Skip to content

Death Knell for Outsourcing to India, China

Monday, August 8th, 2011

A new law passed in India and a new set of laws being considered in China may spell the end for many types of outsourcing to the two countries. On April 13 of this year, India issued final regulations to implement the Information Technology (Amendment) Act of 2008, dealing with the protection of personal information. These regulations will effectively eliminate the possibility in both India and China that companies can effectively collect and utilize the personal data of customers. Essentially, this means that call centers, sales centers, and support centers can no longer keep or transmit the personal data of callers to anyone. Since so many companies from the EU and US outsource business divisions to India or China specifically to deal with customers, if the outsourced companies can no longer collect or transmit digital information about said customers, the companies are thus rendered almost completely useless to their EU and US affiliates.

The already-passed regulations in India proscribe extremely strict regulations for companies dealing with personal customer information. First of all, companies must obtain written consent by letter, fax, or e-mail from each customer before they can collect data from them. The customer can choose to opt out of this at any time and withdraw their consent. Companies will also be under significant restrictions in how they can disclose this personal data to third parties. And even if they meet all the data disclosure restrictions, a company can only send the data to an organization that provides the same level of security as the Indian regulations. Finally, customers have the right to review the personal data collected about themselves and correct it. And just to be clear, these regulations apply to any personal information at all, not just to personal information of Indian nationals. This is a sudden and terribly huge headache for any EU or US company that is now using Indian firms as office processing centers. Companies that have set up working relationships with Indian firms are now most likely going to have to bring that functionality back to their home countries or risk losing or never again gaining access to their own customer data.

The regulations in China are similarly strict, but not yet approved. Companies that hold personal data in China must receive explicit consent to show the data to third parties. There are a lot of restrictions under consideration to govern the collection, processing, use, transfer, and maintenance of personal information. And for the clincher, personal data cannot be exported out of the country unless specifically allowed by law or government authorities. The same problems with the Indian regulations will pop up in China if they are approved, as it looks like they will. The regulations were put on the table in response to China’s bad international image of a country of online espionage and shoddy IT security. Another aspect of these new regulations is that companies cannot even collect personal information about their own employees without explicit consent. So companies which have outsourced their HR departments to India, or even Indian companies themselves, will have more paperwork to process the consent of their own employees just to let the company store their personal information.

China and India experts are currently warning outsourcing companies to prepare for big changes. Despite the draconian nature of the laws, they do seem to have strong backing and are not likely to change in India’s case, or are likely to be passed in some similar form in China’s case. There is just too much momentum behind these laws for businesses involved to change them. Expect to see some significant changes in the outsourcing sector in Asia soon.

While these privacy laws are very strict and pose a significant business problem, from the perspective of an individual, the laws also seem to have much merit. No longer would companies be able to share mailing lists of customers, or bother you with offers for irrelevant junk after you signed up for some service 10 years ago from another company. Also, the ability to review and correct information, or to revoke the company’s ability to even keep information about you at any time, is a huge boon for those concerned with personal privacy. Citizens of countries other than India might start looking in envy to these laws or even move to get something like them passed at home. Imagine what Facebook and Google would have to do if laws like these governed their collection of customer personal data. It seems like the citizens of China and India will soon be well-protected from the fears of a corporate invasion of privacy, while European and American citizens will still have to sit in vague unease while the great big eye in the sky of corporate scrutiny continues to stare down at them.

Login or register to tag items

Open source newspaper and magazine cms software