A discussion is provided of 'data security risks and privacy concerns, and how these issues can be mitigated when outsourcing financial services IT responsibilities overseas in low-wage countries such as India, China, and Russia. When applications are developed overseas and code is written through interfaces with the host company's network, Wall Street companies have less control over their data. They must extensively depend on security measures and data access policies provided by another company. The most high-profile risks are those related to access, storage, and transfer of data. Compliance with such regulations as Gramm-Leach-Bliley, which requires privacy protection for customer data and forbids data sharing with other entities without permission, is requiring firms to secure data. Nevertheless, says an analyst, U.S. companies have outsourced for two decades and no one was screaming that there were security issues. However, some sources indicate concern among financial industry regulators over all third-party outsourcing arrangements, and, in 2002, the Office of the Comptroller of the Currency issued risk management guidance for banks that use foreign-based third-party service providers. To reduce exposure, projects securities companies are sending offshore primarily to application development, and live applications are infrequently hosted on third-party service providers networks. A Wall Street executive expresses concern about deliberate espionage, since an employee working offshore could be paid up to $50,000 to share a firm data with a competitor. Among topics covered are increased risk when data is stored or transferred across national boundaries; examples of projects meant to ensure due diligence and compliance; and customer protection through background checks, network security, and other measures.