Offshoring privacy: when companies offshore business processes, they are putting consumers' most sensitive personal information at risk--and there's little consumers can do about it.While Americans are concerned about offshoring
Offshoring describes the relocation of business processes from one country to another. taking away jobs from U.S. workers, many do not realize that there is a bigger, more insidious, problem associated with the practice. Offshoring also poses risks to the security and privacy of consumers' personal data because when companies offshore business processes they also send their customers' most sensitive information overseas. Once sent abroad, the information is at risk because U.S. federal laws do not apply to foreign companies operating overseas. In fact, many countries that contract for offshore work with U.S. companies have far weaker security and privacy laws than the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . For example, India has no laws to protect personal and private data. The situation is made more complex by the fact that it is extremely difficult for Americans to use foreign courts to sue foreign companies that misuse American data. These factors leave the most sensitive details of the lives of millions of consumers vulnerable to lax security and malicious identity thieves. And the problem is growing. Consider the following examples: * Tax returns for about 200,000 Americans were prepared in India in 2004. Indian workers processed only about 1,000 U.S. tax returns two years ago. Tax returns include Americans' names, Social Security numbers, income, employers, addresses, and other personal details personal details npl (on form etc) → coordonnées fpl personal details person npl → Personalien pl personal details . * The American Association American Association refers to one of the following professional baseball leagues:
* An executive from Trans Union, one of the major U.S. credit agencies, told the San Francisco Chronicle The San Francisco Chronicle was founded in 1865 as The Daily Dramatic Chronicle by teenage brothers Charles de Young and Michael H. de Young.[2] The paper grew along with San Francisco to become the largest circulation newspaper on the West Coast of the that 100 percent of the company's mail regarding customer disputes is sent to India at some point, A few recent incidents illustrate the risk that international offshoring poses to consumers. In one case, a low-paid transcriber in Pakistan working as a subcontractor to the University of California The University of California has a combined student body of more than 191,000 students, over 1,340,000 living alumni, and a combined systemwide and campus endowment of just over $7.3 billion (8th largest in the United States). Medical Center in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden threatened to post confidential patient information on the Internet unless the university coaxed her boss into paying her bills. In Noida, India, an employee working at a call center used an American's credit card information to buy electronics equipment from Sony. In some areas, a thriving black market for personal identity information exists. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. one report, stolen names, addresses, phone numbers, and bank account information--including account numbers--are sold on Indian streets for pennies. "It's not merely that Americans' identities are vulnerable when sent abroad. The problem is that American companies obscure how much outsourcing they do, and when they are doing it," Sen. Dianne Feinstein Dianne Goldman Berman Feinstein (born June 22, 1933) is the senior U.S. Senator from California, having held office as a senator since 1992. She is a member of the Democratic Party. (D-Calif.) recently told the U.S. Congress. Few Regulations, Fewer Restrictions More and more companies are sending work overseas to achieve cost savings and competitive advantage, and there is little federal oversight. The problem is so bad that U.S. regulatory agencies, despite their oversight of U.S. industries, have not been able to determine how many security breaches have taken place or how much they have cost consumers. According to John D. Hawke Jr., who heads the Office of the Comptroller of the Currency The Office of the Comptroller of the Currency (or OCC) was established by the National Currency Act of 1863 and serves to charter, regulate, and supervise all national banks and the federal branches and agencies of foreign banks in the United States. (OCC OCC See: Options Clearing Corporation OCC See Options Clearing Corporation (OCC). ), one of the agencies that regulates U,S. financial institutions and banks, the OCC does not directly regulate whether banks have adequate privacy procedures in place for foreign servicing. The OCC does suggest certain safeguards for U.S. banks to use when they hire foreign information processors. The agency also asks U.S. banks to use contract provisions to ensure that foreign companies use secure methods to process data and to let U.S. companies audit the foreign companies. But the OCC does not require that companies adopt these safeguards. Rep. Edward J. Markey (D-Mass.), co-chair of the Congressional Privacy Caucus, recently requested clarification about the breadth of HIPAA's (Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when ) protection of consumer data when it is sent overseas for processing. In a letter to Markey, Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS (HHS HHS Department of Health and Human Services. ) Secretary Tommy Thompson For other people with similar names, see . Tommy George Thompson (born November 19, 1941), a United States politician, was the 7th U.S. Secretary of Health and Human Services and the 42nd Governor of Wisconsin. revealed that "Neither HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, nor the HHS Privacy Rule require covered entities or business associates to register with the department to report on the nature or content of their contractual relationships." Thompson noted that if a consumer's medical records are offshored to an entity and that entity compromises the confidentiality of the consumer's private information, he or she has no right under HIPAA to sue either the U.S. company that transferred the data or the offshore company that misused it. Thompson indicated that. HHS' enforcement efforts are driven entirely by consumer complaints or press reports about potential privacy violations, and that the department does not conduct routine compliance oversight to determine whether HIPAA privacy rules are being complied with. Markey also questioned the Federal Deposit Insurance Corp. (FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). ) about the level of protection existing FDIC regulations provide to consumers when their data is offshored. A June FDIC study on the consumer privacy risks of offshoring personal data by FDIC-insured banks revealed that "The more complicated chain of control incurred when offshoring financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. and related data may create new risks when compared to domestic outsourcing." The study also