9 billion, including consulting bookings of $3.4 billion and outsourcing bookings of $2.5 billion, fuelled by both BPO and application outsourcing.

    In the Americas, revenues grew 11%, driven by growth in the US and Canada and by strong growth in Brazil and Argentina. In EMEA revenues increased 25% with continued upturn in the UK and double-digit growth in France, Italy, Spain and the Netherlands. Revenue growth in Asia Pacific was 29%.

    The results were above Wall Street's expectations and left CEO Bill Green in bullish mood. “Our $5.9 billion in new bookings this quarter was another major achievement,” he said. “We remain confident going forward with our bookings momentum and our revenue targets. We continue to keep a very close eye on global economic trends, developments in the capital markets, and other issues which may affect our business. But our first-quarter results demonstrate rich opportunities for the right services.

    “We look at what people think is going to happen their business and I think, on balance, people are pretty confident about what they see. Even in some of the areas that are challenged, people continue to invest broadly in their business. IT is a part of that, but there are a lot of other things people are doing to improve their business performance. We haven't seen any impact of IT budgeting on our business at this point.”

    Economic uncertainties and the credit crunch have done little to impact on Accenture as yet. “The fact is, we haven't had any deals terminated because of the economic situation, and we've had nothing pushed out because of the economic situation,” said Green. “When you stand back and look at it, if you look at the US business, 70% of the US companies expect pretty significant increases in sales, and almost 80% of those companies expect their employment to rise. Some of the industries that are challenged are clients that are coming to us for services that address short-term cost improvement.

    “I would say I did, in the last four weeks, probably 20 CEO one-on-ones, mostly in the United States. And in every one of those sessions, there were opportunities to expand our work and deliver more value to the client. But [there are] some industries that are challenged, people that might have been taking a longer-term view are sitting here at the beginning of 2008, and they are saying, 'I know we're going to do this transformation, that's a three-year journey'. But there is a thing called sort of the high impact near-term returns and people are saying, 'Can we drive short-term cost reduction and use some of the benefits of that to fund the longer-term transformation?'. People are looking at 2008 and saying: 'What can you guys do?'. So I can bring some money to the bank in 2008, for their 2008. And I think that's where demand comes from.

    “What I do make sure I do is have a handle on what the hell is going on in the business,” he added. “The only way to do that is with the big clients and that's why I have spent the last month out on the road. Taking people's temperatures, seeing how and what people are focused on. What do they need to do? Is globalisation still driving the competitive agenda? Every day there are changes in the competitive dynamic, and those changes create opportunities for Accenture.

    You can either let the business drive you or you can drive the business. I think what our leadership team has done is, knowing there are some uncertainties in the way the environment is made, so we took charge in that we are driving the business.”

  • 3 Jan 2008 12:00 AM | Anonymous

    Wipro plans to hire more than 900 employees for its 45,000 square-foot Cebu facility, which will handle customer-focused support processes starting the 2nd of January, 2008. The company is also looking at establishing additional centers in other fast-growing cities in the Philippines.

    The centre in Cebu will offer an exhaustive range of services to Wipro’s customers. The focus will be both on Voice and Non voice business in the field of Customer Service Support, Technical Support, HR Services, Financial & Accounting and Procurement Services.

    The global outsourcing giant chose the Philippines among several other locations due to the availability of qualified talent in the country. According to T.K. Kurien, President, Wipro BPO, “The Philippines is one of the largest English speaking nations with a strong IT orientation and a talent pool of 29 million. This is one location that we definitely want to expand our presence in.”

    Wipro’s choice of Cebu as its newest BPO destination highlights the Philippines’ emergence as a leading global outsourced service hub. Earlier this year, investment advisory firm Tholons identified Manila among the Top 5 prime outsourcing destinations, and Cebu as one of the leading emerging global destinations for outsourced processes.

    Tholon’s study also revealed that the outsourcers consider process maturity, availability of relevant skills and cost as the top reasons for deciding on the locations for IT and BPO services outsourcing.

    “Our business objective is to enable delivery of multi-lingual services to our global customer base. With a strong and robust game plan for the year, we are very clear in announcing Wipro’s arrival towards Global Serviceability, and Philippines is a major milestone in this journey” said Sanjeev Bhatia, Vice President, International Operations, Wipro BPO.

    Wipro BPO took a quantum leap in 2002 after acquiring Spectramind which then had 3,000 employees and now employs around 20,000 plus people at all its BPO centers across the globe. In 2007, the Hewitt Survey rated Wipro among the 25 Best Employers in India.

