A group of MEPs last week called for action from the European Parliament to protect data transferred overseas under offshore outsourcing deals. And experts said firms should already be putting controls in place to protect electronic data held offshore to reduce the risk of liability for breaches of data protection laws.

The MEPs' move followed a report from consultancy Ernst & Young, which warned that the growth of offshoring and associated risks meant there would be a "major regulatory failing within five years".

The group of Labour MEPs are calling for tougher rules to ensure personal details processed outside the EU remain subject to the same standards of protection as data held within the territory. At present, data security in non-EU outsourced operations is controlled through contract terms agreed between customer organisations and their outsourcing partners.

Firms should act now to show they are guarding outsourced data, as it is coming under increasing regulatory scrutiny, said Alex Hamilton of law firm Latham & Watkins. "Companies should define the standards they want in place to control who will have access to their data and how it is protected," he advised.

If the controls are not as stringent as UK law requires, or are not followed or monitored by the offshore partner, UK firms risk being held responsible for breaches of the law. "Companies can reduce offshoring risks by appointing a chief officer to take responsibility for governance and legal issues surrounding the external partnership," said Mark Strauch, managing director of IT systems provider Business Engine.