Strategy for privacy assurance in offshoring arrangements

Purpose Offshoring is a common practice to operationalize global business strategies. Data protection and privacy assurance are major concerns in such international arrangements. This paper aims to examine the strategy adopted to ensure privacy assurance in offshoring arrangements. Design/methodology/approach This is a literature review to understand privacy assurance strategies adopted in offshoring arrangements and an exploratory case study of captive offshoring arrangement with onshore location in Canada and offshoring locations in India and Philippines. A comparative analysis of the privacy laws and privacy principles of Canada, Philippines and India has been done. Findings It was found that at the time of migration of process or work to the offshore location, organizations follow a conformist privacy strategy; however, once in business as usual mode, they follow entrepreneur privacy strategy. Privacy impact assessment (PIA) was found to be an important element in resolving the “administrative problem” of an offshoring organization’s privacy assurance strategy. Research limitations/implications The core privacy principles are outlined in the PIA templates; however, the current templates are designed to meet the conformist strategy and may need to be revised to include the cultural aspects, training, audit and information security requirements to plan and deliver on the entrepreneur strategy. Practical implications Offshoring organizations can benefit by planning for entrepreneur privacy assurance strategy at the inception stage. Enhancements to PIA templates to facilitate the same have been suggested. Originality/value Privacy assurance strategy followed by organizations while offshoring has been examined. This paper suggests extending the PIA process so that it covers privacy assurance requirements in offshoring arrangements. The learnings can be used in managing privacy assurance requirements in similar multi-country offshore arrangements.

[1]  Kevin P. Scheibe,et al.  The Digital Persona and Trust Bank: A Privacy Management Framework , 2005 .

[2]  A. Richardson,et al.  Institutional Pressures on University Accounting Education in Canada , 1994 .

[3]  B. Kedia,et al.  Offshoring satisfaction: The role of partnership credibility and cultural complementarity , 2015 .

[4]  C. Goodwin Privacy: Recognition of a Consumer Right , 1991 .

[5]  R. Jain,et al.  Factors influencing the outsourcing decisions: a study of the banking sector in India , 2011 .

[6]  David Wright,et al.  Developing a privacy seal scheme (that works) , 2013 .

[7]  Heng Xu,et al.  Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts , 2013, Eur. J. Inf. Syst..

[8]  Annie I. Antón,et al.  Financial privacy policies and the need for standardization , 2004, IEEE Security & Privacy Magazine.

[9]  Tamara Dinev,et al.  An Extended Privacy Calculus Model for E-Commerce Transactions , 2006, Inf. Syst. Res..

[10]  Guido Nassimbeni,et al.  Security risks in service offshoring and outsourcing , 2012, Ind. Manag. Data Syst..

[11]  Laura Abramovsky,et al.  Outsourcing and Offshoring of Business Services: How Important is ICT? , 2005 .

[12]  Sandra J. Milberg,et al.  Information Privacy: Corporate Management and National Regulation , 2000 .

[13]  Roger Clarke,et al.  An evaluation of privacy impact assessment guidance documents , 2011 .

[14]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[15]  Geoff Skinner,et al.  The TLC-PP framework for delivering a Privacy Augmented Collaborative Environment (PACE) , 2007, 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007).

[16]  Deirdre K. Mulligan,et al.  Privacy Decisionmaking in Administrative Agencies , 2008 .

[17]  Sarah Spiekermann,et al.  Privacy-by-Design through Systematic Privacy Impact Assessment - a Design Science Approach , 2012, ECIS.

[18]  Paul De Hert,et al.  Introduction to Privacy Impact Assessment , 2012 .

[19]  Ling Qiu,et al.  Protecting business intelligence and customer privacy while outsourcing data mining tasks , 2008, Knowledge and Information Systems.

[20]  Hock-Hai Teo,et al.  The Value of Privacy Assurance: An Exploratory Field Experiment , 2007, MIS Q..

[21]  Andrew Charlesworth,et al.  Analysis of Privacy Impact Assessments within Major jurisdictions , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[22]  Kush Wadhwa,et al.  Integrating privacy impact assessment in risk management , 2014 .

[23]  Lisa Singh,et al.  Can Friends Be Trusted? Exploring Privacy in Online Social Networks , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[24]  C. Oliver STRATEGIC RESPONSES TO INSTITUTIONAL PROCESSES , 1991 .

[25]  J. Freedman,et al.  Conceptions of Crowding. (Book Reviews: Crowding and Behavior; The Environment and Social Behavior. Privacy, Personal Space. Territory, Crowding) , 1975 .

[26]  Rachel Finn,et al.  A Comparative Analysis of Privacy Impact Assessment in Six Countries , 2013, Journal of Contemporary European Research.

[27]  A. Lewin,et al.  Governance modes for offshoring activities: A comparison of US and German firms , 2011 .

[28]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[29]  Wulong Gu,et al.  Export‐market participation and productivity performance in Canadian manufacturing , 2003 .

[30]  Beryl Burns,et al.  Offshoring: secure or open to the praying mantis? , 2008 .

[31]  Robert E. Crossler,et al.  Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems , 2011, MIS Q..

[32]  Annie I. Antón,et al.  How internet users' privacy concerns have evolved since 2002 , 2010, IEEE Security & Privacy.

[33]  Dmitrij Slepniov,et al.  Accessing offshoring advantages: What and how to offshore , 2015 .

[34]  N. Kshetri Institutional Factors Affecting Offshore Business Process and Information Technology Outsourcing , 2007 .

[35]  C. Goodwin A Conceptualization of Motives to Seek Privacy for Nondeviant Consumption , 1992 .

[36]  Charles Oppenheim,et al.  Privacy Impact Assessments: International experience as a basis for UK Guidance , 2008, Comput. Law Secur. Rev..

[37]  R. Wigand,et al.  Organizational Privacy Strategy: Four Quadrants of Strategic Responses to Information Privacy and Security Threats , 2014 .