Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
Trendline
India to Adopt Data Privacy Rules
A pending Indian data protection law is designed to quell growing privacy concerns from their offshore clients.September 01, 2003 — CIO — Two powerful players in India’s outsourcing industry are drafting a data protection law designed to quell growing privacy concerns from their offshore clients.
India’s Ministry of Information Technology and the National Association of Software and Service Companies (Nasscom) in New Delhi expect the legislation to be in place early next year. It would provide legal safeguards to ensure data privacy protection in India, according to Nasscom President Kiran Karnik.
Such safeguards are required for all data leaving the European Union, which is a result of the EU Data Protection Directive and is what prompted India to act. But the regulations could prove beneficial for American companies as well.
No U.S. law currently prohibits information—such as Social Security and driver’s license numbers, employment histories, and medical records—from being shipped to or accessed from other countries, says William Bierce, attorney and president of New York City-based law practice Bierce and Kenerson. However, the number of U.S. companies required to comply with industry-specific and state laws is growing. Laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, and California’s pending SB 1386 identity-protection law regulate what data companies can share. With offshore outsourcing deals, data protection provisions are usually written into service contracts.
Some CIOs worry whether a data protection law would have any teeth in India’s courts. But competition for offshore business should keep the courts on the straight and narrow. "Nasscom and India understand how vital a clear policy on data protection and privacy are to the trust and confidence of foreign clients," says Bierce, adding that the rules will most likely be enforced by a special appellate court established under India’s Information Technology Act of 2000.
Nonetheless, CIOs must remain diligent about Indian vendors to ensure the privacy and security needs of their companies.
"India’s privacy legislation is positive, but much more important is for CIOs to ensure that their outsourcing agreements contain detailed and precise contractual specifications regarding data privacy and protections," says Hank Zupnick, senior vice president and CIO of GE Real Estate, who works with several Indian IT services companies. Specific remedies for noncompliance should be spelled out in the contract, adds Zupnick, and the contract should have legal jurisdiction in the state or province where the CIO’s company is headquartered.
Other stories by Stephanie Overby
© 2008 CXO Media Inc.
Encryption Made Easy: The Advantages of Identity Based Encryption
Messaging Security Goes Virtual
Regulations Shift Focus on Outbound Email Security
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services
Forrester Research: Defining a Mobile Enterprise Policy
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Windows Mobile Series: Improving Mobile Security and Management Webcast
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
China Aims to Protect Olympic Content From Pirates
Samsung Puts 128G-Byte SSDs Into Mass Production
Symantec Warns of New Word Attack
VMware Replaces CEO, Shares Plummet
The Internet Gets a Patch, As DNS Bug is Fixed
Groups: Targeted Ad Program May Be Illegal
US Senate Resumes Debate on Surveillance Bill
Google Launches Blog for Sub-Sahara Africa
Adobe Readying New Mashup Tool for Business Users
Celtel Begins Financial Compensation Program
How To Do Nearly Anything
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
