NWU Offshoring Justice Campaign For Fairness and Accountability in Government Policy

Privacy Protections for Americans: Stop the Offshoring of Personal Data

Download a one-page flyer

As if identity theft were not a big enough problem already (1), financial and medical institutions have been processing personal data in foreign countries where there are virtually no protections of individual privacy. Most Americans are unaware of the extent to which the processing of their personal data has been outsourced to firms in foreign countries.

Seeking to benefit from low-wage labor, banks, credit card companies, mortgage institutions, hospitals, insurance companies, and a host of other data-intensive enterprises are moving their data processing to foreign countries that lack laws to safeguard the privacy of personal data.

A survey by Deloitte Research found that from 2003 to 2004 major financial institutions increased offshore jobs by 400 percent:

"The report forecasts that by 2010, the world's 100 largest financial institutions will move $400 billion of their cost base offshore, saving an average of just under $1.5 billion annually each. The survey also forecasts that by 2010 more than 20 percent of the financial industry's global cost base will have gone offshore." (2)

The survey also found that 80 percent of financial services offshoring is going to India.

What Data is Being Processed Offshore?

It's midnight. Do you have any idea who has access to:

• your Social Security number?
• your bank account numbers and current balance information?
• your credit-report and history?
• your private medical records?
• your home mortgage data?
• your tax returns?
• your birth, passport, driving, and other records?

Most likely, your personal data are in the hands of workers half-way around the world.

On Feb. 23, 2003 the Associated Press reported that 150,000 to 200,000 tax returns will be prepared in India. Most customers do not know that their financial information is being scanned and sent electronically across a dozen or more time zones. "Ernst & Young customers must sign a document acknowledging that foreign accountants may work on their return. But most firms don't make such disclosures." (3)

"Two of the three major credit-reporting agencies in the United States are also planning to outsource operations abroad and, along with them, sensitive data about the credit histories of hundreds of millions of Americans." (4)

"If you owned a million-dollar home would you want your name, address and residential details being sent abroad for examination by foreign clerical workers? Probably not. But homeowners who refinanced their mortgages with Citigroup may indeed have had their property appraisals outsourced to India as part of efforts by the financial-services giant to cut costs and streamline its loan process."  (5)

"The $20 billion medical-transcription business handles dictation from doctors relating to all aspects of the health-care process, from routine exams to surgical procedures. Patients' full medical histories often are included in transcribed reports. While it's impossible to know for sure how much of the work is heading overseas, the American Association for Medical Transcription, an industry group, estimates that about 10 percent of all U.S. medical transcription is being done abroad." (7)

The San Francisco Chronicle reports that "Bank of America [is] telling employees on Monday that it will cut 12,500 jobs as part of its merger with FleetBoston Financial while work proceeds on creation of a new facility in the Indian city of Hyderabad. America's second-largest bank expects to begin processing customer transactions at the site by next month." Representatives from Bank of America were interviewed about privacy protections. The Indian workers are required to sign a confidentiality agreement and are given a code of ethics to read. The article concludes with: "Your name, your address, your Social Security number, your bank account number -- safeguarded by little more than a confidentiality agreement and a code of ethics. How safe do you feel?" (6)

Legal Protection of Private Information

Currently there are two federal laws that address privacy rules regarding medical and financial information. Privacy protection for medical information is addressed in the Health Insurance and Portability and Accountability Act (HIPPA) of 1996, Privacy Rule section. (8) Privacy protection for financial information is covered in Title V of the Gramm-Leach-Bliley Act. (9) Unfortunately neither HIPPA or Gramm-Leach-Bliley prevent the sending of personal information overseas. Privacy protection offered by these laws does not extend beyond the United States.

Recent court cases have determined that legal responsibility for personal information resides with the company given that information, not with vendors that might process it offshore. However, insurance companies, banks, and other large corporations continue to send information overseas without conducting information security audits.

There are a number of internationally-recognized audits meant to help ensure the privacy of personal information. These standards are regularly enforced when large financial corporation outsource within the United States but rarely enforced in overseas outsourcing. The possibility of legal action may make companies start to enforce these standards. This could raise the cost of offshoring by 12 to 15 percent.