    As a part of its global expansion strategy, Wipro has already invested in several overseas centers. In the last nine months alone, Wipro successfully setup global delivery centers in Romania and Shanghai.

  • 3 Jan 2008 12:00 AM | Anonymous

    The Highways Agency has signed a £75m IT infrastructure outsourcing deal with Atos Origin.

    The five-year deal is aimed at making savings of 15% a year from the budget of the Highways Agency, which is responsible for operating, maintaining and improving England’s strategic road network.

    Under the terms of the contract, 120 Highways Agency staff transfer to Atos.

    The deal will see Atos support and develop the agency’s back-office applications. The IT services firm will also deploy its Atos Workplace Solutions managed desktop platform to automate desktop deployments and provides flexible access to corporate resources from PCs and mobile devices.

    The contract is the second major public sector deal Atos has signed within the past few weeks, following a £14m managed services deal with the Department of Culture, Media and Sport.

  • 3 Jan 2008 12:00 AM | Anonymous
    There’s no doubt this is an exciting time for our industry, but also a challenging, dangerous one as economic uncertainty in the US, Western Europe, and parts of Asia promises hard quarters for some, and a soft landing for others. I believe the UK economy will avoid recession by the skin of its teeth, but only as long as the property market does not tip into a downward spiral. One of the greatest threats will be the fear of it happening creating a self-fulfilling prophesy in the networked, always-on social media age. This could be a new phenomenon: if you imagine it, it will come.

    Some economists are even talking about the "perfect economic storm" as a combination of the credit crunch, the expense of inter-bank money-lending, that teetering property market, soaring crude oil prices and widespread political instability – not to mention the forthcoming US elections – spell trouble for 2008. Interest rates remain low, but job security is a question mark in the back of many people's minds.

    In 2008, economic turmoil means business failures, mergers, acquisitions, and takeovers; it means lay-offs and redundancies; it means a flight to quality, but also a flight from cost. It also means money will be finding safer havens (politically, and financially) and new opportunities in unexpected places, from emerging players like Vietnam, to growing customers like Japan – which has been culturally averse to aspects of the outsourcing model until now. Even as economic belt-tightening hits on these shores, there will be opportunities elsewhere for many in our industry.

    This will be a time of cultural upheaval for many businesses – and some nations too. The ever-present threat of conflict between India and Pakistan could have far-reaching consequences for the world – not to mention countless outsourcing deals, from call centres and technical support to editorial services for many UK publishers.

    This begs a big question: Do we and our customers have in place the outsourcing equivalent of disaster recovery: the ability to take business out of a warzone and place it elsewhere swiftly and with no loss of service quality to the customer? I doubt whether many companies have given this much more than superficial consideration – outside of a handful of truly global multinationals. Surely, however, the ability to manage and plan for unpredictability – once called ‘scenario planning’ – is the essential business skill for 2008 and beyond.

    Beyond the unpredictable threats, many of the maturing outsourcing destinations of choice from the past decade are consolidating after enormous growth – India, again, being a notable example. Such consolidation means wage inflation for both skilled and non-skilled worker locally, and thereby the need for India to add more and more value to compensate for the gradual erosion of the attractions of low cost. Other nations will see that as an opportunity to muscle into the market.

    What will that mean for potential customers? One thing is certain. Companies considering their outsourcing destinations will need to be politically sophisticated and have the confidence to back up their decisions. The attractions of outsourcing to, for example, Vietnam might be legion, but what will the untested PR implications be back home? This will pose complex questions of the relationship between some brands and their customers. The implication is that every part of the business must be involved in the decision to outsource. This begs another question: isn’t it time British business created a new job title: outsourcing director?

    Data security and data transfer between continents will be more important topics than ever before. We all know about the political fallout of recent security lapses and data losses within the UK. But what these have revealed more than anything, perhaps, is that junior staff at the coalface, as it were, do not necessarily have even the basic skills to handle electronic data.

    Beyond this, security lapses in contracts outsourced to Asia have seen a latent racism creeping to the surface in criticisms of that dynamic and vibrant continent, which has grown so successfully and with such skill. Surely there have been security lapses in the US, too, when confidential data transferred from UK public-sector clients to US sites have been lost. Has this led to widespread condemnation of American competence and employee skills? No, which calls into question the virulent criticism in some quarters of outsourcing destinations in the East.

    And who is to be held accountable for such lapses? Ministers, perhaps, will begin to face criminal proceedings for breaking their own data security laws, or compromising the privacy and security of named and nameless individuals.

