Offshore ops to get stronger privacy lock
U.S. firms outsourcing work to India welcome data protection act
June 2, 2003 12:00 PM ETComputerworld -
India's Ministry of Information Technology and the country's main software trade association are drafting a data protection act designed to allay growing privacy concerns in the U.S. and Europe related to offshore outsourcing.
The legislation, expected to be enacted around the beginning of next year, would provide legal safeguards to ensure data privacy protection in India, said Kiran Karnik, president of the National Association of Software and Service Companies, known as Nasscom, in New Delhi.
The new rules are being drafted primarily to address the European Union's strict privacy requirements, Karnik said. EU laws prohibit companies from exporting data to or storing data in countries that lack privacy safeguards comparable to the EU's. "The EU has very stringent laws with regard to data privacy. We are trying to make sure we have a law that meets their minimum requirements," Karnik said.
At the same time, a tougher data privacy law in India stands to benefit U.S companies that have hired Indian firms to process jobs involving personal data.
"We see this as making it easier for us to do business there," said Karen Allen, vice president of risk management at Exult Inc., a business process outsourcer for Fortune 500 companies that last week opened a data center in Mumbai. The company is one in a growing number of U.S. corporations that process personal information on U.S. individuals at offshore locations. Such information often includes Social Security and driver's license numbers as well as confidential data such as individuals' employment or medical histories.
Currently there are no U.S. laws that prohibit that data from being shipped to or accessed from other countries. But companies are increasingly being required to comply with industry-specific and state laws such as the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act and California's pending SB 1386 identity-protection law. U.S. companies must comply with those laws regardless of where the data is processed or stored, legal experts said.
"There are no significant differences [in] a company's privacy obligations, [whether it's] conducting an offshore arrangement [or] a domestic one," said Christopher Ford, a partner at law firm Alston & Bird LLP in Washington.
Consequently, it's important for companies to consider a country's data privacy laws when contracting with offshore firms, said Greg Scheuman, chief technology officer at Mercury Insurance Group in Brea, Calif.
The need to comply with Gramm-Leach-Bliley and California's SB 1386, which goes into effect July 1, has made privacy standards at Mercury "very significantly different from even a year ago," Scheuman said. India's initiative is therefore a positive one for Mercury, which outsources some development and maintenance work there, he said.
Outsourcing
Additional Resources



White Papers & Webcasts
Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!
Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?
Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
IDC Research Report: The Business Value of Consolidating on Energy-Efficient Servers
Download this Resource Now!
HP Technology Guide for Scalable Business Solutions
Download This Resource Now!
Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.
