If you think the European Union's data privacy directives are tough, you're really not going to like what's in the pipeline from India. According to CIO.com, the comprehensive data privacy requirements the country released this spring are tougher than the EU's requirements and the Gramm-Leach-Bliley Act in the U.S. And just like the anti-spam act in Canada will impact many outside Canadian borders, these new rules in India could change the way those who outsource to India do business.
If enacted, the rules would require companies doing business in India to get written consent from customers before collecting and using personal information about them. Moreover, the rules would apply equally to Indian citizens and anyone else whose information is collected in the country, writer Stephanie Overby explained.
As yet, there are no details regarding when and how the implementation will occur if the proposed rules are enacted. As such, companies that outsource to India are in a limbo of sorts. But that doesn't mean they should sit around twiddling their thumbs.
The best course of action is to prepare for what's coming. Besides using this time to get permission from those whose information might need collecting later, Overby suggests seven different steps.
The top two: Review your current data-retention practices to determine what is being collected and/or stored in India. And put together a response team that will be ready to move as soon as the implementation schedule and requirements are clear. That team should consist of the CIO, legal and outsourcing governance specialists, at least.