    So welcome to the world of outsourcing, 2008 style. There will be opportunities aplenty for many in our industry, particularly when many customers and potential customers will need to tighten their belts and purse strings and outsource non-core functions outside of the UK. However, our industry and our customers may also face entirely new sets of questions – political, strategic, economic, security- and privacy related, and in terms of public relations. (Economic uncertainty is certain to breed customers intolerant of poor service and broken promises). We should have our answers prepared for the questions we will all face.

  • 2 Jan 2008 12:00 AM | Anonymous
    Was 2007 a red-letter year for the outsourcing industry? For a great many industry insiders, yes, and we should celebrate that, but let’s be realistic. In the minds of the public, and in particular the British public, it was a red-letter year in the sense of the heat generated by piles of irate correspondence on tabloid maildesks.

    Successful outsourcing is inconspicuous to the wider world – and so it should be; it’s about creating a seamless, efficient experience – while the press and public will always remember and discuss conspicuous failures, especially those resulting from human frailties – such as the employee who downloaded data from a multimillion-pound computer system, and then lost it in the post. What does this tell us about major public databases? Not that they are insecure from hackers or malicious fraudsters; rather, that many staff using them do not have even a basic understanding of how to handle electronic data securely. This is where security fails: not at the firewall, but in the mailroom, or on a cluttered desk.

    No-one notices joined-up public service, because the successfully outsourced experience is a forgettable one; while everyone remembers being asked by a call centre worker where the major city you are calling from is located, especially when it is the location of their company’s head office. They will forever associate that experience with the company, brand, or organisation it represents. This is especially true of public services, such as the NHS, the Inland Revenue, and so on.

    The Blair government looked favourably on technology as it saw it as an exemplar of ‘modernity’, and Blair’s catholic (i.e. universal) quest for modernity – preached from his ever-present invisible pulpit – was perhaps the defining idea of his premiership, alongside compassionate smartbombing in the approximate direction of democracy. Gordon Brown has maintained a dignified silence on the pursuit of modernity, but largely because he bankrolled it for more than a decade with mixed degrees of success.

    This year is the time to accept that technology in isolation driven by the ‘need to be modern’ is a recipe for disaster. 2008 needs to be the year in which public servants stop talking about technology as though they are dealers in an arms race, and start talking about people. It must also be the year when the government finally recognises the clear, repeating patterns in the failure of many large-scale projects.

    The massive loss of data and public confidence from a number of government services, including the child benefit system and several NHS trusts illustrate this all too well. The NHS IT project, the ID card scheme, and other major strategic projects are all being discussed as technology solutions to technology problems, all flaws or security concerns within which will be fixed by throwing yet more, world-beating, gold-standard technology at them. This is nonsense.

    Minister after minister has been wheeled before the cameras to say that the ID card scheme will succeed because it will be backed by the very best in security technologies, just as the overarching NHS IT system will be when it finally goes live. This, I’m afraid, is completely, supremely, almost ludicrously irrelevant.

    The truth is that technology, databases, networks, and communications systems are nothing more than high-tech representations of an organisation’s management structure and corporate policy. They connect human beings together, in accordance with rules set out by the management, and merely facilitated by wires, routers, hubs, servers, optical communications, and so on.

    These systems either succeed or fail because of people, policies, and management, and they usually fail not because the people at the top have actively screwed up, but because the people at the bottom have never even been considered, and perhaps know nothing about electronic data, let alone data security and privacy laws. And it’s not just the people at the bottom: just ask the Qualcomm executive who several years ago attended a conference on IT security. He left his laptop there; the equivalent of leaving an entire company in a suitcase.

    Take either the ID card scheme or the oft-delayed NHS IT project.

    Question: Who enters data into computer systems? Who sits and manually types record after record into a computer terminal? Who will have the time to check the veracity of data? Who will interpret and update and standardise reams upon reams of data stored in filing cabinets, in ringbinders, on outdated databases, on thousands of computer disks (some of them probably long-outmoded)?

    Answer number one: Highly qualified professionals who mysteriously have months of free working hours to plough through millions of records, cast their professional eye over the contents, check with the person who the data represents, and then correct the information?

    Or answer number two: poorly qualified, poorly paid, or relatively low-skilled workers; people on minimum wage; people with little more than basic secretarial skills; early school leavers; undergraduates in holiday jobs; people whose second language may be English; and people in far-flung parts of the world working for remote corporations?

