Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Privacy Laws In Asia May Cripple Data-Centric Outsourcing

Posted by timothy on from the death-by-a-thousand-permission-slips dept.

bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."

98 comments

  1. Blah by Anonymous Coward · · Score: 5, Insightful

    From the perspective of someone who prefers their privacy I'm not seeing a problem.

    1. Re:Blah by Black+Parrot · · Score: 4, Insightful

      From the perspective of someone who prefers their privacy I'm not seeing a problem.

      Only problem I see is why we don't have laws like this. With teeth.

      Why haven't we seen an article titled "New US Law Will Cripple Data-Centric Outsourcing (and intrusive/careless management of data at home)"? And about 15 years ago?

      Oh, wait. I forgot who owns Congress. Silly me.

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re:Blah by countertrolling · · Score: 1

      This does nothing to protect your privacy. It only expands the army of bureaucrats that run the world.. Data can, and no doubt will be collected and sent out surreptitiously, and nobody will ever know the better.. outside the few cases where somebody needs to be thrown under a bus for PR purposes

      --
      For justice, we must go to Don Corleone
    3. Re:Blah by Crudely_Indecent · · Score: 1

      And it increases the costs of doing business with these countries.

      Maybe we're seeing the beginning of the end of the massive outsourcing that has been plaguing the American tech worker. When the financial incentives to outsource are gone, the jobs will return.

      More likely, they'll move operations to countries that don't have these laws.

      --


      "Lame" - Galaxar
    4. Re:Blah by yacc143 · · Score: 5, Interesting

      Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.

    5. Re:Blah by yacc143 · · Score: 2

      Or where a disgruntled employee has a bad day.

      Notice how the EU directive is already forcing ad networks to change how they operate (slightly I admit, but then that's what they are doing voluntary to avoid explicit regulations/fines for their practices).

      One last thought here is that everyone needs to be able to show proof that he is legally using MS Office. And in big organizations licenses (although they might have MS site licenses) are a headache. How come that they cannot put a similar amount of energy into keeping track how they come to have my data?

    6. Re:Blah by yacc143 · · Score: 4, Informative

      More likely customers from places with privacy laws will start to offer their business to non-US providers.

      Notice that the planned Indian regulations will probably make it a "safe 3rd party country" in EU-speak, meaning that personal data can be freely transfered out of the EU to India for processing or whatever because it has a similar level of legal privacy protection. Notice that the same thing EU-US is currently possible only with massive winking, and can end over night e.g. if the EU parliament gets pissed of enough about it.

    7. Re:Blah by russotto · · Score: 1

      One last thought here is that everyone needs to be able to show proof that he is legally using MS Office. And in big organizations licenses (although they might have MS site licenses) are a headache. How come that they cannot put a similar amount of energy into keeping track how they come to have my data?

      No big organization using Microsoft products (unless they have a blanket unlimited site license, and I didn't think Microsoft did that) could survive a BSA audit unscathed; the BSAs standards are just ridiculously high. For instance, were they to audit a Wells Fargo bank branch and find Microsoft products purchased under the name of Wachovia Bank, they would declare this to be a violation. It isn't, of course, but they'd say so. But the chance of an audit is low, and the price of paying off the BSA for a few piddling non-violations is fairly small (for a large company).

      Privacy laws like these have some of the same issues, in that it's impossible to perfectly follow them to the letter while still conducting business. The difference is the consequences are much higher. Since it's China and India I assume that bribing your way out is still possible, but the price is much higher and if you offer too low, you could end up dead (particularly in China).

    8. Re:Blah by Anonymous Coward · · Score: 0

      And there will be human trafficking, and nobody will ever know the better. We should stop trying to do anything about that as well.

    9. Re:Blah by theshowmecanuck · · Score: 1

      And it increases the costs of doing business with these countries.

      Considering the corruption in these countries then I will have to agree with you. Companies will have to increase the amount of bribes they are probably already paying.

      --
      -- I ignore anonymous replies to my comments and postings.
    10. Re:Blah by countertrolling · · Score: 2

      Nonsense, tearing down the borders and allowing humans to migrate as they please will eliminate that problem, and the outsourcing issue entirely, in a new york second... The profit from trafficking comes from government restrictions on the freedom to move. This is the basic purpose borders serve today, to actually aid the slave trade, and drive down wages, etc. Every country is a kind of prison, and keeping you out is no different than keeping you in. Your passport is essentially an exit visa..

      --
      For justice, we must go to Don Corleone
    11. Re:Blah by Luckyo · · Score: 4, Informative

      Privacy laws like these have some of the same issues, in that it's impossible to perfectly follow them to the letter while still conducting business. The difference is the consequences are much higher. Since it's China and India I assume that bribing your way out is still possible, but the price is much higher and if you offer too low, you could end up dead (particularly in China).

      False. Essentially everyone here in EU follows them to the letter, and has done so for years. In some countries, well over a decade.

      The only people who cannot follow them, are either not in EU and do not want to follow EU laws, or are literally too stupid to follow them. They're actually very easy when you get an IT-admin's version of them, and very easy to follow. You do not need to be schooled in law to understand them, one hour review is enough for most people.
      As a comparison, when I was getting my security guard card for a summer job, legal rights and obligations took several days to teach and were a major part of the course.

