How shared services companies secure client data
Credit to Author: The Manila Times| Date: Thu, 14 Mar 2019 16:33:58 +0000
These days, monitoring and managing of business processes have been made easy with the help of shared services companies. Corporations can now reduce costs, get better insights faster, support strategic initiatives and focus on profit-making activities without worrying about administrative tasks.
Shared Services is a tactic to effectively reduce cost and streamline organizations that it serves. It also improves process efficiency and effectiveness. It centralizes the company’s administrative functions that different departments or divisions usually handle.
Shared Services brings down cost by standardizing and digitizing existing processes and procedures. It commonly focuses on accounting, human resources, finance, and even information technology. It is a popular business strategy that’s been adopted by many companies all over the world. Over time, it has become a comprehensive and flexible tool for businesses, especially to those with a large number of staff.
Since a shared services organization has access to personal information, the risk of sensitive data being compromised, either maliciously or unintentionally, is heightened.
An effective data life cycle management is therefore necessary to ensure the confidentiality of client information. Shared services organizations commonly do this to keep files restricted and avoid data breach.
The cycle starts with the acquisition, capture or the collection of data. Examples of methods to get client information (usually directly coming from the client) include surveys, interviews or provision of a whole set of data by a third-party source. The purpose of the data must be stated upon collection – where and how it will be used, as well as the scope of the service it will be worked on, must be clear to make sure that the data will remain restricted and confidential.
The next stage is data backup and recovery. Collected data, either in hard or electronic copies, go through an archival or retention process. Hard copies can be kept in folders and secured cabinets while electronic copies can be stored in cloud applications accredited by the National Privacy Commission (NPC).
The third stage is data management and maintenance where processed data are now ready for usage and sharing within the organization. Shared data are usually incorporated into decision-making, planning, and operations. They allow the user to have a clear picture of the impact of decisions made in the past, thus guiding them towards the next course of action.
The last part of the data life cycle is data retention or disposal. The agreement with the shared service organization must indicate until when the obtained data should be stored and how it will be disposed. Storing of data usually depends on how long the process will last, or on regulatory requirements. In other cases, data may be retained as long as there is consent to keep or even share it with third-party organizations.
On the other hand, the process of disposal depends on the type of data acquired, be it in hard or electronic copy. Hard copies are typically shredded while electronic copies are deleted from the system, unless stated otherwise.
Looking at the amount and kind of information that a shared services organization has, data protection is obviously one of its most significant responsibilities. They acquire important information that can threaten not only a person’s identity but also, if a large-scale breach happens, the safety of the whole corporation or even the nation. The shared services organization should be wary of network or social attacks – hackers generally target them because of the data they possess. Confidential and restricted information such as a person’s full name, birthday, social security number, email address, medical information, and bank account numbers are the very kind of data considered a gold mine by cybercriminals.
The shared services organization on top of its cybersecurity program means it has established data protection policies and procedures that sufficiently protect data throughout its life cycle. They must educate and create awareness, thus instilling a security culture within the organization. In some cases, it is better to consider working with an expert who can help establish a more robust data protection solution to monitor, detect and prevent threats.
* * *
Jimmy D. Disquetado is the Director for Operations of PricewaterhouseCoopers Business Services Philippines Co. Ltd., a member firm of the PwC network. For more information, please email markets@ph.pwc.com. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
The post How shared services companies secure client data appeared first on The Manila Times Online.