    This is the flaw in the system: not the system itself, nor the firewalls and encryption protocols; nor black-hat hackers waging cyber-warfare from a bunker in North Korea. It’s the normal, everyday working people who do the manual labour, many in outsourced locations. All of them may be trustworthy and intelligent, but most of them have never even been factored in to the management’s thinking.

    We all know that the only person who can read your doctor’s handwriting is your local pharmacist, so perhaps we should employ a few thousand pharmacists!

    Let’s hope as we plough forward into 2008 as an industry, and as customers of an industry, that we learn one vital lesson about major, multibillion dollar contracts established on behalf of the public: technology, and large-scale public technology implementations are primarily about three things: people; corporate policy; and corporate social responsibility.

    A peaceful and prosperous 2008 to one and all.

  • 2 Jan 2008 12:00 AM | Anonymous
    Welcome to sourcingfocus.com, the new community portal for the outsourcing industry, published in association with the National Outsourcing Association (NOA).

    On this site in the coming weeks, months and years you will find all the professional news, analysis and features you would expect, together with opinion pieces by some of our industry’s leading spokespeople, senior executives, analysts, and industry figureheads. Not only that but there will be both a vertical and a horizontal industry focus, and a host of other unique content that will be unveiled in the coming months covering every part of the globe, every industry sector, and every market within this burgeoning industry. We’re going to slice and dice the outsourcing industry like never before to give you new perspectives on the movers and shakers, from the big names to the smaller, more nimble players who will punch above their weight over the coming year. Together, we aim to make this the only destination for outsourcing news and information you need, but we will also be making it entertaining, provocative, and controversial; if you’re not discussing ideas around the water cooler, then we’re not doing our job. One thing I loathe as a journalist is news analysis that ends with the words “only time will tell”; I dislike the word “somewhat”; and I value writers who not only gather news, but also have a strong opinion. I want to know what the writer thinks and believes, not that he or she is pointing a finger into the wind and refusing even to guess. We’re going to tell you what we think, and we want you to do the same. Perhaps you could even write for us? Sourcingfocus.com will be at the leading edge of outsourcing debate, and we’ll be asking opinion formers from outside the outsourcing industry, from politicians to customer giants, to share their expertise, and their unique perspectives, with our readers. So welcome, then, to your portal. Is there something you want to see, or to share? Tell us. We will always value your feedback, your ideas, and your innovation. Let’s make this fly. With best wishes for a prosperous year. Chris Middleton, Editor

  • 1 Jan 2008 12:00 AM | Anonymous

    Luxoft, Russia’s largest provider of high-end IT outsourcing services and product development to clients such as Deutsche Bank, IBM, UBS, T-Mobile and Ping Identity, today issued its annual predictions for the IT outsourcing industry in 2008. These predictions cover a range of technical, business and relationship issues demonstrating the increasing maturity of the global IT outsourcing market. Top areas to watch include:

    Transformational outsourcing will drive true innovation

    In 2007 as the outsourcing market continued to mature, many companies realised that outsourcing can bring value far beyond simple cost savings and tactical software development. The issue for some clients was obtaining the level of innovation they were seeking from vendors.

    In 2008 Transformational Outsourcing – leveraging vendor knowledge and expertise to reinvent client business processes – will gain more traction. Here clients require vendors with an in-depth grasp of their industry to support and create mission-critical business processes, manage change and think beyond the initial brief.

    Managing and measuring agile comes next

    In 2007 agile software developments started to take root in outsourcing engagements. Agile software development is the developing of software in shorter iterations and in a much more collaborative fashion.

    In 2008 agile development adoption will continue apace. However, as in-house teams start to truly understand this approach, they will also need to determine how to effectively manage and measure the success of their efforts. It will be critical to secure vendors that have already mastered agile to fuel this next step.

    Eastern Europe & Canada provide hot destinations

    In 2007 as nearshoring developed in popularity, Eastern Europe and Canada began to pick up steam as outsourcing destinations particularly for European and North American companies as well as US multinationals.

    The Eastern European software industry grew by 12.53 percent in 2006 and is estimated to grow at a CAGR of 10.87 percent until 2008. The Ukraine is an especially promising spot with its offshore outsourcing market growing 47 percent in 2006 and 30,000 IT graduates joining the workforce each year.

    In 2008 these two regions – known for technical excellence, innovation and solid business practices – will continue to gain prominence.