      I'm saying this from experience, I spent several years maintaining local university's campus network as a local admin, and one of the things we got a wiki page on was privacy laws, what we're allowed to do, what we're not allowed to do, what users are allowed to do, and what users are not allowed to do.
      Interestingly, most of the stuff that opponents of privacy laws scream about as "this hinders my ability to maintain proper network management", as an admin you're actually exempt, by law. It's not a stupid piece of legislation by any means, and most certainly allows for maintaining very complex networks. You just have to actually want or feel obligated to follow the law.

    12. Re:Blah by oliverthered · · Score: 1

      call a piece of paper can do if buy you a coffee when your credit card gets rejected.

      --
      thank God the internet isn't a human right.
    13. Re:Blah by golodh · · Score: 4, Insightful
      The proposed new rules (http://www.bnet.com/blog/technology-business/new-privacy-laws-in-india-and-china-could-make-it-outsourcing-ugly/10620) are:

      * Those that hold personal data must receive explicit consent to divulge that data to third parties.

      * There are specific restrictions ''during the collection, processing, use, transfer and maintenance of personal information.''

      * Personal data cannot be exported unless specifically allowed by law or government authorities.

      * A company must get written consent by letter, fax, or email for the collection of data.

      * People can opt out at a later time and withdraw their consent.

      * There are significant restrictions on disclosing personal data to third parties.

      * When a person has given consent for the transfer of data, or it`s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.

      * People have the right to review their data and to correct it.

      Reading the proposed new rules I totally fail to spot anything unreasonable. On the contrary, any bona-fide company that uses fair and transparent privacy rules will be in compliance without altering a thing about their operational procedures.

      So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?

    14. Re:Blah by St.Creed · · Score: 2

      So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?

      It would hamper bona-fide companies that wish to resell everything they know about you without restriction from doing so. Waaaah! Evil commie alert! :)

      I completely agree with you though - this seems like a fairly normal set of rules to me. If you value your privacy, that is.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    15. Re:Blah by iluvcapra · · Score: 1

      What about your freedom to stay? When people are compelled to emigrate in order to find work, this is generally called expulsion and is a bad thing. It's a rather thin continuum between a manager's commute from San Antonio to Matamoros, and the partition of India, and it's a very fine line between permitting people to move and leaving them no alternative.

      --
      Don't blame me, I voted for Baltar.
    16. Re:Blah by The+Dawn+Of+Time · · Score: 1

      Shit happens in a world with 7 billion people. Thinking you're smart enough to somehow plan around that simple fact is hubris in its purest form.

  2. I hope so by Anonymous Coward · · Score: 0

    Considering that these are the two main offenders in regards to privacy violations.

  3. Actually, this sounds like a clever way of... by __Paul__ · · Score: 1

    ...keeping employment within their own borders, without imposing illegal tariffs.

    --
    worldmobilenet.com -- World Prepaid Wireless Internet plans
    1. Re:Actually, this sounds like a clever way of... by thsths · · Score: 3, Interesting

      Maybe, but I think the EU should have done this long ago. The "safe harbour" regulation, where companies in the US promise to stick to EU law, is not worth the paper it is written on. Of course the NSA, FBI, DHS and some other three letter agencies have access, and maybe even more people.

      The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.

    2. Re:Actually, this sounds like a clever way of... by jbolden · · Score: 3, Interesting

      Yeah I think that's great. Indian outsourcing companies are basically making it hard for companies to ever get their data back. So either they will need knowledgeable staff in the USA to pull all their data off the Indian systems or it stays in India forever.

      Good. About time US companies realize, make India your IT center you are subject to Indian IT law.

    3. Re:Actually, this sounds like a clever way of... by Jah-Wren+Ryel · · Score: 2

      The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.

      Bzzzt. The only way to keep data safe is to not hand it over to some other party in the first place. These laws are great and all, but the lobbyists can get them changed next year and now all of that data that people have given up under the impression of safety is fair game for full exploitation.

      --
      When information is power, privacy is freedom.
  4. Are you kidding? by Anonymous Coward · · Score: 5, Insightful

    If by "Big privacy-law changes" you mean they're going to have some, then yes that will make it harder for companies to just offshore data processing to these countries and not worry about what happens. How on Earth you can try and paint that as a bad thing for those of us who actually, you know, like having privacy after our details are farmed off to some offshore data processing facility is beyond me.

    1. Re:Are you kidding? by SmurfButcher+Bob · · Score: 3, Funny

      Offshore data processing is just so Web 1.0. In the Web 2.0 world, it's "Data Rendition".

      --

      help me i've cloned myself and can't remember which one I am

  5. Surprise by Anonymous Coward · · Score: 0

    Laws that force the use of domestic data centers. No business for you, western world.

    We're in a trade war. We're getting our clocks cleaned.

    1. Re:Surprise by GPLHost-Thomas · · Score: 1

      Combine "use only Chinese data centers" with "we decide what can go online in China" (ICP license and such) and you got a really bad cocktail for a new kind of unseen censorship in China... But frankly, is that better than the "internet kill switch" of the Obama administration, or the domain names taken away from Internet (even hosted abroad) by USA? I'm not sure what's the worst of the 2.

