Introduction to Out Sourcing and Data Warehousing
The amount of data being produced and stored is increasing exponentially. For many, out sourcing the storage function is a viable alternative. With the growth in web server technology, many organizations are already moving in this direction without even recognizing it.
An awareness of the issues involved can make the job easier when deciding on whether to out source a data processing function.
Data warehousing has been around for a long time in one name or another. There is nothing magical about the concept. It is simply a sub set of contracting out your computing requirements. And it can go from simply renting space on a main frame computer, to having all of your data storage and processing functions, including report writing, prepared by your service provider.
The upshot of this is that the issues surrounding data warehousing are in large part those surrounding out sourcing your other computing needs.
Traditionally, it has been used by companies possessing large amounts of data. By definition, these companies are themselves usually large. With an increasing number of companies maintaining a world wide web presence, smaller companies are becoming involved.
The decision to out source cannot be divorced from the issues of implementation. Sorry indeed is the organization which makes the decision, based solely on cost considerations, to out source without a careful examination of whether it can maintain the necessary degree of management control over the service provider. There is a payoff for working through the entire process before making the decision. The reasons will be much clearer, the benefits that can reasonably be expected will be quantified and areas where the project is most at risk of failure will have been identified. In anyone's language, this translates into an increased likelihood of success.
Storage of data and cost are inseparable topics when talking hardware. When it comes to out sourcing, cost should be the definitive factor only after a careful consideration of all other management issue.
It is tempting at this point to digress and declare that implementation has little to do with the decision making process. The linear thinking that serves the industry well would have it that before discussing implementation, the decision to out source has already been made.
It is true that many issues involved in making the decision do not relate to implementation. Many do, however. Included in this category is the ability to manage the services provided after implementation. As the level of management control often has a significant impact on the overall success of the project, it can hardly be ignored.
So what are some of the broader issues that might impact on the decision making process?
When it comes to data, it is surprising how often the question of security receives barely more than lip service. Maybe it's the "Canadian way", but it is a fact of life that theft of information is a reality that should not be ignored.
In an era of rapid technological change, prudent management goes beyond seeking the usual contractual assurances about security. The only safe way to maximize protection is to review, in whatever detail is reasonable in the particular circumstance, the process by which the service is provided.
While it may not always be necessary to perform this added investigation, for now, it is the recommended twin to contractual protection.
We are entering an age where information and knowledge are taking precedence over manufacturing. Hand in hand with this goes an increased awareness of the ownership aspects of knowledge. Following this we have witnessed an increased sensitivity, voluntarily and sometimes enforced, to issues of privacy. In the case of government and its institutions, these issues have been expressed around freedom of access to information.
British Columbia has legislation governing access to information and privacy issues, as does the federal government. To over simplify, privacy issues translate into security issues, reinforcing the need to secure your data. Freedom of information is a thornier issue. The legislation now extends to crown corporations, health care institutions such as hospitals, and municipal governments. In short, the legislation covers the very kind of institution that might look for an out sourcing solution.
The legislation obligates an organization to be self policing. In other words, the organization has a positive duty to produce information in accordance with the statute. If it does not, there is a review process provided for by an independent privacy commissioner who has the authority to make decisions (and order the release of information). Compliance with this legislation can be a very costly exercise, and one which has the potential for influencing the way in data bases are designed.
An organization subject to this legislation may also want more external management control over the process of data warehousing than one that is not.
While each organization differs, the degree that the desired management controls are recognized and incorporated into the arrangement, the better off the arrangement will be. This identification process is often easier said than done, for much of the power (particularly operational) is taken for granted when performed within the organization. When the process is moved outside the organization, the loss of control can become noticeable.
Striking a balance between the service provider and the organization can be an issue on its own.
Issues can be categorized into those relating to delivery of the service, and those relating to change. The latter are often the most difficult to incorporate into the agreement, because by definition they require some gazing into the proverbial crystal ball. Examples of change are those that relate to shifts in organizational priorities, the need for different information at different times, changing regulatory requirements, the introduction of new technology and decreases in available funding.
What should you expect from your advisers (including legal counsel)? Using the analogy of corporate counsel, there has been a shift in what is demanded of them. These changes are instructive from the point of view of what you might expect. Gone, in large part, are the days when lawyers were looked to as managers of the compliance process, and as providers of the straight forward day to day legal services required by the company. More and more, lawyers are expected to be part of the management team and engage in risk management, not just risk avoidance.
The corollary to this is that an experienced lawyer should be able to help you anticipate management issues that you might encounter and suggest solutions reflecting not only a knowledge of the legal issues, but also an awareness of how the industry works. Seeking this advice during the decision making phase of the process, and before agreement is reached, may materially improve the quality of your project.
And just when it starts to look like you are finished, the task is then to devise structures that give the necessary legal control over the out sourcing process without unreasonably hampering the delivery of the service.
GARY DUNN, LAWYER & MEDIATOR
2768 WEST BROADWAY AVENUE, #568
VANCOUVER, BC V6K 4P4, CANADA
The foregoing is not intended to constitute legal advice. You should contact your legal advisor about your specific legal problem.