Computerworld - Legislators from California to Massachusetts are launching salvo after salvo against outsourcing IT work overseas -- to India in particular -- saying it's a grave threat to the privacy of Americans' data. But is it, really? My privacy counterparts in other companies don't think so. We see Indian companies that are quickly learning that advanced data security is a competitive requirement and an Indian government that's considering a European-style data protection law.
So what should multinational companies do? Wait out the election-year excesses, but make sure you have a strong way to verify the security of all third parties, whether they're in Bombay or Peoria.
U.S. politicians are increasingly viewing overseas outsourcing as the wedge issue of the 2004 elections. Some say that outsourcing our call centers to India exposes Americans' medical and financial information to unregulated gangs -- even al-Qaeda! Others say that sending our tax returns to the subcontinent for processing puts our Social Security numbers in great danger. Several are proposing bills that would make it prohibitively difficult for U.S. companies to take advantage of the high-quality, low-cost Indian IT worker.
Politicians who oppose these bills risk being seen as out of touch with the mounting number of white-collar workers who lost their jobs when their IT departments were sent to New Delhi. So has protectionism won the day? Will these bills pass?
We'd all better hope not. Europeans have been making the case for years that the U.S. is an "inadequate" place for Europeans' data. They say the U.S. is the Wild West of data protection. The European Union argues this is the case because we don't have a comprehensive privacy law.
If we take the same approach toward India -- saying that its privacy protections are inadequate -- we weaken our defense against this European argument. U.S. trade with Europe, and its millions of associated U.S. jobs, depends on us winning that argument and maintaining the free flow of information worldwide.
The U.S. case is simple: Data security doesn't happen at the national level. It happens at the company level. It's companies that install the firewalls and perform background checks, not governments. And it's companies that fire suppliers that aren't living up to their security standards. A company in Bombay can provide the same level of security as a company in Peoria or in Paris.
The U.S. case is also confident: We believe that the free market will provide incentives for our displaced IT workers to gain the skills for the next big thing in the economy. Economist Lawrence Kudlow points out that in the past 10 years of the high-tech revolution, 339 million old jobs were wiped out across the world, while 357 million new jobs were created -- a net gain of 18 million. Americans have always been confident that we'll come out ahead when the creative forces of the market are set free.
U.S. consumers are also protected from the security risks of outsourcing. U.S. companies that don't ensure that their suppliers have reasonable data security risk being sued by the Federal Trade Commission for violating their own privacy policies.
So how can U.S.-based multinationals make sure Americans' data in India is safe? They can start by sending the minimum amount of data that's necessary for the Indian suppliers to do their job, as well as masking and encrypting Social Security numbers and credit card numbers. They should compare the Indian companies' security policies against their own and hold the Indian companies contractually responsible for closing the gaps. For particularly sensitive operations, staffers from the U.S. company should periodically visit the Indian facility and perform an audit.
But these are the same steps U.S. companies should be taking with their suppliers here at home. If you're not doing that much, maybe the Europeans -- and the politicians -- are right.
Cline manages data privacy at Carlson Companies Inc., a Minneapolis-based group of businesses in the travel, hospitality and marketing industries. Contact him at privacy@computerworld.com.
See more Jay Cline columns.
Read more about Privacy in Computerworld's Privacy Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