  6. What's the problem? by bmo · · Score: 5, Informative

    >A company must get written consent by letter, fax, or email for the collection of data.

    Fucking awesome.

    >People can opt out at a later time and withdraw their consent.

    Fucking awesome

    >There are significant restrictions on disclosing personal data to third parties.

    Fucking awesome.

    >When a person has given consent for the transfer of data, or itâ(TM)s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
    People have the right to review their data and to correct it.

    Fucking awesome.

    The only people who have a problem with this are the ones who are intent on anally-raping your and my personal information with no reach-around.

    So when do we get this in the States?

    --
    BMO

    1. Re:What's the problem? by Anonymous Coward · · Score: 0

      Yeah, having read the article, I can't help feel a more accurate title would have been "Data outsourcing industry to be hit hard by legislation forcing them to do it responsibly."

    2. Re:What's the problem? by jbolden · · Score: 1

      Well India is using this as a way to stop data from being outsourced away from India. The US government loves sending jobs overseas.

      The real question when do we get a government that is more concerned about the welfare of the population than corporate profits?

    3. Re:What's the problem? by Black+Parrot · · Score: 3, Insightful

      The real question when do we get a government that is more concerned about the welfare of the population than corporate profits?

      Shortly after people start voting for good government instead of knee-jerk issues or whoever promises the best combination of tax cuts and handouts for yourself.

      IOW, never.

      --
      Sheesh, evil *and* a jerk. -- Jade
    4. Re:What's the problem? by TheRaven64 · · Score: 2

      I suspect that India is actually doing this because they want business from the EU. The lack of such laws is the current reason why EU businesses can't outsource this stuff to US or Indian companies (except ones like Amazon that have wholly owned subsidiaries in the EU to ensure that they are covered by EU, not US, law). Now they can't outsource it to US companies, but they can to India or China.

      --
      I am TheRaven on Soylent News
    5. Re:What's the problem? by jbolden · · Score: 1

      Actually you look at Pew surveys the American population has gotten decidedly more idealogical in the last generation and a half about what they consider "good government". Pretty much.... people are voting the issues, and in a reasonably well thought out way. Huge blocks of easily manipulated independents deciding elections are disappearing from the US landscape.

    6. Re:What's the problem? by thejynxed · · Score: 1

      Not only this, but this may also be in response to Dell and other corporations in the US closing up their data processing/call centers in India and moving them elsewhere.

      This will make it more difficult for any other US corporations to do the same.

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
    7. Re:What's the problem? by xMrFishx · · Score: 4, Informative

      That sounds very much like the UK's Data Protection Act.

    8. Re:What's the problem? by Anonymous Coward · · Score: 0

      Seems goverments wants to be the only one doing the spying.

      This change nudges privacy in the right direction. But the problem with privacy
      remain. Laws are good because it's a way that also protect all n00bs.

      What is really needed to finally solve this, is a easy-to-use (thus 99% popular)
      Browser with all privacy builtin by default On.

    9. Re:What's the problem? by jbolden · · Score: 1

      That's my thinking too. Though of course they still have electronic access to the data. Its easy enough to pull the information with access and knowledgeable staff. Could be good for IT workers.

    10. Re:What's the problem? by jbolden · · Score: 1

      Another good point. Allows India to keep expanding its tech sector.

    11. Re:What's the problem? by yacc143 · · Score: 2

      Not really.

      The law not only makes it illegal to transfer the data out of country (which makes that electronic access problematic), it also makes it illegal to use the data at all if you do not have the explicit consent of the person. Not much an issue for companies that want to outsource their customer handling (because they have that consent usually through the contract with their customers), but an issue for companies storing information about persons they have no reasonable interaction with.

      So in such privacy regime it's usually quite legal to process data about Joe Doe and his new PC, but it's getting more hairy about storing the browsing history of Joe Doe, but storing Jane Does browsing habits who has never had business with Dell, is a definite no-go.

    12. Re:What's the problem? by yacc143 · · Score: 3, Informative

      As I said, only wording and tiny details are different from the EU data protection directive, which is as it happens the source where the UK act got cloned from.
      (The UK actually being one of the countries that do not care much about privacy, IMHO, so I guess they basically choose the most basic implementation allowed)

      Guess the sky has not fallen on the heads of the Brits yet, so one can quite well prosper with privacy.

    13. Re:What's the problem? by PPH · · Score: 1

      your and my personal information

      What information is that? It all belongs to Facebook, Google or your ISP.

      When the govt. wants "user info", they don't hand you the warrant (I know. Warrant. Ha, ha, ha.). They hand it to your ISP for "their" data.

      --
      Have gnu, will travel.
    14. Re:What's the problem? by Anonymous Coward · · Score: 0

      your and my personal information What information is that? It all belongs to Facebook, Google or your ISP

      In the EU the data belongs to the users. That is a fundamental difference between the EU and the US.

    15. Re:What's the problem? by russotto · · Score: 0

      >A company must get written consent by letter, fax, or email for the collection of data. Fucking awesome.

      You just typed their website address. Their server logged your IP address (which for the sake of argument is your personal static IP). Illegal! You then registered for a forum on that website, entering your name and email address. Illegal! You tried to buy something, giving out your credit card number. Illegal!

