Outsourcing increases the complexity for dealing with privacy. An
organization may outsource a part of its business process and, with it, some
responsibility for privacy; however, the organization cannot outsource its
ultimate responsibility for privacy for its business processes. Complexity
increases when the entity that performs the outsourced service is in a
different country and may be subject to different privacy laws or perhaps no
privacy requirements at all. In such circumstances, the organization that
outsources a business process will need to ensure it manages its privacy
responsibilities appropriately.