New Privacy Laws In Asia May Cripple Data-Centric Outsourcing 98
bizwriter writes "Think privacy issues are a pain when they affect consumers? Get ready for the grandfather of all corporate computing headaches. Big privacy-law changes in India and China are about to turn data-processing outsourcing into a hurdle-leaping, paperwork-generating mess."
Blah (Score:5, Insightful)
Re:Blah (Score:5, Insightful)
From the perspective of someone who prefers their privacy I'm not seeing a problem.
Only problem I see is why we don't have laws like this. With teeth.
Why haven't we seen an article titled "New US Law Will Cripple Data-Centric Outsourcing (and intrusive/careless management of data at home)"? And about 15 years ago?
Oh, wait. I forgot who owns Congress. Silly me.
Re:Blah (Score:5, Interesting)
Well, look at it like this, when such laws become standard around the globe, and for example the EU decides to reject the US-EU data safe heaven idiocy, US businesses will overload the phone system in DC to get such laws in the US too, because more and more revenue will be lost, because it will be simply illegal to use an US provider to do anything related with personal data. Until this happens I guess nothing will happen in the US on this front.
Re: (Score:1)
This does nothing to protect your privacy. It only expands the army of bureaucrats that run the world.. Data can, and no doubt will be collected and sent out surreptitiously, and nobody will ever know the better.. outside the few cases where somebody needs to be thrown under a bus for PR purposes
Re: (Score:2)
And it increases the costs of doing business with these countries.
Maybe we're seeing the beginning of the end of the massive outsourcing that has been plaguing the American tech worker. When the financial incentives to outsource are gone, the jobs will return.
More likely, they'll move operations to countries that don't have these laws.
Re:Blah (Score:4, Informative)
More likely customers from places with privacy laws will start to offer their business to non-US providers.
Notice that the planned Indian regulations will probably make it a "safe 3rd party country" in EU-speak, meaning that personal data can be freely transfered out of the EU to India for processing or whatever because it has a similar level of legal privacy protection. Notice that the same thing EU-US is currently possible only with massive winking, and can end over night e.g. if the EU parliament gets pissed of enough about it.
Re: (Score:2)
And it increases the costs of doing business with these countries.
Considering the corruption in these countries [wikipedia.org] then I will have to agree with you. Companies will have to increase the amount of bribes they are probably already paying.
Re: (Score:2)
Or where a disgruntled employee has a bad day.
Notice how the EU directive is already forcing ad networks to change how they operate (slightly I admit, but then that's what they are doing voluntary to avoid explicit regulations/fines for their practices).
One last thought here is that everyone needs to be able to show proof that he is legally using MS Office. And in big organizations licenses (although they might have MS site licenses) are a headache. How come that they cannot put a similar amount of energy i
Re: (Score:2)
No big organization using Microsoft products (unless they have a blanket unlimited site license, and I didn't think Microsoft did that) could survive a BSA audit unscathed; the BSAs standards are just ridic
Re:Blah (Score:5, Informative)
Privacy laws like these have some of the same issues, in that it's impossible to perfectly follow them to the letter while still conducting business. The difference is the consequences are much higher. Since it's China and India I assume that bribing your way out is still possible, but the price is much higher and if you offer too low, you could end up dead (particularly in China).
False. Essentially everyone here in EU follows them to the letter, and has done so for years. In some countries, well over a decade.
The only people who cannot follow them, are either not in EU and do not want to follow EU laws, or are literally too stupid to follow them. They're actually very easy when you get an IT-admin's version of them, and very easy to follow. You do not need to be schooled in law to understand them, one hour review is enough for most people.
As a comparison, when I was getting my security guard card for a summer job, legal rights and obligations took several days to teach and were a major part of the course.
I'm saying this from experience, I spent several years maintaining local university's campus network as a local admin, and one of the things we got a wiki page on was privacy laws, what we're allowed to do, what we're not allowed to do, what users are allowed to do, and what users are not allowed to do.