    16. Re:What's the problem? by PPH · · Score: 1

      We'll fix that in the next ACTA or WIPO treaty.

      Don't you understand? Only the likes of Disney studios are allowed to own information or content.

      --
      Have gnu, will travel.
    17. Re:What's the problem? by Attila+Dimedici · · Score: 1

      The problem with this law is that when company A collects personal data and gives it to company B to have it maintained and processed, company B is responsible to follow the provisions of this law. FTA, it appears that not only must company B have the individual's explicit permission to process this data, but, depending on how this law is interpreted, they may need explicit permission to give it back to company A. There are several other ways that this law could complicate the passing back and forth of personal information between a company that collects personal data and a company that provides the outsourced service of processing that data.
      This does not mean that this is not a good law, just that it will raise significant new barriers to outsourcing the processing of personal data that a company has collected. Depending on how this law is specifically worded/interpreted, it could be anything from a good law that is a pain-in-the-ass for some companies to a very bad law with multiple unintended consequences.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
    18. Re:What's the problem? by Hognoxious · · Score: 1

      So when do we get this in the States?

      When you get an overtly gay communist as VP, with a lesbian atheist in the main job.

      Laws like that are un-American.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    19. Re:What's the problem? by Savantissimo · · Score: 1

      I think it's those who buy into the left-right duopoly who are more easily manipulated than the independents, certainly the actual political beliefs of most people today mostly do not fit in the left-right boxes.

      The latest Pew poll summary says"The Pew Research Center’s new Political Typology finds that the public is more doctrinaire at each end of the ideological spectrum, yet more diverse in the middle than it has been in the past."
      (Full report at: http://people-press.org/2011/05/04/beyond-red-vs-blue-the-political-typology/ )

      Republicans: 20% (Staunch (reactionaries) 9%, "Main street" ("moderate") 11%),
      Independents 33% (Libertarian 9%, Disaffected 11%, Social-liberal "moderates" (anti-safety net, anti-affirmative action, pro homosexual: 13%),
      Democrats 37%, ("New Coalition"(mostly non-white) 10%, "Hard-pressed" (financially/ ideologically) 13%, "Solid Liberals" (D.party partisans)
      Bystanders 10%.

      Disaffected + Bystanders > Republicans;
      Libertarian + Social-liberals > Republicans;
      Democrats > Republicans (37% to 20%);
      Democrats + " Social-liberals" > Republicans + Libertarians (50% to 29%)
      Democrats, Republicans, Independents or any coalition of any sub-groups > "Moderates"

      About 61% of the public, and about 65% of "main-street Republicans" do NOT agree that: "Most corporations make a fair and reasonable profit"; the same is true of only 24% of "staunch Conservatives" and 17% of Libertarians. On the other hand 53% of New Coalition Democrats say that businesses DO make a fair and reasonable profit.

      55% of the public agrees that "government is almost always wasteful and inefficient"; most of these are not Republicans.
      Only 29% agrees that the Federal government should usually be trusted, but only 14% is angry with the government, while 59% are frustrated. 69% say the government doesn't care what people like them think. (Over 58% in all groups.)

      Only 31% of the public agrees "the best way to peace is military strength" (and only 39% of "main-street Republicans").

      57% disapprove of Congress, 34% approve. No group gives over a 42% favorable rating. New Coalition Dems. have the least unfavorable rating at 44%, followed by the "Moderates" at 55%.

      Only 8% believe that there are countries better than the US, 38% believe the US "stands above all others", 53% say it is one of the greatest.

      31% believe peace is best achieved through military strength, vs. 58% through diplomacy. Most groups agree except for Staunch Conservatives (76%/14%), though Main street Republicans and Libertarians are ambivalent (MSR 39%/48%; L 48%/33%)

      Only 33% believe the US should be active in world affairs, vs. 58% who say the US should concentrate on problems at home. All groups agree, except the Solid Liberals who are split 47%/47%.

      --
      "Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
    20. Re:What's the problem? by jbolden · · Score: 1

      I agree with your data / summary of Pew and was following your argument. The question is to what effect are the various 8 groups influenced by fake issues.

    21. Re:What's the problem? by turbidostato · · Score: 1

      "Well India is using this as a way to stop data from being outsourced away from India."

      Or maybe as a way to be able to insource from EU?

      For the look of it, these regulations seems to be basically the same we've had here in Europe for about a decade, so that would mean India could gain a "safe harbour" status.

    22. Re:What's the problem? by turbidostato · · Score: 2

      "Illegal!"

      Only it is not.

      "Their server logged your IP address"

      Which is a fair business asumption, so no need of explicit consent. *But* you will need to take care of it as the personal data it is (so you can't pass it away to a third party to process it for different purposes than proper technical web site function). No problem.

      "You then registered for a forum on that website, entering your name and email address."

      And then you are advised what those name and address are going to be used for, which is for the sole purpose you collected them to start with -accessing that forum or web site and nothing else, and ask for your consent. No problem.

      "you tried to buy something, giving out your credit card number."

      And, again, you are advised what your credit card number is going to be stored for, and reassured it is not going to be used for any other purposes but those needed to properly complete the transaction and those based on legal requirements. No problem.