    Strong European client demand continues

    In 2007 European customers, particularly in the financial services and banking sectors, had a strong appetite for outsourcing. In fact, demand for outsourcing in Europe increased dramatically in the first half of 2007, rising as high as 78 percent compared to the first half of 2006. This increase meant that Europe accounted for 54 percent of new outsourcing contracts worldwide, compared to 32 percent last year and 38 percent on average for the last five years.

    This strong growth will continue in 2008 with U.K. and German clients being the most active seekers of outsourcing services delivered via a nearshore, Eastern European model.

    Embedded Development and product engineering take outsourcing deeper

    Over the past year, clients in the automotive, industrial, electronics and telecommunications equipment industries have been increasingly seeking outsourced talent to assist their in-house embedded development teams. This trend will continue in the coming year with vendors needing to possess proven skills in working with human-machine interfaces and hardware communication protocols in order to provide successful embedded development support.

    In addition, some outsourcing vendors are beginning to provide ground-up software product development and engineering support for offerings that will be packaged and marketed by their independent software vendor clients. This will develop in 2008 as transformational and innovative outsourcing grows, agile development will also be a major factor in increasing time-to-market.

    Software testing grows in scope

    Software performance and product testing, once almost exclusively done by in-house teams, has started making its way onto the outsourcing scene over the past few years.

    In 2008 the scope will broaden beyond traditional functional and system integration testing to encompass overall system performance, scalability, usability and security testing bringing higher value to the client’s organisation. This will require new outsourcing services to be offered in the market in the areas of system performance engineering, test automation and regression testing efficiency.

    Country-to-country collaboration creates strange bedfellows

    In 2007 many new kinds of outsourcing resource models developed including vendors setting up shop in other countries to tap into resources in a continually tightening talent market.

    In 2008 we’ll see this taken a step further with vendors in highly competitive outsourcing countries teaming up or even forging vendor/client relationships. This could, for example, bring Russia and India or China together in new and interesting ways.

    Global delivery and nearshoring both in high demand

    2007 was the year of the nearshoring buzz as clients wanted the combined benefits of proximity and familiarity as well as the manpower boost of outsourced resources.

    In 2008, nearshoring will continue to play an important role but clients will increasingly widen their scope demanding that their key vendors have strong outposts around the world that can handle global delivery. Established and well-staffed vendor locations in North America and Eastern Europe will be vital.

    Security becomes paramount as relationships evolve to partnerships

    In 2007, as some outsourcing vendor/client relationships evolved into innovation partnerships, tight security planning and policy execution became even more pressing.

    In 2008, with greater depths of data potentially being shared through transformational outsourcing, embedded development and product engineering programmes, security practices will need to become a more natural and proactive part of any successful engagement. Security planning and procedures must also span across all forms including systems, data, IP, physical, and staffing and should also include disaster recovery blueprints.

    Russian Outsourcing Continues To See Record Growth

    In 2007 Russia was increasingly recognised by the industry, influencers and clients, as a world-class outsourcing destination, particularly in its ability to tackle high-end, complex development and business process challenges. This recognition showed in the market growth of Russian outsourcing to over $1B in 2006-2007 as well as 40 percent year-onr-year growth since 2003.

    Strong continued expansion is expected into 2008 and beyond.

    About Luxoft

    Luxoft, founded in 2000, is Russia’s largest provider of high-end IT outsourcing services with operations in the U.S., Canada, U.K., Ukraine and the world’s largest delivery capabilities in Russia and CIS.

    Luxoft works with global enterprises and independent software vendors (ISVs), enjoying long-term relationships with industry leaders such as Deutsche Bank, IBM, UBS, T-Mobile and Dell.

    Luxoft's software development processes meet the highest quality standards, and the company was the first in Europe to achieve Level 5 CMMI quality certification. Luxoft runs research and development centres in Moscow, St. Petersburg, Dubna and Omsk in Russia, as well as centres in Kiev, Dnepropetrovsk, and Odessa, Ukraine, and Vancouver, Canada.

    Luxoft is the recipient of the 2007 Frost & Sullivan Global Outsourcing Growth Excellence & Customer Value Leadership Award; its long-term client Deutsche Bank recently won an Applied Innovation Award from the IAOP, Wipro, the ITAA and Forbes for a CRM system jointly developed with Luxoft.

  • 18 Dec 2007 12:00 AM | Anonymous

    SNC-Lavalin ProFac Inc.,has been awarded a contract by Standard Life to provide facility management services for its investment real estate portfolio.The five-year contract begins on January 1, 2008, with options for renewals.

    SNC-Lavalin ProFac was selected by Standard Life to improve services, optimise building operations and deliver cost-savings for its 70 facilities in the Life Account real estate portfolio.