found that "geographic distance from the function and timing lags in reporting heighten the potential risk exposures" and "few legal restrictions exist on financial services companies sending consumer data to foreign countries." Most ominous, the study noted that "customers may not opt out of these information transfers to nonaffiliated service providers" under loopholes contained in the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition for data transfers to service providers. In response to these risks, the FDIC made two recommendations: 1) that financial institutions be required to identify currently undisclosed contracting arrangements that their third-party contractors may enter into; and 2) that financial institutions should he required by federal regulation to create a central database of information about all their outsourcing arrangements so that regulators can better monitor them. A federal banking regulators' letter signed by the heads of the Federal Reserve, the FDIC, the National Credit Union Administration The National Credit Union Administration (NCUA) is responsible for chartering, insuring, supervising, and examining federal credit unions (FCUs) and for administering the National Credit Union Share Insurance Fund. , the OCC, and the Office of Thrift Supervision The Office of Thrift Supervision (OTS) was established as a bureau of the Treasury Department in August 1989 as part of a major Reorganization Plan of the thrift regulatory structure mandated by the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) (12 U.S.C.A. revealed that none of them collect information on the customer data that U.S. banks currently transfer to foreign companies, who they transfer it to, the purpose of the transfer, or whether the consumer is given the right to opt-out of such transfers. In addition, the regulators were unable to report on how many examinations they had conducted to determine whether outsourcing of consumer information may have resulted in unauthorized disclosure of data. The regulators also confirmed that U.S. consumers currently have no legal right under federal law to sue a bank for transferring their personal financial information to an offshore entity that releases this information. "The letters I have received from HHS and the banking regulators only serve to underscore how weak current federal privacy protections are," Markey said. At the very least, privacy advocates say consumers should have a right to know if their personal information is being transferred abroad and a right to say "no" to this practice if they object. FDIC Predicts Increased Offshoring The Federal Deposit Insurance Corp.(FDIC) released a report in June warning that consumer privacy could be compromised by sending customer data overseas if companies do not adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. strict rules for data processing. The report also predicts that more information processing jobs will be sent overseas in the next five years, motivated by cost savings and competitive pressures. "Typically, financial institutions offshore non-core job functions, such as IT (specifically, software development and maintenance), administration, human resources, contact centers, call centers, and telemarketing," says the report. The report also estimates that financial institutions that offshore achieve average cost savings of 39 percent, with one in four institutions surveyed achieving savings of more than 50 percent. The report further reveals that "the range and number of offshored job functions within individual institutions is expected to increase, with the average number growing from two to four functions per institution. In particular, the traditional focus on IT alone, which accounts for 70 percent of current offshore activity, will change to a business-process emphasis." Information Offshoring Receives Increased Attention on Capitol Hill Several bills addressing the issue of information offshoring have been introduced in the 108th Congress. While offshoring has received media attention associated with the issue of lost American jobs, Congress has not held hearings or markups on specific legislation. It is expected, however, that legislation on the issue will see increased attention when the 109th Congress convenes in 2005. Three principal bills are now pending in Congress: * Increasing Notice of Foreign Outsourcing Act (INFO Act)--This legislation, introduced by Senators Dianne Feinstein (D-Calif.) and Bill Nelson (D-Fla.), requires U.S. health and financial companies to notify consumers when sending their information abroad and to certify the safeguards associated with the overseas processing. It would require U.S. companies processing health and financial data to include clauses in contracts with their overseas partners to enforce U.S. privacy standards and to allow audits of their information processors. The bill would create a system to inform U.S. companies and federal regulators of any security breaches involving American health or financial information at facilities operated outside the United States. The bill also gives consumers the right to know where overseas call centers are located. It also gives federal agencies the power to enforce these provisions. "The bill will ensure that American companies notify consumers of a business' outsourcing practices. And it will require American companies to hold their foreign business partners accountable for protecting American data," Feinstein said. * Safeguarding Americans from Exporting Identification Data Act (SAFE-ID Act)--Introduced by Senators Hillary Rodham Rodham is an English surname which may refer to a number of persons or places. People Family of Hillary Rodham Clinton
* Personal Data Offshoring Protection Act of 2004--Introduced by Rep. Edward J. Markey (D-Mass.),this measure also would require businesses to give consumers notice before transmitting personally identifiable information overseas. It would prohibit offshoring where adequate privacy protections are lacking unless: 1) the business discloses the lack of protections and obtains the consumer's prior consent for transmittal; and 2) such consent is renewed by the consumer within one year before the offshoring. The bill would also create a private right of action in state court for violations and authorize states, on behalf of their residents, to bring civil actions in federal court for such violations. The bill requires prior notice to the Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) of state actions, authorizes the FTC's intervention, and directs the FTC to certify those countries that have legal systems providing adequate privacy protections. Markey's bill also would create a presumption of inadequacy for foreign laws that are less protective of privacy than U.S. law, the law of any U.S. state, or where the FTC determines that enforcement is lacking. The bill would require certification of countries whose laws meet the requirements of the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community Data Protection Directive, unless such laws are not adequately enforced. Source: SmithBucklin Corp. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion