New Privacy Laws In Asia May Cripple Data-Centric Outsourcing

← Back to Stories (view on slashdot.org)

New Privacy Laws In Asia May Cripple Data-Centric Outsourcing

Posted by timothy on Saturday May 14, 2011 @11:18PM from the death-by-a-thousand-permission-slips dept.

bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."

10 of 98 comments (clear)

Min score:

Reason:

Sort:

Blah by Anonymous Coward · 2011-05-14 23:24 · Score: 5, Insightful

From the perspective of someone who prefers their privacy I'm not seeing a problem.
1. Re:Blah by Black+Parrot · 2011-05-14 23:54 · Score: 4, Insightful
  
  From the perspective of someone who prefers their privacy I'm not seeing a problem.
  Only problem I see is why we don't have laws like this. With teeth.
  Why haven't we seen an article titled "New US Law Will Cripple Data-Centric Outsourcing (and intrusive/careless management of data at home)"? And about 15 years ago?
  Oh, wait. I forgot who owns Congress. Silly me.
  
  --
  Sheesh, evil *and* a jerk. -- Jade
2. Re:Blah by yacc143 · 2011-05-15 01:59 · Score: 5, Interesting
  
  Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.
3. Re:Blah by yacc143 · 2011-05-15 02:12 · Score: 4, Informative
  
  More likely customers from places with privacy laws will start to offer their business to non-US providers.
  Notice that the planned Indian regulations will probably make it a "safe 3rd party country" in EU-speak, meaning that personal data can be freely transfered out of the EU to India for processing or whatever because it has a similar level of legal privacy protection. Notice that the same thing EU-US is currently possible only with massive winking, and can end over night e.g. if the EU parliament gets pissed of enough about it.
4. Re:Blah by Luckyo · 2011-05-15 05:02 · Score: 4, Informative
  
  Privacy laws like these have some of the same issues, in that it's impossible to perfectly follow them to the letter while still conducting business. The difference is the consequences are much higher. Since it's China and India I assume that bribing your way out is still possible, but the price is much higher and if you offer too low, you could end up dead (particularly in China).
  False. Essentially everyone here in EU follows them to the letter, and has done so for years. In some countries, well over a decade.
  The only people who cannot follow them, are either not in EU and do not want to follow EU laws, or are literally too stupid to follow them. They're actually very easy when you get an IT-admin's version of them, and very easy to follow. You do not need to be schooled in law to understand them, one hour review is enough for most people.
  As a comparison, when I was getting my security guard card for a summer job, legal rights and obligations took several days to teach and were a major part of the course.
  I'm saying this from experience, I spent several years maintaining local university's campus network as a local admin, and one of the things we got a wiki page on was privacy laws, what we're allowed to do, what we're not allowed to do, what users are allowed to do, and what users are not allowed to do.
  Interestingly, most of the stuff that opponents of privacy laws scream about as "this hinders my ability to maintain proper network management", as an admin you're actually exempt, by law. It's not a stupid piece of legislation by any means, and most certainly allows for maintaining very complex networks. You just have to actually want or feel obligated to follow the law.
5. Re:Blah by golodh · 2011-05-15 06:24 · Score: 4, Insightful
  
  The proposed new rules (http://www.bnet.com/blog/technology-business/new-privacy-laws-in-india-and-china-could-make-it-outsourcing-ugly/10620) are:
  * Those that hold personal data must receive explicit consent to divulge that data to third parties.
  * There are specific restrictions ''during the collection, processing, use, transfer and maintenance of personal information.''
  * Personal data cannot be exported unless specifically allowed by law or government authorities.
  * A company must get written consent by letter, fax, or email for the collection of data.
  * People can opt out at a later time and withdraw their consent.
  * There are significant restrictions on disclosing personal data to third parties.
  * When a person has given consent for the transfer of data, or it`s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
  * People have the right to review their data and to correct it.
  Reading the proposed new rules I totally fail to spot anything unreasonable. On the contrary, any bona-fide company that uses fair and transparent privacy rules will be in compliance without altering a thing about their operational procedures.
  So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?
Are you kidding? by Anonymous Coward · 2011-05-14 23:34 · Score: 5, Insightful

If by "Big privacy-law changes" you mean they're going to have some, then yes that will make it harder for companies to just offshore data processing to these countries and not worry about what happens. How on Earth you can try and paint that as a bad thing for those of us who actually, you know, like having privacy after our details are farmed off to some offshore data processing facility is beyond me.
What's the problem? by bmo · 2011-05-14 23:40 · Score: 5, Informative

>A company must get written consent by letter, fax, or email for the collection of data.
Fucking awesome.
>People can opt out at a later time and withdraw their consent.
Fucking awesome
>There are significant restrictions on disclosing personal data to third parties.
Fucking awesome.
>When a person has given consent for the transfer of data, or itâ(TM)s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
People have the right to review their data and to correct it.
Fucking awesome.
The only people who have a problem with this are the ones who are intent on anally-raping your and my personal information with no reach-around.
So when do we get this in the States?
--
BMO
1. Re:What's the problem? by xMrFishx · 2011-05-15 01:01 · Score: 4, Informative
  
  That sounds very much like the UK's Data Protection Act.
Re:Result: jettison all personal data by Black+Parrot · 2011-05-15 00:01 · Score: 4, Insightful

It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable.
Wouldn't that judgement kind of depend on how much IT is contributing to their business? If it reduces your payroll, multiplies the number of customers you can reach, allows you to give those customers faster or otherwise better service at reduced cost, and allows you to make better business decisions, 10% might be a helluva bargain.

--
Sheesh, evil *and* a jerk. -- Jade