Negligent Liability & IT Outsourcing Negligent Entrustment

Negligent Liability & IT Outsourcing Negligent Entrustment Liability Negligent entrustment is where personally identifiable information is outsourced to an insecure back-office operation (Rustad, 2007). Organizations have an affirmative duty to ensure that data is secure regardless of whether it is in-house or outsourced, or where it gets outsourced to. The liability centers on the companies who have direct liability to consumers and businesses, not just the outsource operation. has international standards for the protection of intellectual property. U.S.

companies have an independent duty of care to ensure third world back-office operation comply with reasonable data security standards. It is a company's duty to do security audits before transmitting sensitive information. Negligent enablement lawsuits come about to hold the handler of information directly liable for facilitating or paving the way for cybercrime by direct negligence. AU.S. organization that does not do security audits on the outsource operations can be held liable for the negligent acts of the outsource operations.

'Depending on the organizational industry, laws, such as SOX, HIPAA, and identity theft laws, apply to the U.S. organization. There are also global requirements that present legal issues of taxes, labor laws, and safety regulation requirements (Jones). Firms must legally protect information, privacy of employees and customers, and safeguard trade secrets. The firm has the legal responsibility to make sure that information is protected under all laws that pertain to the particular information, even if it is outsourced.

Companies face huge risks of legal issues if they do not have the means to ensure the safeguarding of information with outsourced information. They must have a means of monitoring the outsource operations of the information to ensure the protection of the information itself. Outsourcing IT SOX, Section 404, Management Assessment of Internal Controls, the majority of internal controls are embedded in the technology system (Hall, 2007). And, SOX, Section 302, Corporate Responsibility for Incidence Reports, requires senior financial executives to disclose deficiencies in internal controls and fraud, whether material or not.

Auditors must also attest to the adequacy of internal controls. Corporate management has high risks involved when outsourcing IT. They are still held liable regardless of whether IT operations are in-house or outsourced. There are negative implications concerning the outsourcing of IT. The ability of top management and directors to monitor financial reporting is diminished to the extent that a firm distances itself from IT operations with large scale IT outsourcing.

Management tends to lose the ability to understand technology and IT strategy and cannot effectively oversee operations, procedures, and controls. IT outsourcing increases the likelihood that other internal control failures will go undetected. The cost of oversight is likely to escalate due to management responsibility for certifying controls annually. The organization could be responsible for large termination fees. Potential problems increase with outsourcing systems. Organizations can still outsource and comply with all laws without the possibility of sanctions.

Planning the project, defining the scope of the project, investigating the validity of.