      You seem to forget EU has been living under these kind of laws for more than a decade and the sky hasn't still fallen over our heads.

    23. Re:What's the problem? by turbidostato · · Score: 1

      "The problem with this law is that when company A collects personal data and gives it to company B to have it maintained and processed, company B is responsible to follow the provisions of this law."

      Within legal jargon it is one thing "processing" and a different one "giving away". Basically, when "processing" the data can't be used for anything different than that it was collected for. The main responsible it is still the company that gathered the data but of course, due dilligence that those processing the data are going to follow proper procedures is expected.

      If company A *gives* the data to company B, then company B will be able to do with it whatever it see fit, so a new explicit consent is needed.

      Again, processing data is different from owning data.

    24. Re:What's the problem? by russotto · · Score: 1

      You seem to forget EU has been living under these kind of laws for more than a decade and the sky hasn't still fallen over our heads.

      It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later.

    25. Re:What's the problem? by turbidostato · · Score: 1

      "It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later."

      Yeah, that's the thesis from Michel Foucault. It's only that privacy laws are in fact enforced to the letter. It's not so difficult since they are quite reasonable and not such a big burden.

      Just think critically about what would you consider fair about how others should manage your personal data and you won't be too far away from 95/46/CE which is the basis of privacy laws for all EU countries.

  7. Result: jettison all personal data by shoppa · · Score: 3, Insightful

    I don't see what the problem with the new laws is. They make it somewhere between uneconomical and impossible for companies to archive personal data (about me and you and others) forever without a well-defined use. What's the big deal?

    For a long time there's been the hope in every company, that if they archive every piece of personal data, including every search term I've ever used and every cookie ever in my browser and everything I've ever bought at the grocery store or drugstore while using a credit card or loyalty card, that somehow this would pay off to them monetarily. They've already been paying money and effort to store this data probably without any obvious benefit to them. If these new regulations drive home the point that there's no point in storing all that useless information because of regulatory costs, what they'll do is simply stop storing it. No problem. Their IT suddenly becomes much more efficient because they are doing useless storage and archiving. They'll probably get a higher profit margin as a result.

    It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable. As IT technologies improve, IT should become a cheaper and smaller part of every company. Not get more and more expensive.

    1. Re:Result: jettison all personal data by Black+Parrot · · Score: 4, Insightful

      It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable.

      Wouldn't that judgement kind of depend on how much IT is contributing to their business? If it reduces your payroll, multiplies the number of customers you can reach, allows you to give those customers faster or otherwise better service at reduced cost, and allows you to make better business decisions, 10% might be a helluva bargain.

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re:Result: jettison all personal data by Anonymous Coward · · Score: 0

      Those companies have chosen to allow their IT costs to rise to that level as they hope to gain some benefit from it.

      If they don't the answer is simple - stop spending so much on IT. The point is not that IT costs too much but that they may be spending too much on IT.

    3. Re:Result: jettison all personal data by Nerdfest · · Score: 1

      Also, many things that IT does replace manual processes. There used to be significantly more money spent on finance, payroll, HR, inventory control, etc, or it was not done as well. Maybe they need to decide whether IT or manual processes is more cost effective. In many cases they've probably not de-staffed HR or finance to get the cost benefit of automated processes.

    4. Re:Result: jettison all personal data by Anonymous Coward · · Score: 0

      IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable.

      Right, but how much more efficient has the company become because of that increase in IT costs?
      Add a website?
      Add online ordering?
      Add automated [manufacturing|statement processing|mail room]?

      Hell, e-mail and document management are (typically) a huge investment, but well worth it for the efficiency increases it brings.

      As IT technologies improve, IT should become a cheaper and smaller part of every company. Not get more and more expensive.

      Not if the technology becomes more pervasive. Now every worker needs a smartphone and laptop and we've automated so many things.

    5. Re:Result: jettison all personal data by SmurfButcher+Bob · · Score: 1

      When your $3,000,000/yr pool of employees is replaced by robots, OF COURSE the percentage of IT goes up. The other costs have been eliminated, silly.

      --

      help me i've cloned myself and can't remember which one I am

    6. Re:Result: jettison all personal data by Anonymous Coward · · Score: 0

      That's a small company... unless you mean your outsourced pool of employes, which is 30x larger for same amount of money. Regardless, when unemployment amongst humans reaches a certain percentage, even the US shall fall due to revolution.

    7. Re:Result: jettison all personal data by Anonymous Coward · · Score: 0

      even the US shall fall due to revolution

      And the revolution will be swiftly and efficiently put down by our new robot overlords.

    8. Re:Result: jettison all personal data by Rich0 · · Score: 1

      Yup - it is like arguments that pills are x% of healthcare costs. The absolute or per-capita costs matter a lot more than the percentage, since ultimately no matter what you do it still all adds up to 100%. I can see being concerned about admin overhead, but not which technology is used.

      As long as IT is saving more money than it costs, then it is a sound investment. Amazon isn't an IT company per se, but clearly IT is a MAJOR enabler there.

    9. Re:Result: jettison all personal data by Anonymous Coward · · Score: 0

      >It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. >This is simply unsustainable. As IT technologies improve, IT should become a cheaper and smaller part of every company. Not >get more and more expensive.

