Offshore IT Outsourcing and the 8th Data Protection Principle - legal and regulatory requirements - with reference to Financial Services
نویسنده
چکیده
In the global sourcing world, particularly in financial services, offshore outsourcing and associated data transfers are commonplace and increasing, searching out lower cost third countries, which may have even fewer data protections. In such an environment, the1998 Data Protection Act’s 8 Principle and associated 7 Principle security provisions become critical protections for UK data subjects. Yet the few statistics that exist indicate that unrestricted transfers appear to occur from several EEA countries. Further criticisms are that the UK 1998 Act does not fully align with the EEA Directive, the Schedule 4 exceptions are overly wide, the country assessment process can be ignored with the Information Commissioner’s ‘blessing’ and his powers and resources are limited. Financial Services may be a contrasting exception, where the industry regulator, the FSA, ‘incidentally’ enforces many of the data protection requirements of overseas data transfers, has significant direct enforcement * Roger Baker BA, FBCS, ACIB, LLM (Strathclyde) is a senior consultant with ItemPlus Consulting, specialising in IT regulation in Financial Services. A former advisor to House of Commons Select Committee on Science & Technology, he is the founder of the British Computer Society’s Financial Services Specialist Group, and contributor to the Society’s publications on Offshore Outsourcing, e-Commerce, the Euro & Year 2000. OFFSHORE IT OUTSOURCING 2 powers and a model ADR approach through the Financial Ombudsman. Although the UK banking law and regulation meets many privacy requirements, it falls short of the full data protection requirements, clearly illustrating the value that data protection legislation brings. The alternative self regulatory approach exemplified by the US Safe Harbor illustrates the weaknesses of pure self regulation, recognized by the US financial services which are moving towards centralized data privacy supervision with the Gramm-Leach-Bliley Act, reinforcing the worldwide trend towards a more EEA-style supervised personal data protection world. In short, seven years after the 1998 Act was passed, we are ready for an appropriate mid-course correction, with the 8th Principle (& 7 Principle) needed more than ever in the growing outsourced world.
منابع مشابه
نظام حقوقی اداری و مالی نهاد کتابخانههای عمومی کشور
Purpose: The purpose of this article is to identify the legal characteristics related to administrative and financial affairs of the public libraries foundation. It tries to study the contradictions and weaknesses of these affairs, to present a legal analysis for resolving the contradictions, and to make the corresponding law system transparent in order to embody the concept of ‘ideal office’. ...
متن کاملPharmacovigilance in India, Uganda and South Africa with Reference to WHO’s Minimum Requirements
Background Pharmacovigilance (PV) data are crucial for ensuring safety and effectiveness of medicines after drugs have been granted marketing approval. This paper describes the PV systems of India, Uganda and South Africa based on literature and Key Informant (KI) interviews and compares them with the World Health Organization’s (WHO’s) minimum PV requirements for a Functional National PV Syste...
متن کاملThe Golden Principle of Ethics and Legal Prevention of Illegal Use of Databases
Background: Collecting data in the form of databases is one of the new methods that has been growing with the advancement of information technology. The use of databases in management and policy-making has created challenges in areas such as privacy breaches and compliance with accepted ethical norms. The increasing use of databases in public and private organizations in Iran has introduced new...
متن کاملDesigning an Outsourcing Model for the Executive Organs of Mazandaran Province (Case Study of Health Networks of Mazandaran Province)
Background and Aim: Today, with the growth of government services and the increase in the workload of organizations due to population growth and increasing the number of citizens receiving services and the lack of government resources in providing manpower as well as the purchase of facilities and machinery The need has led executives to outsource services. Outsourcing is usually used as a way ...
متن کاملThe Effect of Regulatory Policy on Efficiency under Prudential Framework among Listed Iranian Banks
This study examines the effect of regulatory policy on efficiency under prudential framework among banks listed in the Iranian Securities and Exchange Organization over the period 2003 to 2015. Arellano-Bond estimation method has been patronized to investigate the effect of regulatory policies on efficiency. Results indicate that regulatory policy indicator indexing reserve requirement on inves...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Law and Information Technology
دوره 14 شماره
صفحات -
تاریخ انتشار 2006