Exporting Trust With Data: Audited Self-Regulation As A Solution To Cross-Border Data Transfer Protection Concerns In The Offshore Outsourcing Industry
by Sunni Yuen
9 Colum. Sci. & Tech. L. Rev. 41 (2008) (Published February 19, 2008)
Personal data privacy has recently surfaced as a prominent issue in offshore outsourcing. Concern about the security of data transferred to offshore outsourcing destinations with weak or non-existent information privacy laws has enabled a new industry of trustmark providers, which offer accreditation and monitoring services to companies that seek self-regulation with respect to data privacy. However, a uniform international approach is vital to ensure that a minimal level of protection attaches to data transferred in the outsourcing business. Through its “adequacy requirement,” the European Union Data Directive has emerged as the predominant working model of a uniform standard for cross-border data transfer privacy protection. Yet a fully international adoption of the Directive has been frustrated by sovereignty concerns, differing cultural perceptions of privacy, and bargaining power disparity. This has enabled the United States to negotiate a bypass of the adequacy requirement altogether. An audited self-regulatory trustmark industry would be a more effective approach that preserves the United States’ sector-specific and self-regulatory system. Businesses wishing to outsource would apply and receive certification from a trustmark provider, which would guarantee that the business has undertaken contractual mechanisms and implemented internal practices to comply with the EU Data Directive standard of data protection. The trustmark providers would audit such businesses for continual compliance, and in turn be subject to regulation by a single agency under European Commission oversight.
About the Author
University of Pennsylvania Law School, J.D. Candidate 2008; B.A. 2005, Cornell University.
For proper legal citation of this document, please cite to the following URL: http://www.stlr.org/cite.cgi?volume=9&article=2. The URL that currently appears in your browser’s location toolbar is incorrect. For more information on Bluebook citation of internet sources, click here.