      Given that companies cannot yet properly manage their electronic data (witness Sony, Heartland Payment Systems, TJ Maxx, Dave and Busters etc), I'd industry has not yet determined the cost of using information technology. So, the costs are going up, and will continue to do so. Corporate networks by the evidence are very porous, compromised and leak personal data all day. Much more regulation is needed in this area.

  8. This might bring some outsourced jobs back home by petes_PoV · · Score: 3, Funny

    Provided we can meet the standards of the customers in India and China

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  9. breathless article is breathless by Weezul · · Score: 1

    There isn't much substance about reporting requirements or analysis of how companies will comply in the article.

    It sounds like healthy experimentation frankly. If companies still make more money there, then we'll know these laws were perfectly reasonable. If specific industries like dating sites or banks stop placing call enters in India, or if Facebook pulls out of China, then we'll see the exact consequences.

    --
    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    1. Re:breathless article is breathless by Anonymous Coward · · Score: 0

      If companies still make more money there, then we'll know these laws were perfectly reasonable.

      They seem quite reasonable to me, regardless of how it may impact profits. I think you mean "reasonable to the companies".

  10. And? Isn't that how it should be everywhere? by angel'o'sphere · · Score: 1

    From the article:

    o Those that hold personal data must receive explicit consent to divulge that data to third parties.
    o There are specific restrictions âoeduring the collection, processing, use, transfer and maintenance of personal information.â
    o Personal data cannot be exported unless specifically allowed by law or government authorities.

    That is how it is in most parts of europe, e.g. in germany. So what is your complaint?
    angel'o'sphere

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    1. Re:And? Isn't that how it should be everywhere? by Anonymous Coward · · Score: 1

      Offtopic, but you really don't need to put your name at the end of every comment you make. We know who posted it, it says right there at the top of every post.

    2. Re:And? Isn't that how it should be everywhere? by yacc143 · · Score: 1

      To be more precise it's basically an EU directive that forces a similar privacy regime on all EU member states.

    3. Re:And? Isn't that how it should be everywhere? by Schmorgluck · · Score: 1

      Yeah, but to put credit where credit's due, it started in Germany, with other countries following in, which ultimately lead to the EU directive 95/46/EC.

      --
      There's nothing like $HOME
    4. Re:And? Isn't that how it should be everywhere? by turbidostato · · Score: 1

      "Yeah, but to put credit where credit's due, it started in Germany, with other countries following in, which ultimately lead to the EU directive 95/46/EC."

      It couldn't be Germany alone, then. EU directive 95/46/EC is from 1995; Spanish LORTAD, which was basically the same, is from 1992.

      (Spanish LORTAD had the only miss in that it focused only on "automated files" while 1999's LOPD following 1995 EU directive is executive over both computer and paper files).

  11. Like Jerry Seinfeld's man-bag . . . by wrencherd · · Score: 2

    . . . this seems to be European.

    The new rules outlined in TFA appear to basically ensure the level of "informational self-determination" that is supposed to be granted to EU citizens according to their court of human rights.

    In that respect it could simply be what's required to keep that kind of business coming from Europe.

  12. Quite probably by Anonymous Coward · · Score: 0

    There's a clause in the UK Data Protection Act which says "data may only be exported out of the EEA if the receiving country has similar laws on data protection", and I suspect it exists in other EEA countries too. They may be aiming to comply with that.

  13. China? by Charliemopps · · Score: 1

    It should rather telling that the peoples republic of China has better privacy protection laws than the United States does.

    1. Re:China? by thejynxed · · Score: 2

      That's because China has one "authority" for all information to start with - the government.

      Currently, such information "control" is only a wet dream in Congress.

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
    2. Re:China? by Anonymous Coward · · Score: 0

      That made no sense whatsoever.

    3. Re:China? by yacc143 · · Score: 2

      Not exactly. Privacy does not exist in the US because neither the businesses nor the government wants it. The business like to collect whatever they want, ignoring some percentage of wrong data (so who cares that Mr. Smith cannot get a cable subscription, because of some wrong data somewhere), because it's more economical to ignore that than to allow the persons affected to correct it.

      And the government loves it because between Patriot Act, ...., and legal interpretation (e.g. emails stored on an external email server loose the expectation of privacy), the government gets access to stuff they would not be able get normally.

  14. Good news for data centers in the U.S. by HangingChad · · Score: 1

    With our near total lack of security and privacy, Chinese and Indian companies will be moving their data centers over here.

    I think it's sad that two countries, not exactly poster children for their defense of human rights, are pushing the security and privacy laws one would have thought should have originated here.

    To me it's more of a sad testimony on us than them.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:Good news for data centers in the U.S. by yacc143 · · Score: 1

      Not exactly, because transfering the data out of India to the US will be illegal.

  15. Where's the surprise? by yacc143 · · Score: 1, Interesting

    Well, while it seems to have superficial differences the Indian law (as described here) is rather similar to the EU data protection directive.

    Tiny issues include:

    - the form of the consent. One has to see how that is being handled, but consent to handle personal information is required in the EU too.