Interestingly, most of the stuff that opponents of privacy laws scream about as "this hinders my ability to maintain proper network management", as an admin you're actually exempt, by law. It's not a stupid piece of legislation by any means, and most certainly allows for maintaining very complex networks. You just have to actually want or feel obligated to follow the law.
Re: (Score:2)
Nonsense, tearing down the borders and allowing humans to migrate as they please will eliminate that problem, and the outsourcing issue entirely, in a new york second... The profit from trafficking comes from government restrictions on the freedom to move. This is the basic purpose borders serve today, to actually aid the slave trade, and drive down wages, etc. Every country is a kind of prison, and keeping you out is no different than keeping you in. Your passport is essentially an exit visa..
Re: (Score:2)
What about your freedom to stay? When people are compelled to emigrate in order to find work, this is generally called expulsion and is a bad thing. It's a rather thin continuum between a manager's commute from San Antonio to Matamoros, and the partition of India, and it's a very fine line between permitting people to move and leaving them no alternative.
Re: (Score:1)
Shit happens in a world with 7 billion people. Thinking you're smart enough to somehow plan around that simple fact is hubris in its purest form.
Re: (Score:1)
Re:Blah (Score:5, Insightful)
* Those that hold personal data must receive explicit consent to divulge that data to third parties.
* There are specific restrictions ''during the collection, processing, use, transfer and maintenance of personal information.''
* Personal data cannot be exported unless specifically allowed by law or government authorities.
* A company must get written consent by letter, fax, or email for the collection of data.
* People can opt out at a later time and withdraw their consent.
* There are significant restrictions on disclosing personal data to third parties.
* When a person has given consent for the transfer of data, or it`s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
* People have the right to review their data and to correct it.
Reading the proposed new rules I totally fail to spot anything unreasonable. On the contrary, any bona-fide company that uses fair and transparent privacy rules will be in compliance without altering a thing about their operational procedures.
So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?
Re: (Score:3)
So tell me, precisely what part of those proposed rules sounds as if it would hamper a bona-fide company from carrying out its bona-fide processing of personal data they obtained with consent?
It would hamper bona-fide companies that wish to resell everything they know about you without restriction from doing so. Waaaah! Evil commie alert! :)
I completely agree with you though - this seems like a fairly normal set of rules to me. If you value your privacy, that is.
Actually, this sounds like a clever way of... (Score:1)
...keeping employment within their own borders, without imposing illegal tariffs.
Re:Actually, this sounds like a clever way of... (Score:4, Interesting)
Maybe, but I think the EU should have done this long ago. The "safe harbour" regulation, where companies in the US promise to stick to EU law, is not worth the paper it is written on. Of course the NSA, FBI, DHS and some other three letter agencies have access, and maybe even more people.
The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.
Re: (Score:3)
The only way to keep data safe is to keep it under one jurisdiction. It is a sad state of affairs, but it is an accurate description of reality.
Bzzzt. The only way to keep data safe is to not hand it over to some other party in the first place. These laws are great and all, but the lobbyists can get them changed next year and now all of that data that people have given up under the impression of safety is fair game for full exploitation.
Re:Actually, this sounds like a clever way of... (Score:4, Interesting)
Yeah I think that's great. Indian outsourcing companies are basically making it hard for companies to ever get their data back. So either they will need knowledgeable staff in the USA to pull all their data off the Indian systems or it stays in India forever.
Good. About time US companies realize, make India your IT center you are subject to Indian IT law.
Are you kidding? (Score:5, Insightful)
If by "Big privacy-law changes" you mean they're going to have some, then yes that will make it harder for companies to just offshore data processing to these countries and not worry about what happens. How on Earth you can try and paint that as a bad thing for those of us who actually, you know, like having privacy after our details are farmed off to some offshore data processing facility is beyond me.
Re:Are you kidding? (Score:4, Funny)
Offshore data processing is just so Web 1.0. In the Web 2.0 world, it's "Data Rendition".
