Data breaches by rogue employees – employers still liable: Vicarious liability applies
John Warchus | 31.01.2019
16.01.2018 Dorothy Agnew
For thousands of businesses across the UK, outsourcing IT provides greater value, a better return on investment and peace of mind. It allows companies to spread their investment in IT infrastructure and call upon a wealth of expertise as and when needed, rather than employing a large in-house team.
Global business spending on IT outsourcing and hardware maintenance has increased from a total value of about 400 billion US Dollars in 2013 to near 503 billion US Dollars forecasted by the end of 2017. But high value IT contracts come with their own risks and it is vital to know what you are signing up to before putting pen to paper.
It is also in the interest of you and your Managed Service Provider to ensure that both parties are in agreement about their respective roles and responsibilities under the contract.
In this Top Tips article, I have given guidance on the questions you should ask when finalising the contract and any service levels for performance of the service.
1. Know what you want and involve your IT team
It sounds so simple but know what you want from your IT supplier and what the minimum is that you expect from them. If you have your own in-house IT team, make sure you involve them in the contract process – they have the best understanding of what systems and features are required to support your business going forward so use them to your advantage. Ask them to work with your procurement or legal team to check that the contract covers everything you need both now and in the future.
2. Read the small print and don’t be afraid to ask questions.
One of the main risks of outsourcing IT is ensuring adequate service level commitments. An outsourcing provider might promise the earth in their sales patter and marketing literature but when you look at the terms of the contract they give few assurances about the services and limited remedies if things go wrong. Any pre-contract assurances given by the provider about the service should be clearly documented in your agreement with the provider.
Things to check in the contract include:
3. Negotiate a liability amount that protects your business
One of the most common problems businesses face when outsourcing their IT is that the supplier excludes or limits much of their liability within their contract. A low limit of liability may significantly reduce the effectiveness of any assurances given about the service and security of your data. Financial limits on liability set by a supplier can be as low as several thousand pounds. If a service provider is responsible for hosting your entire transactional website or customer database, the economic consequences of a loss of data or dealing with a cyber attack could be significant. The cost of reconstituting the lost data alone could exceed a low cap on liability. Added to this are the financial impact of lost profit, damage to reputation and fines that may be imposed by the Information Commissioner. Take time to calculate the losses that could be incurred in a worst-case scenario and use that to negotiate a liability amount that protects you.