An April 2004 report from Public Citizen's Global Trade Watch compares privacy protections of American and European consumers:

"U.S. privacy protections effectively end at our borders. In sharp contrast, European consumers are afforded considerably greater protection by a European Union (EU) law that permits personal data to be sent offshore only to countries whose privacy laws have been deemed to provide equivalent privacy protection and that have been found to have strong enforcement capabilities. Because more countries cannot meet these 'safe harbor' requirements, European jobs that involve the handling of confidential information have been offshored at a far slower rate than in the United States." (10)

The FDIC released a report (11), "Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks," in June 2004. The report lists the legal privacy foundations of countries that are the most likely choices for offshore locations. Here are a few:

• India
• China
• Philippines
• Singapore
• Malaysia

No general data protection laws exist in any of these countries.

National Writers Union Position

Given the risk posed to the privacy of U.S. citizens by the increasing offshoring of personal data, the National Writers Union supports and advocates the following positions:

• The transmission of personally identifiable information about an American citizen outside of the U.S. requires prior notice written consent of the individual.
• The transmission of personally identifiable information about American citizens outside of the U.S. should be prohibited unless Congress determines through legislative enactment that the country to which the information is being sent has a level of legal privacy protection and enforcement infrastructure that is equal to, or stronger than, that provided by current U.S. law.
• Significant fines should be levied against the offshoring firm for each overseas privacy violation and individual consumers should be provided cause of action for each violation.
• Private sector companies should be required to provide semi-annual public reporting of the offshore handling of information protected by U.S. consumer privacy laws. In addition, private sector companies that offshore professional service work that is subject to licensing and regulation in the United States should be required to make semi-annual reports about where the work is performed, actions taken to guarantee compliance with U.S. licensing, liability insurance and quality control requirements.

Where proposed legislation conforms to these positions, the National Writers Union will support it. Where legislation falls short, the union will lobby to strengthen the legislation, or propose new legislation as needed.

Download a one-page summary of this page:
>> offshoring privacy threats flyer

Related Documents:

Read an overview of high-tech and professional offshoring.

Check out frequently stated misconceptions and myths about offshoring.

Read about government support of offshoring.

Get Involved-Click Here!!

Footnotes

1. During 2002-2003, 10 million Americans became victims of identity theft. The loss to all victims was $5 billion, the loss to businesses and financial institutions was $47.6 billion, and the time spent by all victims resolving identity-theft problems was estimated to be 297 million hours. Source: Federal Trade Commission, Identity Theft Survey Report, Sept. 2003
   http://www.ftc.gov/os/2003/09/synovatereport.pdf
2. Amy Wu. "Looking Offshore," San Francisco Chronicle, July 6, 2004.
   http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/07/06/BUG297EQKJ1.DTL
3. Rachel Konard. "Foreign Accounts Do U.S. Tax Returns." USA Today, Feb. 23, 2004
   http://www.usatoday.com/money/perfi/taxes/2004-02-23-overseas-outsourcing_x.htm
4. Jay Fitzgerald, "Known Around the World; Private Records May be at Risk," Boston Herald, Nov. 30, 2003.
5. David Lazarus. "Appraisals Being Sent Abroad," San Francisco Chronicle, Feb. 6, 2004
   http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/02/06/BUGMD4Q9TR1.DTL
6. David Lazarus. "Slipping Out of Our Grasp," San Francisco Chronicle, April 9, 2004
   http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/04/09/BUGOI62GAI1.DTL
7. David Lazarus. "A Tough Lesson on Medical Privacy," San Francisco Chronicle, Oct. 22, 2003.
   http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/10/22/MNGCO2FN8G1.DTL
8. Pub. L. 104-191, 42 U.S.C. §§ 1320d et seq.
9. Pub. L. 106-102, tit. V, 113 Stat. 1338, 1436. 15 U.S.C. §§ 6801-6809.
10. Public Citizen's Global Trade Watch. Addressing the Regulatory Vacuum: Policy Considerations Regarding Public and Private Sector Service Job Offshoring. Public Citizen: Washington, D.C., April 2004, p. 10.
    http://www.citizen.org/documents/OffshoringReport.pdf
11. Federal Deposit Insurance Corporation, "Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks," June 2004.
    http://www.fdic.gov/regulations/examinations/offshore/index.html

• home
• nwu offshoring campaign
  • overview
  • high-tech offshoring
  • frequent misconceptions
  • government offshoring
  • privacy threat
  • actions and updates
• get involved!
• news and info
• global opposition

• Quicklinks
  • Sign the Petition
  • Frequently Stated Misconceptions
  • NWU Website Home
  • Join/Renew NWU
• contact us
• recent news