Re: (Score:2)
What's the problem? (Score:5, Informative)
>A company must get written consent by letter, fax, or email for the collection of data.
Fucking awesome.
>People can opt out at a later time and withdraw their consent.
Fucking awesome
>There are significant restrictions on disclosing personal data to third parties.
Fucking awesome.
>When a person has given consent for the transfer of data, or itâ(TM)s necessary by contract, a company can only send the data to an organization that provides the say level of security as the Indian regulations.
People have the right to review their data and to correct it.
Fucking awesome.
The only people who have a problem with this are the ones who are intent on anally-raping your and my personal information with no reach-around.
So when do we get this in the States?
--
BMO
Re: (Score:2)
Well India is using this as a way to stop data from being outsourced away from India. The US government loves sending jobs overseas.
The real question when do we get a government that is more concerned about the welfare of the population than corporate profits?
Re:What's the problem? (Score:4, Insightful)
The real question when do we get a government that is more concerned about the welfare of the population than corporate profits?
Shortly after people start voting for good government instead of knee-jerk issues or whoever promises the best combination of tax cuts and handouts for yourself.
IOW, never.
Re: (Score:2)
Actually you look at Pew surveys the American population has gotten decidedly more idealogical in the last generation and a half about what they consider "good government". Pretty much.... people are voting the issues, and in a reasonably well thought out way. Huge blocks of easily manipulated independents deciding elections are disappearing from the US landscape.
Dammit, this was a brand new keyboard too! (Score:2)
Re: (Score:2)
Take a look at the data. All those issues correlate strongly with others and opinions end up being rather consistent for overwhelming number of voters.
I'm not saying they have the right opinions, I'm saying they aren't easily manipulated by wedge issues. People who have strong hard right opinions on some issues generally have them on almost all issues, etc...
Re: (Score:2)
"People who have strong hard right opinions on some issues generally have them on almost all issues, etc..."
California found that to be a lie when Prop 8 was in play. Liberals counted on illegal and legal immigrants, along with black and Latino citizens to sway the vote the way the liberals wanted. Surprise, surprise, surprise!! Those very people that the liberals counted on voted the OTHER way.
There is a lot of truth that right wingers vote the right wing ticket, and left wingers vote the left wing tick
Re: (Score:2)
Not really. Black voters in California fall heavily into the "disadvantaged voters" category. Those are voters that view themselves as voting an economic ticket for their advantage. They aren't however liberals, so they tend to support social programs that benefit them or people they care about and on social issues are moderate to conservative. They consider economic issues more important and so elect white liberals, but they themselves aren't liberal.
In other words blacks are democrats not liberals.
Re: (Score:2)
I think it's those who buy into the left-right duopoly who are more easily manipulated than the independents, certainly the actual political beliefs of most people today mostly do not fit in the left-right boxes.
The latest Pew poll summary says"The Pew Research Center’s new Political Typology finds that the public is more doctrinaire at each end of the ideological spectrum, yet more diverse in the middle than it has been in the past."
(Full report at: http://people-press.org/2011/05/04/beyond-red-vs-bl [people-press.org]
Re: (Score:2)
I agree with your data / summary of Pew and was following your argument. The question is to what effect are the various 8 groups influenced by fake issues.
Re: (Score:3)
Re: (Score:1)
Not only this, but this may also be in response to Dell and other corporations in the US closing up their data processing/call centers in India and moving them elsewhere.
This will make it more difficult for any other US corporations to do the same.
Re: (Score:2)
That's my thinking too. Though of course they still have electronic access to the data. Its easy enough to pull the information with access and knowledgeable staff. Could be good for IT workers.
Re: (Score:2)
Not really.
The law not only makes it illegal to transfer the data out of country (which makes that electronic access problematic), it also makes it illegal to use the data at all if you do not have the explicit consent of the person. Not much an issue for companies that want to outsource their customer handling (because they have that consent usually through the contract with their customers), but an issue for companies storing information about persons they have no reasonable interaction with.
