OUTSOURCING LAW

Insights on Effective Outsourcing from Bierce & Kenerson, P.C.

Home About Us Selecting Your Attorney Sponsors Careers Register Survey Contact Us Store Contribute an Article
 

Subscribe to Our
Newsletter:
Please Enter your
E-mail:  

Text  HTML
AOL

Search Site:  



EVENTS
 Seminars & Conferences

OUTSOURCED MANAGED
SERVICES
 Call Centers
Service Level Management
Human Resources
Engineering
Debt/Tax Collection
Information Technology (IT)

WHITE PAPERS
Business Process Transformation:
Legal and Business Issues in Business Renewal and Sourcing Strategy

 COMMUNITIES
Customer's Environment
Service Provider's Environment
Consultant's Role
Lawyer's Role

BUSINESS TOPICS
 What is Outsourcing?
Why Should We Outsource?
When Not to Outsource
Definitions / Glossary
F.A.Q.S.
 Economics
Basic Principles
Getting Started (New Service Providers)
Getting Started (Enterprise Customers)
Types of Outsourced Processes
Decision-making Process
Life Cycles / Phases
Deal Structures
Pricing
Best Practices
Failed Deals
Advanced Strategies
Trends
Venture Capitalists and Outsourcing
Business and Legal Factors
 Unique Circumstances; Deal Timing
Viability

 LEGAL TOPICS
Risk Management
Battle of Forms
Intellectual Property
Privacy Law
Human Resources
Taxation
 Legislation
Compliance
Disputes
Litigation
Bankruptcy
International
Corporate Governance and Sarbanes-Oxley Act

 RESOURCES
 Humor in Outsourcing
Articles
Experts
Links
Newsletter
Case Studies
Press Room
SITE TOOLS
 Search
Translate
Contact Us

SITE RULES
 Privacy Policy
Terms of Access and Use
Client's Bill of Rights
Client's Confidential
Communications

 

Privacy Laws affecting Outsourcing:
2005 Legislative Agenda and Regulatory Guidance
as of March 25, 2005

© 2005 William B. Bierce. All rights reserved.

   Pending Policy Choices.  In February and March 2005, some major data aggregators/resellers, including ChoicePoint Inc. and LexisNexis, allegedly suffered massive fraudulent intrusions into data bases that contained personally identifiable information including the Social Security numbers of thousands of people.   In mid-March 2005, congressional hearings on identity theft focused attention on various possible solutions, including:

  • requiring data brokers and other information custodians to notify individuals at risk following a data theft;

  • regulation of data brokers (and other records custodians) by the Federal Trade Commission;

  • criminalization of unauthorized data gathering, called "phishing," and abuses of the data gathered;

  • mandatory obtaining of the consent of individuals before installation of adware or spyware;

  • mandatory accreditation and qualification of persons seeking to obtain access to personally identifiable information;

  • mandatory truncation and masking procedures to prevent unauthorized use of Social Security Numbers and Driver's License Numbers;

  • unauthorized offering of goods or services via the Internet based on the use of unauthorized means of collecting personally identifiable information, such as "phishing" scams, unauthorized adware or clandestine spyware.

    Affected Outsourcers.  From the standpoint of outsourcing, service providers should be sensitive to these emerging issues.

  • marketers who support the abusive marketing of confidential information;

  • data aggregators and resellers;

  • recipients of personally identifiable information (that is, virtually all IT-enabled outsourcing service providers).

    This page highlights some important pending legislation on privacy.  Since privacy laws can have the effect of preventing outsourcing, we are offering this selection of information to assist in planning.  Some of these bills are addressed to specific types of outsourcers, such as call centers, information brokers and internet service providers.  Others apply to virtually any person who collects, processes or transmits data.

    Financial Services and Affected Outsourcers.  As of March 23, 2005, Federal bank regulators have adopted a new rule for notification of customers whose data have been exposed and are at risk.  See Federal Bank Regulatory Guidance on Notifications to Customers and Regulators following Breach of Security. 

    Consumer Information.  For information available to consumers, see the Federal Trade Commission's web page,  http://www.consumer.gov/idtheft/index.html

    Existing Privacy Laws Affecting Outsourcing.  Existing laws governing privacy are not listed below.  For further information, see Privacy Laws - General, which has additional links.

    Evolution and Application.  For the interpretation and application any new legislation, the evolution of this legislation, and the lobbying involved in pushing for or against it, please contact wbierce@outsourcing-law.com or call us at 212 840 0080. 

_______________________________________________________________________

Privacy Act of 2005, S 116 (Sen. Feinstein), would  prohibit of the display, sale, or purchase of social security numbers and other personally identifiable information, subject to a safe harbor, without the individual's consent. Read more.

Information Protection and Security Act, H.R. 1080 and S. 500, would require the Federal Trade Commission to regulate all "information brokers."   The definition of "information broker" is so broad that virtually any business that maintains or processes personally identifiable data will be subject to the regulations. Read more.

Identity Theft Prevention Act of 2005, H.R. 220, would prohibit the Federal government from mandating the use of a Social Security Number or any other identifying number, except for anti-terrorist or law enforcement purposes.   It would create a new property right for individuals: "the social security account number issued under this subsection to any individual shall be the exclusive property of such individual."  Amending Section 205(c)(2)(C)(ii)(I) of the Social Security Act, (42 U.S.C. 405(c)(2)(C)(ii)(I). Read more.

Online Privacy Protection Act of 2005, HR 84, would make it unlawful for an operator of a Web site or online service to collect, use or disclose personal information in a manner that violates the regulations, subject to disclosures in good faith pursuant to safe harbor regulations to be issued by the Federal Trade Commission. Read more.

Consumer Privacy Protection Act of 2005, HR 1263, Rep. Stearns,  would establish certain rules on privacy notices to consumers, including privacy policy statements.  Consumers would have the opportunity to limit sale or disclosure of information and to limit other information practices.  Data custodians would have certain statutory information security obligations.   For compliance, there would be self-regulatory programs and other enforcement, but no private right of action. Read more.

Anti-phishing Act of 2005, S 472, would establish a federal crime of "internet fraud" for using someone else's website address, website or domain name to induce, request, ask, or solicit any person to transmit, submit, or provide any means of identification to another person. Read more.

Social Security Number Protection Act of 2005, HR 1078, would establish new Federal Trade Commission regulations for information brokers.   Individuals would have the right to obtain disclosure of all personally identifiable information pertaining to the individual held by an information broker, and to be informed of the identity of each entity that procured any personally identifiable information from the broker. Read more.

Wireless 411 Privacy Act, HR 1139, would affect customer relationship management ("CRM") and call centers by requiring wireless telecommunications carriers to make available a "do not contact my wireless device" (hand-held telephone) rule. Read more.

 

Home SEARCH TRANSLATE REGISTER PRIVACY POLICY TERMS OF ACCESS AND USE Contact Us
Copyright 2001-2007 by Outsourcing Law Global  LLC. All rights reserved.  Attorney Advertising