By Andy McCue, 22 March 2004 17:35
NEWS Consumers opposed to the current wave of IT and call centre jobs being transferred overseas have started lobbying the UK's data protection watchdog, asking it to stop firms from transferring their personal data abroad.
Much of the opposition to offshoring has come from the unions concerned at jobs being lost because of cheaper overseas labour, but it seems some consumers are now taking matters into their own hands.
Iain Bourne, senior policy development and quality manager at the Information Commission (IC), told silicon.com that most people either aren't bothered or aren't aware that their data may be processed thousands of miles away, but that other people are trying to turn it into a political issue.
"We don't actually receive many complaints about this at all. It suggests that organisations transferring data overseas already are making sure it is properly protected," he said. "But we have had some letters from people complaining about British data being processed overseas in places like India and asking us to stop it."
Bourne said the IC is aware of some large UK firms running parallel processing facilities with some data held back in the UK as a result of protests from customers.
The revelation supports the assertion by analyst house Gartner last week that 2004 will see a short-term increase in the backlash against companies moving operations to low-cost overseas bases such as India over concerns at domestic job losses.
Concerns over the security of data processed in developing countries have been raised before because data protection laws are often not as strict as they are in the UK. The Indian government is, however, reported to be looking at introducing its own version of the EU-US 'safe harbour' agreement to guarantee the protection of overseas data processed on the subcontinent.
In the meantime, the IC's advice to firms transferring data abroad to be processed is simple. "They should make sure that information sent overseas is as well protected as if it stayed in the UK," said Bourne. "If not it should stay in the UK. Companies should also do a proper audit of where the data goes and who is processing it. They will probably be surprised at the results."
Comments
There are 5 comments. Join the discussion
1. Nick Ford
It won't be a short-term backlash as gartner see it. It will be a complete revolt by consumers many of whom have not been told their information is offshore. It's not they can't be bothered it's that they don't know just as I don't know if my bank has taken my information off-shore!!!?
2. anonymous
What is our redress if this data is mishandled overseas? I would suggest that you write to your bank, telecoms company etc (all of whom probably have your debit/credit card information on the files) and re-assure them that wherever they process the data, it will be the UK companies that will be sued in the UK court. The subcontinent courts tend to take a long time, and from personal experience in some countries do not recognise copywrite or confidentiality at all.
3. anonymous
Does the information commissioner have teeth then ? - We will soon find out (or not). This is something that the IT community should really push hard on as most of us have gone through the pain of ensuring compliance where some seem to ignore the law for financial gain. Thought then - I wonder if this would be better handled by financial auditors for year end external audits - would look bad on the books as a reserve against possibe future claims !!!
**********
DPA - Principle 8 Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
******
Data should not be sent to countries outside the EEA which do not have an adequate level of Data protection, unless the individual consents. The EEA includes all European Union states together with Iceland, Liechtenstein and Norway.
******
Well, I haven't seen evidence of anyone moveing call centres overseas contacting their entire customer base and seeking 'express permission' in writing from each individual to allow processing of their information overseas - Probably operating in breach of DPA1998 then.
Comments anyone ? - Over to you
Steve
4. Geoffrey Darnton
Political issue? I would like to be able to accuse silicon.com of completely misunderstanding the issue, and of course it is not a political issue, it is legal. However, you are probably right - I suspect it is being treated as a political issue by the IC's office when it is really a legal issue. The Data Protection Act (and underlying European Directive) essentially prohibit the transfer of personal data to anywhere that does not have the same stringent standards. Your readers who have the energy, should apply for a DPA s42 assessment that the DPA is being broken whenever they find personal data processed offshore outside the EU - then battle the IC's office to treat such applications seriously!
5. Dennis Golding
I totally agree with the sentiments. In a situation where I call orange to credit my wife's phone with money on my credit card and be told that I 'cannot do that unless I'm the phone owner - the data protection act prevents it', it seems absurd that personal data can be transferred to a foreign country with no thought at all for the data protection act - INDIA IS NOT BOUND BY IT!!