    - some issues are also around what is a person-linked information. IPv4 addresses are ruled sometimes so, sometimes not. IPv6 addresses almost for sure will be person-linked. Did I mention that in practice Apache's default configuration is illegal? Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address.

    - The right to know what a company stores about you, where it got that information from, and to correct wrong entries is rather natural. Depending upon where you ask in the EU data protection is considered either law, constitutional law, or a basic human right.

    - The only thing that has made this in the past "easier to ignore" is that the EU considers US companies that pledge to keep their laws to be legal targets of at least some personal information. (Notice that EC2 expanded first with data centers into the EU, because of data protection laws in the EU).

    - Notice that gmail/gapps are illegal to use (at least businesses) in a good part of the globe. E.g. even Canadian entities have decided not to use Google's offerings because of Canadian privacy laws. Basically the US approach of NO privacy (or actually privacy only in some niches, like HIPAA) is costing US business revenue. It will only get worse with time.

    1. Re:Where's the surprise? by turbidostato · · Score: 2

      "did I mention that in practice Apache's default configuration is illegal?"

      It is not. It is only that you should consider Apache logs as containing personal data and take care of them accordingly. As long as you plan to use those logs for its obvious purpose (technical maintenance) you don't need explicit consent: it is implicit by the fact you reached them with your browser.

      "Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address."

      That's only a mid-true: add servers collect IP address in order to process them as personal data (i.e. to focus their message), so they need explicit consent for collecting them: they don't get explicit consent for that, they can't collect them. Quite simple.

  16. Dammit, this was a brand new keyboard too! by rsilvergun · · Score: 1

    and I'm going to be cleaning coffee spray off it for a week. Now if you'll excuse me, I've got articles to read about death panels, abortion, gay marriage, supply side economics; plus a local tea party rally to attend (but not national, musn't have those fellas split the vote and let progressives in office).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Dammit, this was a brand new keyboard too! by jbolden · · Score: 1

      Take a look at the data. All those issues correlate strongly with others and opinions end up being rather consistent for overwhelming number of voters.

      I'm not saying they have the right opinions, I'm saying they aren't easily manipulated by wedge issues. People who have strong hard right opinions on some issues generally have them on almost all issues, etc...

    2. Re:Dammit, this was a brand new keyboard too! by Runaway1956 · · Score: 1

      "People who have strong hard right opinions on some issues generally have them on almost all issues, etc..."

      California found that to be a lie when Prop 8 was in play. Liberals counted on illegal and legal immigrants, along with black and Latino citizens to sway the vote the way the liberals wanted. Surprise, surprise, surprise!! Those very people that the liberals counted on voted the OTHER way.

      There is a lot of truth that right wingers vote the right wing ticket, and left wingers vote the left wing ticket - AMONG MIDDLE CLASS WHITE VOTERS.

      Add in the statement from your first post: "Pretty much.... people are voting the issues, and in a reasonably well thought out way."

      One might conclude that non-white middle class voters tend to vote more responsibly? Hmmmm - food for thought. Of course, with the huge Mexican vote influencing elections, taking a look at the current situation in Mexico makes things pretty scary.

      http://www.borderlandbeat.com/

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    3. Re:Dammit, this was a brand new keyboard too! by jbolden · · Score: 1

      Not really. Black voters in California fall heavily into the "disadvantaged voters" category. Those are voters that view themselves as voting an economic ticket for their advantage. They aren't however liberals, so they tend to support social programs that benefit them or people they care about and on social issues are moderate to conservative. They consider economic issues more important and so elect white liberals, but they themselves aren't liberal.

      In other words blacks are democrats not liberals.

  17. US companies just ignore the laws by rsilvergun · · Score: 1

    the cost savings are always much higher than any penalties, so you just ignore the laws. The only place this isn't true is medical because the AARP actually takes care of it's voting block. Besides, even if you're breaking these laws you're liable to be fined in India, where the currency exchange make it dirt cheap to pay. This doesn't really matter.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:US companies just ignore the laws by yacc143 · · Score: 2

      Simple to solve that one. Express the fine as a percentage of global revenues, like the EU does for anti-competitive practices. Notice how US companies do try to appease EU regulations in this area. Notice that the US companies most affected, e.g. ad networks, are already trying to appease the EU privacy regulations. (E.g. masking IP addresses in data collected and so on.)

  18. Quiet push by mustPushCart · · Score: 1

    Im actually surprised about this, this is the first I am hearing about it. I live in India and I didn't hear squat even though I don't read papers end to end an article like this on the first few pages would have caught my eye. Now that I search through our national dailies I still cant find it. Looks like they pushed it through on the quiet.

  19. Yaaaay! by __aazsst3756 · · Score: 1

    As a US company, I want even playing field. As a US consumer this is awesome! The last company I worked for did backups for banks and courts etc., and their server room was built in a concrete vault. The main selling point was ... "do you know where your data is?".

  20. Before we all jump on the bandwagon by theshowmecanuck · · Score: 2

    Before we all jump on the bandwagon and cheer about how great this is, let's see how well the new laws are enforced before we get too excited. That is with respect to the Indian laws, which are already enacted or seem close to being so. As far as China goes, let's see what the actual laws are going to be, and how well they are going to be enforced.

