Exporting Trust With Data: Audited Self-Regulation As A Solution To Cross-Border Data Transfer Protection Concerns In The Offshore Outsourcing Industry

by Sunni Yuen

9 Colum. Sci. & Tech. L. Rev. 41 (2008) (Published February 19, 2008)


Personal data privacy has recently surfaced as a prominent issue in offshore outsourcing. Concern about the security of data transferred to offshore outsourcing destinations with weak or non-existent information privacy laws has enabled a new industry of trustmark providers, which offer accreditation and monitoring services to companies that seek self-regulation with respect to data privacy. However, a uniform international approach is vital to ensure that a minimal level of protection attaches to data transferred in the outsourcing business. Through its “adequacy requirement,” the European Union Data Directive has emerged as the predominant working model of a uniform standard for cross-border data transfer privacy protection. Yet a fully international adoption of the Directive has been frustrated by sovereignty concerns, differing cultural perceptions of privacy, and bargaining power disparity. This has enabled the United States to negotiate a bypass of the adequacy requirement altogether. An audited self-regulatory trustmark industry would be a more effective approach that preserves the United States’ sector-specific and self-regulatory system. Businesses wishing to outsource would apply and receive certification from a trustmark provider, which would guarantee that the business has undertaken contractual mechanisms and implemented internal practices to comply with the EU Data Directive standard of data protection. The trustmark providers would audit such businesses for continual compliance, and in turn be subject to regulation by a single agency under European Commission oversight.

About the Author

University of Pennsylvania Law School, J.D. Candidate 2008; B.A. 2005, Cornell University.

Important Note

For proper legal citation of this document, please cite to the following URL: http://www.stlr.org/cite.cgi?volume=9&article=2. The URL that currently appears in your browser’s location toolbar is incorrect. For more information on Bluebook citation of internet sources, click here.

View in PDF

4 Replies to “Exporting Trust With Data: Audited Self-Regulation As A Solution To Cross-Border Data Transfer Protection Concerns In The Offshore Outsourcing Industry”

  1. This is a great study, thank you for sharing it. If a company decides to outsource, it is important for them to check the data transfer security of an outsource company, among all things. Identity theft can be a big problem in the BPO industry, and the only way to avoid it is by finding out beforehand the record and trustworthiness of the outsource partner you wish to hire.

  2. A superb offshore service vendor should provide post development aid. This is certainly extremely important given that they have to test out any problems when the process is running also to guideline you in controlling your project perfectly.

  3. Pingback: Privacy by Deletion: The Need for a Global Data Deletion Principle - Benjamin J. Keele - Law Librarian

Leave a Reply