Anybody who thinks he or she can shovel IT compliance problems off to a service provider is in denial. This was a topic of presentation at the recent META Group outsourcing conference.
And it's surfacing lately in articles, such as this one on Silicon.com. In “You can't outsource email compliance headaches,” a lawyer states the case simply. According to Simon Briskman, a partner at law firm Olswang, agreed: “You can't outsource your regulatory obligations. What you can do is outsource functions. But if [the outsourcer] fails, you're liable.”
If you're in the client firm, you'd better make sure you understand your own compliance issues first. Then you'll be in a position to tell your service provider what it needs to do to keep your organization legal.