Broad contractual statements about confidentiality and security will demonstrate the general ethos which should apply to the outsourcing activities. Standard confidentiality clauses are likely to be taken far less seriously than unambiguous provisions on what information does need to be treated with extra care, and any special procedures which should be followed. The more distinctively the provision addresses the confidentiality requirement, the better the chances of its efficacy. The Data Protection Act, the law in the United Kingdom (UK), results from a European commission directive that applies to member states of the European Union, which therefore should all have equivalent laws. The data controller remains responsible for the personal data, for security in particular and for compliance with the data protection principles in general. In any event it is important for the supplier to be a reputable company with demonstrable ability to ensure security of the personal data.