So in such pr
Re: (Score:2)
Another good point. Allows India to keep expanding its tech sector.
Re: (Score:2)
"Well India is using this as a way to stop data from being outsourced away from India."
Or maybe as a way to be able to insource from EU?
For the look of it, these regulations seems to be basically the same we've had here in Europe for about a decade, so that would mean India could gain a "safe harbour" status.
Re:What's the problem? (Score:5, Informative)
Re: (Score:3, Informative)
As I said, only wording and tiny details are different from the EU data protection directive, which is as it happens the source where the UK act got cloned from.
(The UK actually being one of the countries that do not care much about privacy, IMHO, so I guess they basically choose the most basic implementation allowed)
Guess the sky has not fallen on the heads of the Brits yet, so one can quite well prosper with privacy.
Re: (Score:2)
your and my personal information
What information is that? It all belongs to Facebook, Google or your ISP.
When the govt. wants "user info" [slashdot.org], they don't hand you the warrant (I know. Warrant. Ha, ha, ha.). They hand it to your ISP for "their" data.
Re: (Score:2)
We'll fix that in the next ACTA or WIPO treaty.
Don't you understand? Only the likes of Disney studios are allowed to own information or content.
Re: (Score:1)
You just typed their website address. Their server logged your IP address (which for the sake of argument is your personal static IP). Illegal! You then registered for a forum on that website, entering your name and email address. Illegal! You tried to buy something, giving out your credit card number. Illegal!
Re: (Score:3)
"Illegal!"
Only it is not.
"Their server logged your IP address"
Which is a fair business asumption, so no need of explicit consent. *But* you will need to take care of it as the personal data it is (so you can't pass it away to a third party to process it for different purposes than proper technical web site function). No problem.
"You then registered for a forum on that website, entering your name and email address."
And then you are advised what those name and address are going to be used for, which is for t
Re: (Score:2)
It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later.
Re: (Score:2)
"It's among one of the older tricks in the book to pass a law which cannot reasonably be followed to the letter, typically enforce it in a reasonable way, but then bring the hammer of selective strict enforcement down later."
Yeah, that's the thesis from Michel Foucault. It's only that privacy laws are in fact enforced to the letter. It's not so difficult since they are quite reasonable and not such a big burden.
Just think critically about what would you consider fair about how others should manage your pe
Re: (Score:2)
Re: (Score:2)
"The problem with this law is that when company A collects personal data and gives it to company B to have it maintained and processed, company B is responsible to follow the provisions of this law."
Within legal jargon it is one thing "processing" and a different one "giving away". Basically, when "processing" the data can't be used for anything different than that it was collected for. The main responsible it is still the company that gathered the data but of course, due dilligence that those processing
Re: (Score:2)
When you get an overtly gay communist as VP, with a lesbian atheist in the main job.
Laws like that are un-American.
Result: jettison all personal data (Score:4, Insightful)
For a long time there's been the hope in every company, that if they archive every piece of personal data, including every search term I've ever used and every cookie ever in my browser and everything I've ever bought at the grocery store or drugstore while using a credit card or loyalty card, that somehow this would pay off to them monetarily. They've already been paying money and effort to store this data probably without any obvious benefit to them. If these new regulations drive home the point that there's no point in storing all that useless information because of regulatory costs, what they'll do is simply stop storing it. No problem. Their IT suddenly becomes much more efficient because they are doing useless storage and archiving. They'll probably get a higher profit margin as a result.
It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable. As IT technologies improve, IT should become a cheaper and smaller part of every company. Not get more and more expensive.
Re:Result: jettison all personal data (Score:5, Insightful)
It's kind of scary. At many big non-IT companies, IT costs have risen to as much as 6% to 10% of their cost of doing business. This is simply unsustainable.