    "Standard Life is a great partner, and we are delighted to be working with them on this mandate," said Charlie Rate, President of SNC-Lavalin ProFac. "We are confident that we will deliver the level of service expected by both Standard Life and its tenants."

    The new contract calls for SNC-Lavalin ProFac to take over the operations and maintenance of approximately eight million square feet (about 800,000 m2) of real estate.

    "Following our RFP process, SNC-Lavalin ProFac was the obvious partner of choice for us," said Gary Aggett, Vice-President, Real Estate Group for Standard Life. "Their systems, processes and procedures provided us with the peace-of-mind necessary to smoothly transition the servicing of our buildings over to them."

    SNC-Lavalin (TSX: SNC) is one of the leading engineering and construction groups in the world and a major player in the ownership of infrastructure, and in the provision of operations and maintenance services. The SNC-Lavalin companies have offices across Canada and in 34 other countries around the world and are currently working in some 100 countries.

  • 18 Dec 2007 12:00 AM | Anonymous

    The issue of data encryption has been brought into sharp focus recently with the HMRC data loss fiasco. Since that catastrophic incident, in which the records of 25 million Britons were lost in the post, the Information Commissioner, Richard Thomas, has come forward to warn that several other public bodies have now stepped forward and admitted that they too have lost personal data. It has also become apparent that this is not the first HMRC data loss – there have been seven breaches of data security since 2005. With critical and confidential data of UK citizens floating about everywhere from post boxes to rubbish dumps, the encryption of data is taking on a more and more central role. Data encryption will not prevent these physical losses, but will, of course, mean that this data is not accessible.

    A key problem within the public sector is that of awareness – the government admitted that civil servants ignored, or possibly didn’t know, their own security policies and procedures in copying database information to disk and sending it unencrypted in the post. A recent survey showed that almost 90% of public sector IT managers said staff would open unknown e-mails and 75% connect private USB devices to their work PCs. This is a far worse problem than in the private sector. Getting public sector IT managers to understand the issues associated with data encryption is the first step towards solving the problem.

    One of the most important questions that needs to be asked is whether public sector organisations are obliged to use data encryption technology. The answer is no – there is no explicit obligation under the Data Protection Act (DPA) to use encryption, although the DPA does state that ‘appropriate technical and organisational measures’ should be taken to ensure data is kept completely secure, which could be taken as referring to encryption. However, it is widely recognised that data encryption helps to secure electronic data and safeguard privacy and therefore it is surprising that not been more widely adopted in the public sector.

    A recent survey of UK businesses carried out by the Department of Trade and Industry reported that, of businesses surveyed, 30% of those who use online transactions do not encyrpt them. The Information Commissioner’s Office expects that an organisation’s security policy and practices should reflect the technology that is available. Therefore, as encryption technology become more widely available more organisations should start adopting it.

    But how can the public sector better safeguard itself from another HMRC disaster? The simple solution would be not to copy huge reams of information to a disk at all, but to transfer them directly to the receiver in an encrypted form over either internal or external networks. The sender would have to use software that encrypts the data using strong algorithms encrypting sensitive data at source and tightly controlling and monitoring the way people access the database. A common problem that arises when data encryption is on the agenda is that of who has access to the data. The whole point of encrypting the data is to make sure that data thieves and those who have not got permission to access the data are not allowed to use it. Therefore authorised personnel need to be given passwords of a suitable complexity that they can be remembered but not cracked.

    This is magnified when the complexities of a shared service centre come into play. Shared services are about the consolidation of a set of services common to multiple business units, such as HR or finance and accountancy. The shared services approach is increasingly being used in the public sector to maximise efficiency. When data is coming in from a number of different sources to a single data processor (the supplier) the encryption technology must meet these added requirements. The contract drawn up with the supplier for multiple end users must accomodate the added complexity of encrypting data from a number of different sources and the complications arising from the different levels of encryption needed within a single centre.

    Another occasion in which data encryption is vital is within an outsourcing arrangement. When outsourcing, the public sector body must choose a supplier that can provide sufficient guarantees with respect to the technical and organisational security measures governing the processing of data. The public sector must also take reasonable steps to ensure compliance with those security measures, including undertaking regular audits and reviews.

    As HMRC discovered to their cost, data encryption is a vital part of any security system. Using data encryption is a necessity for public sector organisations, but they need to include this within a rounded, holistic security policy including both data and physical security.

Powered by Wild Apricot Membership Software