With the massive amounts of private data loss experienced in 2005 by several data aggregators and resellers of data, resulting in an ever increasing case of identity theft, Congress took notice and began mandating better protection for consumers.
Outsourcing development does not change the legal obligations in protecting private user data; rather it creates strong legal responsibilities. Recent laws enacted actually place a burden on those who outsource to ensure their contractors protect private information. Some of these relatively new privacy laws include the following requirements:
· Notice: Companies must provide policies describing how customers’ information is collected and used.
· Choice: Customers must be able to "opt-out" or must affirmatively "opt-in" to information collection practices.
· Access: Customers must be able to access to the information collected about them and be given the opportunity to change, correct or delete that information.
· Security: Information collected must be secure from unauthorized retrieval.
The laws also place stringent requirements on handlers of medical and financial information. With the continued theft in private data, expect additional issues and laws in the future. Other countries also have enacted laws and regulations for the control and dissemination of data. Global outsourcers need awareness of laws in all arenas in which they operate.
J.C. Neu and Associates protect our clients from liability issues involved in outsourcing by ensuring our clients develop and adhere to procedures designed to protect them and the private data handled on their behalf.