Wouldn't that judgement kind of depend on how much IT is contributing to their business? If it reduces your payroll, multiplies the number of customers you can reach, allows you to give those customers faster or otherwise better service at reduced cost, and allows you to make better business decisions, 10% might be a helluva bargain.
Re: (Score:2)
Yup - it is like arguments that pills are x% of healthcare costs. The absolute or per-capita costs matter a lot more than the percentage, since ultimately no matter what you do it still all adds up to 100%. I can see being concerned about admin overhead, but not which technology is used.
As long as IT is saving more money than it costs, then it is a sound investment. Amazon isn't an IT company per se, but clearly IT is a MAJOR enabler there.
Re: (Score:2)
Re: (Score:2)
When your $3,000,000/yr pool of employees is replaced by robots, OF COURSE the percentage of IT goes up. The other costs have been eliminated, silly.
This might bring some outsourced jobs back home (Score:4, Funny)
breathless article is breathless (Score:2)
There isn't much substance about reporting requirements or analysis of how companies will comply in the article.
It sounds like healthy experimentation frankly. If companies still make more money there, then we'll know these laws were perfectly reasonable. If specific industries like dating sites or banks stop placing call enters in India, or if Facebook pulls out of China, then we'll see the exact consequences.
And? Isn't that how it should be everywhere? (Score:2)
From the article:
That is how it is in most parts of europe, e.g. in germany. So what is your complaint?
angel'o'sphere
Re: (Score:1)
Offtopic, but you really don't need to put your name at the end of every comment you make. We know who posted it, it says right there at the top of every post.
Re: (Score:1)
To be more precise it's basically an EU directive that forces a similar privacy regime on all EU member states.
Re: (Score:1)
Re: (Score:2)
"Yeah, but to put credit where credit's due, it started in Germany, with other countries following in, which ultimately lead to the EU directive 95/46/EC."
It couldn't be Germany alone, then. EU directive 95/46/EC is from 1995; Spanish LORTAD, which was basically the same, is from 1992.
(Spanish LORTAD had the only miss in that it focused only on "automated files" while 1999's LOPD following 1995 EU directive is executive over both computer and paper files).
Like Jerry Seinfeld's man-bag . . . (Score:2)
The new rules outlined in TFA appear to basically ensure the level of "informational self-determination" that is supposed to be granted to EU citizens according to their court of human rights.
In that respect it could simply be what's required to keep that kind of business coming from Europe.
China? (Score:2)
Re: (Score:2)
That's because China has one "authority" for all information to start with - the government.
Currently, such information "control" is only a wet dream in Congress.
Re: (Score:2)
Not exactly. Privacy does not exist in the US because neither the businesses nor the government wants it. The business like to collect whatever they want, ignoring some percentage of wrong data (so who cares that Mr. Smith cannot get a cable subscription, because of some wrong data somewhere), because it's more economical to ignore that than to allow the persons affected to correct it.
And the government loves it because between Patriot Act, ...., and legal interpretation (e.g. emails stored on an external e
Good news for data centers in the U.S. (Score:2)
With our near total lack of security and privacy, Chinese and Indian companies will be moving their data centers over here.
I think it's sad that two countries, not exactly poster children for their defense of human rights, are pushing the security and privacy laws one would have thought should have originated here.
To me it's more of a sad testimony on us than them.
Re: (Score:1)
Not exactly, because transfering the data out of India to the US will be illegal.
Where's the surprise? (Score:1, Interesting)
Well, while it seems to have superficial differences the Indian law (as described here) is rather similar to the EU data protection directive.
Tiny issues include:
- the form of the consent. One has to see how that is being handled, but consent to handle personal information is required in the EU too.
- some issues are also around what is a person-linked information. IPv4 addresses are ruled sometimes so, sometimes not. IPv6 addresses almost for sure will be person-linked. Did I mention that in practice Apache
Re: (Score:3)
"did I mention that in practice Apache's default configuration is illegal?"
