New Privacy Laws In Asia May Cripple Data-Centric Outsourcing

bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."

Blah

From the perspective of someone who prefers their privacy I'm not seeing a problem.

Re:Blah

[Black+Parrot]

From the perspective of someone who prefers their privacy I'm not seeing a problem.

Only problem I see is why we don't have laws like this. With teeth.

Why haven't we seen an article titled "New US Law Will Cripple Data-Centric Outsourcing (and intrusive/careless management of data at home)"? And about 15 years ago?

Oh, wait. I forgot who owns Congress. Silly me.

Re:Blah

[yacc143]

Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.

Re:Blah

[yacc143]

More likely customers from places with privacy laws will start to offer their business to non-US providers.

Notice that the planned Indian regulations will probably make it a "safe 3rd party country" in EU-speak, meaning that personal data can be freely transfered out of the EU to India for processing or whatever because it has a similar level of legal privacy protection. Notice that the same thing EU-US is currently possible only with massive winking, and can end over night e.g. if the EU parliament gets pissed of enough about it.

Re:Blah

[Luckyo]

Privacy laws like these have some of the same issues, in that it's impossible to perfectly follow them to the letter while still conducting business. The difference is the consequences are much higher. Since it's China and India I assume that bribing your way out is still possible, but the price is much higher and if you offer too low, you could end up dead (particularly in China).

False. Essentially everyone here in EU follows them to the letter, and has done so for years. In some countries, well over a decade.

The only people who cannot follow them, are either not in EU and do not want to follow EU laws, or are literally too stupid to follow them. They're actually very easy when you get an IT-admin's version of them, and very easy to follow. You do not need to be schooled in law to understand them, one hour review is enough for most people.
As a comparison, when I was getting my security guard card for a summer job, legal rights and obligations took several days to teach and were a major part of the course.

I'm saying this from experience, I spent several years maintaining local university's campus network as a local admin, and one of the things we got a wiki page on was privacy laws, what we're allowed to do, what we're not allowed to do, what users are allowed to do, and what users are not allowed to do.
Interestingly, most of the stuff that opponents of privacy laws scream about as "this hinders my ability to maintain proper network management", as an admin you're actually exempt, by law. It's not a stupid piece of legislation by any means, and most certainly allows for maintaining very complex networks. You just have to actually want or feel obligated to follow the law.

Re:Blah

[golodh]

The proposed new rules (http://www.bnet.com/blog/technology-business/new-privacy-laws-in-india-and-china-could-make-it-outsourcing-ugly/10620) are:

* Those that hold personal data must receive explicit consent to divulge that data to third parties.

* There are specific restrictions ''during the collection, processing, use, transfer and maintenance of personal information.''

* Personal data cannot be exported unless specifically allowed by law or government authorities.

* A company must get written consent by letter, fax, or email for the collection of data.

* People can opt out at a later time and withdraw their consent.

* There are significant restrictions on disclosing personal data to third parties.

* When a person has given consent for the transfer of data, or it`s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.

* People have the right to review their data and to correct it.

Reading the proposed new rules I totally fail to spot anything unreasonable. On the contrary, any bona-fide company that uses fair and transparent privacy rules will be in compliance without altering a thing about their operational procedures.

So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?

Are you kidding?

If by "Big privacy-law changes" you mean they're going to have some, then yes that will make it harder for companies to just offshore data processing to these countries and not worry about what happens. How on Earth you can try and paint that as a bad thing for those of us who actually, you know, like having privacy after our details are farmed off to some offshore data processing facility is beyond me.

Re:Are you kidding?

[SmurfButcher+Bob]

Offshore data processing is just so Web 1.0. In the Web 2.0 world, it's "Data Rendition".

What's the problem?

[bmo]

>A company must get written consent by letter, fax, or email for the collection of data.

Fucking awesome.

>People can opt out at a later time and withdraw their consent.

Fucking awesome

>There are significant restrictions on disclosing personal data to third parties.

Fucking awesome.

>When a person has given consent for the transfer of data, or itâ(TM)s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
People have the right to review their data and to correct it.

Fucking awesome.

The only people who have a problem with this are the ones who are intent on anally-raping your and my personal information with no reach-around.

So when do we get this in the States?

--
BMO

Re:What's the problem?

[Black+Parrot]

The real question when do we get a government that is more concerned about the welfare of the population than corporate profits?

Shortly after people start voting for good government instead of knee-jerk issues or whoever promises the best combination of tax cuts and handouts for yourself.

IOW, never.

Re:What's the problem?

[xMrFishx]

That sounds very much like the UK's Data Protection Act.

Re:What's the problem?

[yacc143]

As I said, only wording and tiny details are different from the EU data protection directive, which is as it happens the source where the UK act got cloned from.
(The UK actually being one of the countries that do not care much about privacy, IMHO, so I guess they basically choose the most basic implementation allowed)

Guess the sky has not fallen on the heads of the Brits yet, so one can quite well prosper with privacy.

Re:Actually, this sounds like a clever way of...

[thsths]

Maybe, but I think the EU should have done this long ago. The "safe harbour" regulation, where companies in the US promise to stick to EU law, is not worth the paper it is written on. Of course the NSA, FBI, DHS and some other three letter agencies have access, and maybe even more people.

The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.

Result: jettison all personal data

[shoppa]

I don't see what the problem with the new laws is. They make it somewhere between uneconomical and impossible for companies to archive personal data (about me and you and others) forever without a well-defined use. What's the big deal?

For a long time there's been the hope in every company, that if they archive every piece of personal data, including every search term I've ever used and every cookie ever in my browser and everything I've ever bought at the grocery store or drugstore while using a credit card or loyalty card, that somehow this would pay off to them monetarily. They've already been paying money and effort to store this data probably without any obvious benefit to them. If these new regulations drive home the point that there's no point in storing all that useless information because of regulatory costs, what they'll do is simply stop storing it. No problem. Their IT suddenly becomes much more efficient because they are doing useless storage and archiving. They'll probably get a higher profit margin as a result.

It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable. As IT technologies improve, IT should become a cheaper and smaller part of every company. Not get more and more expensive.

Re:Result: jettison all personal data

[Black+Parrot]

It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable.

Wouldn't that judgement kind of depend on how much IT is contributing to their business? If it reduces your payroll, multiplies the number of customers you can reach, allows you to give those customers faster or otherwise better service at reduced cost, and allows you to make better business decisions, 10% might be a helluva bargain.

Re:Actually, this sounds like a clever way of...

[jbolden]

Yeah I think that's great. Indian outsourcing companies are basically making it hard for companies to ever get their data back. So either they will need knowledgeable staff in the USA to pull all their data off the Indian systems or it stays in India forever.

Good. About time US companies realize, make India your IT center you are subject to Indian IT law.

This might bring some outsourced jobs back home

[petes_PoV]

Provided we can meet the standards of the customers in India and China