The most publicized justification for offshoring is cost reduction. But there is another reason companies offshore, a less publicized one — less government regulation. The argument is that the US is mired in laws and regulations that make running a business almost impossible. Developing countries give companies a chance to get government off their backs. However, there are two significant challenges when escaping government regulations: less security and less control.
Information security in developing nations
Information security will probably be the chronic problem of the twenty-first century. No matter how hard we try, no matter how many security holes we fill, difficulties will persist for some time to come. Even so, some countries are better at protecting information than others. The US and Europe stand out. Both sides of the Atlantic work hard to keep personal and corporate information safe through a combination of superior technology and government regulation.
Not so the rest of the world. Though there have been recent improvements, especially to support American and European companies, the third world is, for the most part, far behind the first world. Recourse for American companies wishing to offshore to developing nations is to contractually bind the offshore company to meet certain security standards. However, obtaining third world security through contracts has its own problems.
A contract with an outsourcer might require that certain security measures be in place but, in practice, how enforceable is it? Resolving legal issues in the third world can be a significant problem taking from years to never, and the results could be disappointing. For example, the 1984 gas leak disaster at an Indian subsidiary of Union Carbide (more than 10,000 people died), is still in the Indian courts 26 years later. Court impartiality has also been questioned. For example, Russian courts are notoriously political, unpredictable and considered by some to be anti-foreign.
The second contractual problem deals with jurisdiction, or more specifically, jurisdiction shopping. Those injured in a foreign country at the hands of a foreign company can sometimes sue the offshoring American company in an American court regardless of contract language. Many of the injured in the Bophal disaster sued Union Carbide in an American court where the wait was shorter and the judgments larger.
Offshoring involves a certain loss of control but not necessarily a loss of real or perceived responsibility.
Loss of control
Offshoring involves a certain loss of control but not necessarily a loss of real or perceived responsibility. Take the case of the University of California San Francisco Medical Center (UCSFMC) who received a threatening email from a woman in Pakistan. She claimed to be in possession of medical center patient records and that she would release them on the Internet if the UCSFMC did not intercede in a payment dispute she had with her employer. UCSFMC staff had never heard of the woman or her employer, but they paid attention when she forwarded to them some of the information she possessed, confirming the seriousness of her threat.
The problem started when the UCSFMC outsourced the transcribing of medical records to an American company. The transcribing company contracted the work out to 15 other companies throughout the US. One of those companies subcontracted the work to a man in Texas who hired workers in Pakistan. When the Texan could not make payroll the woman acted. Who suffered the brunt of the bad press and potential liability? Not the man in Texas, not the woman in Pakistan, but the the University of California San Francisco Medical Center.
Halliburton had a similar problem involving a contract it had with the US government to provide the US military food service in Iraq. It subcontracted the work to a company who again subcontracted the work, on and on, until a Middle East company servicing the contract treated South Asian workers, according to press accounts, as slaves. Halliburton clamed no knowledge of the practice but their name was the one tarred in the press.
The University of California San Francisco Medical Center could have eliminated their problem with a simple “no subcontracting” clause in the contract. That would probably have worked since the contractor was also an American company. But what if the contractor, or sub-contractor, was not an American company? What if the contractor was Pakistani or Indian or Venezuelan? Once the work leaves the US an American company has lost much of its control.
The solution: Contract enforcement laws overseas?
There is one solution to the security and control problems American companies face when offshoring work. They could pressure foreign countries to enact laws requiring strong information security and contract enforcement. However, that would result in US companies, bent on leaving the US because of government regulations, encouraging the third-world countries they want to move to, to enact many of the same regulations they are running away from. The word ironic does not begin to describe it.
George Tillmann is a former CIO, management consultant, and the author of The Business-Oriented CIO (John Wiley & Sons, 2008). He can be reached at firstname.lastname@example.org.