Staff in call and other data processing centres in India are taking customer information - such as credit card data, passport and driving licence numbers and personal banking details - and selling it "to the highest bidder" leaving corporations open to legal liability.
The Payment Card Industry Data Security Standard (PCI DSS) - adopted by the major credit card brands - requires organisations to monitor outsourcing service providers and states they are liable for fines if that provider compromises their data.
Moreover, the investigation for Channel 4's Dispatches, found that customers are at risk of fraud and embezzlement with call centre staff acting as a facilitator, taking information and selling it to another company, which uses the data to steal identities.
David Taylor, former Gartner analyst and VP of data security strategies at Protegrity, believes lax legal and corporate oversight plus the lack of security software has left corporations open to substantial risks.
"There is no enforcement of policy and limited management which creates tremendous opportunities to people willing to steal sensitive data and sell it on the growing data market," he said.
"The company's reputation and business is on the line. They need to be more active and implement clear controls on employee behaviour, encrypt data, restrict software and pay more attention to service providers and what they are doing to protect their data," he added.
Taylor feels outsourcing is here to stay but this approach may enable the corporation to continue to benefit financially from offshoring while keeping data safe.
He said: "This data is very valuable and this particular threat is a big problem for corporations but they are beginning to pay attention and hopefully this investigation will raise awareness further."
Research compiled by Gartner found that over 70 per cent of all threats to sensitive data come from within the organisation.
The Dispatches Data Theft Scandal is on Channel 4 tomorrow at 9pm.
.jpg&h=146&w=240&c=1&s=0)
