BPO's New Privacy Laws:BPO Firms in India & China Face Challenges From New Privacy Laws

China and India are two destinations for external business processes. Recent developments in the legal and regulatory environment in both countries could make it difficult for BPO companies to operate, particularly those related to sensitive data such as contact details and personal information.
Draft Privacy Regulations require the explicit consent China Source

Privacy and intellectual property are highly valued concepts in the west, but it might not be the case elsewhere. Consider the reputation of China for reverse engineering devices (including cars) And get away with mass production of cheap imitations. This has gone so far that the Chinese are sometimes accused of espionage.

To help improve the business environment, lawmakers have been moving to the laws that better protect intellectual property and privacy. Chinese lawmakers plan to address this with the introduction of new data security standards that try to enforce stricter controls on how to manage personal data, namely:

* The organizations that handle personal data are obliged to keep confidential, and will require the owner's consent before data is shared or transferred to another party.
* Specific restrictions apply to the collection, processing, use, transfer and maintenance of personal information.
* These principles apply to personal data on computer networks, not just the data on digital storage media or on paper.
* Personal information can not be exported unless you receive specific permission of the authorities or by law.

But given the stringent requirements, the question here is whether the proposed rules might actually end up damaging the thriving outsourcing industry based on foreign contracts for survival. These proposed regulations are actually more stringent than U.S. and their EU counterparts. For example, while U.S. companies Is expected to protect personal information regardless of physical location of data, the draft regulations of China prohibit companies transfer data across borders in full without the express consent.
India: Final Privacy Regulation in place

While China's privacy regulation is still in draft form, legislators in India have adopted strict standards of privacy country, requiring several layers of approval and consent before the data can be processed in any useful and meaningful. Here are the provisions, quoted by Morrison & Foerster (PDF)

* Consent - An organization requires the written consent of each source of sensitive personal data before harvest. Not be collected unless for legitimate purposes, and a necessary function for the organization to carry out their duties.
* Right to opt out - Participants may choose at a later time, which means they have essentially withdrawn its consent.
* Disclosures of third parties - Disclosure of personal information to third parties requires the prior consent, unless required to comply with legal obligations. Also, sensitive personal data may not be published, and third parties are prohibited from disclosing further details.
* Transfer of information - Sensitive personal data may be transferred to another organization that guarantees the same level of protection of data only if necessary for the execution of the contract between the organization and information source.

In essence, these two regulatory measures mean BPO providers in China and India may have to make an extra effort (and expense) to ensure they obtain the necessary consents in place before they can even begin to accept and process data. As such, this could be a challenge for organizations that employ teams of China and India for its back-office work, which may include human resources, accounting, document management and the like.

It is a balance between security and ease of access, in which case a balance is the best way to ensure an adequate level of privacy, but not be restrictive enough to adversely affect the viability of doing business in these countries.
Read more here

Post a Comment

0 Comments