IT Offshoring and Data Privacy – Are They Incongruous?

India enacts new privacy laws while China considers adopting them. What are the ramifications to IT outsourcing?

Despite the growing numbers of U.S. companies that turn to service providers in other parts of the world to run some or all of their IT, there are still a few cold, hard concerns that give many IT managers pause. Data privacy is one such reason.

Data privacy has become tantamount for any organization that collects information on customers, and that’s just about every organization out there. Numerous local, state and federal regulations require companies to toe the line to ensure private data stays private, per customers’ wishes. When outsourcing aspects of IT that touch those data stores, companies have to be extra careful the service providers they engage follow the right rules of the law, and the exact policies of their shareholders and/or management. Not doing so can at best create a disruption and at worst result in fines, damaged reputation and even loss of revenue.

Data privacy gets trickier when organizations operate globally, and even trickier when they hand off data management to providers located outside their countries of origin. The good news offshore destinations are taking notice of the many data privacy requirements of their customers.

According to this article in InformationWeek, “India Adopts New Privacy Rules,” India has enacted new privacy rules that aim to further restrict how businesses operating in that country handle personal information. The rules call for organizations to notify individuals when their personal information is collected via letter, fax, or email. The rules also require covered organizations to make a privacy policy available, to take steps to secure personal information, and to offer a dispute resolution process related to the collection and use of personal information. (Do these sound familiar… by and large these are requirements already in place here.)

It is important to note (and important to any company that might outsource to providers in India) that the law applies to all companies in India getting any information from anywhere, according to the InformationWeek article. In other words, it doesn’t matter if the personal data was collected in india, or if it was collected outside of India and then transferred in… the rule applies.

While India’s new privacy data law seems similar to what we have here, one concern raised in the article is that it is unclear to what extent companies will comply, and also it is unclear to what extent Indian authorities will enforce them.

In this article in Computer World, written by Stephanie Overby, Paul McKenzie, managing partner of the Beijing office of law firm Morrison & Foerster spoke with Overby about the data privacy protection laws in China. It’s a great article, and definitely worth a read.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies