Outsourcing Data Increases Security Risks, McCarthy Tells Bloomberg Law

Bloomberg Law reported the Equal Employment Opportunity Commission (EEOC) told a federal judge it might need to hire an outside contractor to meet a court’s demand to collect pay information.

The EEOC selected NORC at the University of Chicago, a data and analytics organization. The personal data on wages from 60,000 employers would be turned over to NORC and include confidential information on race, sex, ethnicity and pay categories.

“There will always be some inherent risk when collecting, processing and storing data,” Shook Associate Colman McCarthy told Bloomberg Law. “But NORC looks like it has the experience and technical chops to justify being selected for the project.”

McCarthy added there is also a liability concern for the EEOC.

“If a data-security event occurs at the vendor, you are still the one who will have the notification obligations and liability stemming from the incident,” McCarthy explained to the publication. “You’re putting your trust into someone else to have the proper security in place, and many times you don’t have full insight into what that security entails.”