Wednesday, March 17, 2004

Security Pipeline | Trends | Outsourcing Overseas Brings Consumer Privacy Concerns

Security Pipeline | Trends | Outsourcing Overseas Brings Consumer Privacy Concerns:

Legislators want CIOs and service providers to show that customer data sent overseas is as safe as it is at home.


By Paul McDougall, InformationWeek

Offshore-outsourcing opponents have, for the most part, focused their criticism on the number of U.S. jobs lost to overseas workers. Now some people are urging limits on the practice because they claim it threatens consumer privacy.

California state Sen. Liz Figueroa last week said she would propose legislation prohibiting the movement of Californians' medical and financial data overseas unless she receives assurances that strong privacy safeguards are in place. Concerns range from overseas call-center workers being able to view or manipulate personal records stored in U.S. data centers to having databases of information on U.S. citizens physically located in a foreign country and operated by a third party. 'Outside the U.S., medical privacy doesn't really mean anything,' Figueroa contends.

Figueroa, who chairs California's Senate Select Committee on International Trade Policy and State Legislation, says she's concerned that a growing number of U.S. medical and financial-services firms are shifting information-processing work to lower-wage countries that lack tough privacy laws, leaving consumers vulnerable to identity theft and other crimes. Figueroa, who authored California's medical-records privacy law, considered by many to be the strongest in the nation, also is sponsoring bills to require California employers to notify the state and employees if they plan to move 20 or more jobs overseas and to prohibit state contracts from being fulfilled offshore.

Figueroa's plan, and similar ones in other states, are evidence that politicians are looking closely at the growing practice of sending work offshore. Her proposal, if enacted, would be among the first to significantly affect businesses' offshore IT practices. Most other efforts to restrict offshore outsourcing seek to block federal or state contracts from going overseas. Offshore business-process-outsourcing services-which, unlike application development, typically require the transfer of personal data-grew 38% last year to just under $2 billion, according to Gartner. The research firm says most of that work was performed in India.

At the federal level, Sen. Dianne Feinstein, D-Calif., asked the U.S. Comptroller of the Currency earlier this month to investigate whether banks that process customers' financial data offshore have safeguards to protect that data from unauthorized use. In Arizona, proposed legislation would bar companies from shipping financial data outside the country without written permission from consumers. A proposal in South Carolina would prevent companies from giving 'financial, credit, or identifying information' to a call-center representative abroad without the individual's written permission."