    There are a lot of bureaucrats in both countries with deep pockets. And both of these countries are ranked pretty far up there in terms of the Corruption Perception Index. At least compared to North America and Europe. Which is why American and Canadian companies probably like doing business over there; and why European companies probably wish they could. At least North America and Europe will now be playing on the same level now... once they pay their bribes.

    --
    -- I ignore anonymous replies to my comments and postings.
  21. What the public does not know by walterbyrd · · Score: 1

    I'll bet the public does not know about 90% of the security disasters that have already been caused by offshoring IT. Even the huge disasters that have been disclosed get very little attention in the pop-media.

  22. Sounds great by Anonymous Coward · · Score: 0

    Especially what India did. We want the same laws here in Europe. No selling of Information to third parties, no lending etc without proper authorization. Yes that may complicate outsourcing. Well who cares? And to the extensive paper work. There is a possible way out of it. International agreements, so data from Europe can still be transfered to India without additional paper work, because India and Europe belong to the same trust zone.

    Nevertheless I do not want my information sold. Who ever does that, shall be punished (in forms of lots of money) which has to be payed to the state of course.

    1. Re:Sounds great by turbidostato · · Score: 1

      "We want the same laws here in Europe. No selling of Information to third parties, no lending etc without proper authorization."

      Are you an Anonymous coward or an Ignorant coward?

      Those are exactly the kind of laws we have here in Europe since 1995.

  23. When data collection is illegal... by Paul+Fernhout · · Score: 2

    ...only outlaws will have your data? :-)

    An alternative David Brin-like transparent society suggestion to make data mining go both ways:
        "The need for FOSS intelligence tools for sensemaking etc. "
        http://pcast.ideascale.com/a/dtd/76207-8319

    That said, I'm not against privacy laws... But I can wonder what the unintended consequences may be.

    For example, is HIPAA really helping make medicine better? Example:
        http://crazymer1.wordpress.com/2010/01/10/hipaa-laws-unintended-consequences/
    "Anyone whose loved one suffers from severe mental illness has most likely run smack dab into the HIPAA laws when they try to help their loved one. The way they stand right now, HIPAA Laws (Health Insurance Portability and Accountability Act of 1996) are a hindrance rather than a help for the severely mentally ill population."

    Sometimes trying to regulate into law what should be the product of a health life-affirming culture is not a great idea in the end. Our culture has lots of problems, including with respect for privacy, but it is not clear that laws are the best way to solve these problems.

    A big part of these problems, for example, relate to economic uncertainty if you are seen in a bad light. With something like a "basic income", privacy issues at least in some areas might not be as important. So there may be other more fundamental ways to address some of these issues. related:
        http://basicincome.iovialis.org/e00.html

    Another big issue is simply a broad imbalance of economic power, which might be addressed in part to a return to a 92% progressive tax rate, as the USA had a few decades ago in its boom years. Or, perhaps more corporate charter revocations when corporations do not put the public interest first, as used to be routine a century or two ago?

    More on 21st century enlightenment, from the RSA:
        http://www.youtube.com/watch?v=AC7ANGMy0yo

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  24. This is excellent news! by Anonymous Coward · · Score: 1

    This is excellent stuff! I'm especially impressed with India.

    I really don't understand that this can be reported as "paperwork-generating mess". What nonsense.

  25. Just wait till our bureaucracy inteprets these.... by ami.one · · Score: 1

    These might look good on paper, but just wait till our bureaucracy & police start interpreting this in their usual ways and start arresting random big shot CEOs from google India, facebook India or the various ISPs due to 'hate speech' posted by users etc. and all this jacks up the 'cost of doing business' (ie greasing palms) by a huge amount. And no user will really be able to take any action against any corporate because obviously our administration sees them as having more potential of pay offs. Very soon IT as a sector will become like our Real Estate sector - unimaginably corrupt - builders pay off nearly 20% of building/land costs to various govt depts and then obviously pass on these costs, as well as inordinate time delays, to the poor home buyers.

  26. By the corrupt for the corrupt by Anonymous Coward · · Score: 0

    My concern with the law as an Indian is that the law prevents disclosure of bank accounts, details of phone records. There were two major incidents in the recent past. A disclosure of information by some journalists on tapes between industrialists and politicians. The other relating to swiss bank accounts which assange is about to post to Wikileaks.

    Under the current rules both of these will be information which is provided as a result of breach of privacy. No news outlet can post such information without breaking these IT act rules. Essentially it's a gag order. You can argue it's in the public domain. However public domain is validly so if the information is provided or available as a result of disclosure by a party who is authorized to make such disclosure. So even if X were to leak such information, news outlet Y cannot host it on their IT systems or distribute it.

    Essentially made for the corrupt by the corrupt.

    Move on people.

  27. "...could doom outsourcing" by Anonymous Coward · · Score: 0

    Would that count as an economic recovery "green shoot"?

  28. India is screwed by Anonymous Coward · · Score: 0

    The article links to another article written by actual lawyers. In India's law, guess what counts as sensitive personal data, that required written consent to retrieve, store, and manage?

    Passwords.

    That's right: authentication is illegal in India without prior written consent.

    (I imagine this part of the law will either get clarified, changed, or will simply not get enforced except when authorities need a trumped-up charge to justify going afer someone they don't like, but still.)