Pages

Friday, October 06, 2006

Privacy concerns hot up about international outsourcing

To-day's Daily Telegraph "Criminal threat sending ID overseas" says that 91% of Australians believe their personal information should only be stored overseas with their express permission. The article follows other reports in the last week that Qantas and St. George Bank are in the process of moving jobs off shore. It refers to a (UK)Channel 4 TV program aired overnight that alleges that British bank customer details in India sell for as little as $12.

India's National Association of Software and Service Companies has asked for the details of the allegations and supporting documentation, claiming that sting operations such as the one conducted by Channel 4 have goaded people into committing crimes that otherwise may not have been committed.

Indian service companies have been struggling to respond to allegations about lax privacy security practices (see our earlier blog). The National Association announced in May plans for a new self regulatory body to raise security and safety standards across the IT industry.

It's hard to judge whose standards work to safeguard data, but the call for more disclosure when data is to be transferred offshore seems reasonable.

The Federal Privacy Act limitation that applies to private sector organisations passing personal information outside Australia is not particularly onerous - a "reasonable belief " that the data will be subject to substantially similar principles that it would receive if it remained in Australia.

Strangely, the Federal Privacy Act provisions relating to public sector agencies contains no specific limitations on cross border data flows, and the NSW Privacy and Personal Information Protection Act limitation on NSW Government agencies has not commenced (6 years after the Act itself came into force) because the Privacy Commissioner is still to issue a code of practice relating to such transfers. Who knows what goes in these areas?

The Victorian Privacy Information Act has a substantially similar provision as the Commonwealth's private sector requirement, and the Privacy Commissioner there has published useful guidelines for Victorian Government agencies - Model Terms for Transborder Data Flows of Personal Information

The Australian Law Reform Commission is scheduled to publish on Monday an issues paper in connection with its review of privacy laws - it will be interesting to see what it has to say on this and other current privacy concerns.

Thanks to PogoWasRight for the lead on the Indian IT industry.

No comments:

Post a Comment