It is not. It is only that you should consider Apache logs as containing personal data and take care of them accordingly. As long as you plan to use those logs for its obvious purpose (technical maintenance) you don't need explicit consent: it is implicit by the fact you reached them with your browser.
"Notice how the EU has forced most (even US-based) ad networks to work around that by at least masking the last byte of the address."
US companies just ignore the laws (Score:2)
Re: (Score:2)
Simple to solve that one. Express the fine as a percentage of global revenues, like the EU does for anti-competitive practices. Notice how US companies do try to appease EU regulations in this area. Notice that the US companies most affected, e.g. ad networks, are already trying to appease the EU privacy regulations. (E.g. masking IP addresses in data collected and so on.)
Quiet push (Score:2)
Im actually surprised about this, this is the first I am hearing about it. I live in India and I didn't hear squat even though I don't read papers end to end an article like this on the first few pages would have caught my eye. Now that I search through our national dailies I still cant find it. Looks like they pushed it through on the quiet.
Yaaaay! (Score:1)
Before we all jump on the bandwagon (Score:3)
Before we all jump on the bandwagon and cheer about how great this is, let's see how well the new laws are enforced before we get too excited. That is with respect to the Indian laws [wikipedia.org], which are already enacted or seem close to being so. As far as China goes, let's see what the actual laws are going to be, and how well they are going to be enforced [wikipedia.org].
There are a lot of bureaucrats in both countries with deep pockets. And both of these countries are ranked pretty far up there in terms of the Corruption Perception Index. At least compared to North America and Europe. Which is why American and Canadian companies probably like doing business over there; and why European companies probably wish they could. At least North America and Europe will now be playing on the same level now... once they pay their bribes.
What the public does not know (Score:2)
I'll bet the public does not know about 90% of the security disasters that have already been caused by offshoring IT. Even the huge disasters that have been disclosed get very little attention in the pop-media.
Re: (Score:2)
"We want the same laws here in Europe. No selling of Information to third parties, no lending etc without proper authorization."
Are you an Anonymous coward or an Ignorant coward?
Those are exactly the kind of laws we have here in Europe since 1995.
When data collection is illegal... (Score:3)
...only outlaws will have your data? :-)
An alternative David Brin-like transparent society suggestion to make data mining go both ways:
"The need for FOSS intelligence tools for sensemaking etc. "
http://pcast.ideascale.com/a/dtd/76207-8319 [ideascale.com]
That said, I'm not against privacy laws... But I can wonder what the unintended consequences may be.
For example, is HIPAA really helping make medicine better? Example:
http://crazymer1.wordpress.com/2010/01/10/hipaa-laws-unintended-consequences/ [wordpress.com]
"Anyone whose loved one suffers from severe mental illness has most likely run smack dab into the HIPAA laws when they try to help their loved one. The way they stand right now, HIPAA Laws (Health Insurance Portability and Accountability Act of 1996) are a hindrance rather than a help for the severely mentally ill population."
Sometimes trying to regulate into law what should be the product of a health life-affirming culture is not a great idea in the end. Our culture has lots of problems, including with respect for privacy, but it is not clear that laws are the best way to solve these problems.
A big part of these problems, for example, relate to economic uncertainty if you are seen in a bad light. With something like a "basic income", privacy issues at least in some areas might not be as important. So there may be other more fundamental ways to address some of these issues. related:
http://basicincome.iovialis.org/e00.html [iovialis.org]
Another big issue is simply a broad imbalance of economic power, which might be addressed in part to a return to a 92% progressive tax rate, as the USA had a few decades ago in its boom years. Or, perhaps more corporate charter revocations when corporations do not put the public interest first, as used to be routine a century or two ago?
More on 21st century enlightenment, from the RSA:
http://www.youtube.com/watch?v=AC7ANGMy0yo [youtube.com]
This is excellent news! (Score:1)
This is excellent stuff! I'm especially impressed with India.
I really don't understand that this can be reported as "paperwork-generating mess". What nonsense.
Just wait till our bureaucracy inteprets these.... (Score:1)