Finally!
an EDM in INDIA! Though Submerge has been around for a while, its been 2 years since Submerge has picked up in terms of members, events, gigs & some international exposure.
Nikhil & DJ Pearl along with a bunch of others materialised this idea & now SUBMERGE is the leading EDM in India with Axwell, John O'Fleming, Digweed, Richard Durand, Sander Van Doorn, Copyright etc etc.
Check out http://www.submerge.in/
Tuesday, September 30, 2008
Monday, September 29, 2008
How safe is your data abroad!
Outsourcing arrangements often involve cross-border transfers of indeterminately large proportions of a client's proprietary and confidential information assets. An increasing number of companies from developing countries is contracting with financial institutions, hospitals, and insurance companies to do their back office jobs. In most cases these companies deal with sensitive information, such as financial data, medical data, payroll and benefits information, social security numbers and purchasing histories. Virtually any outsourced business process may involve privacy violations arising from mistakes or negligence. In light of these developments, this paper examines the "other side" of outsourcing and identifies its paradoxical and adverse effects. Further based on a thorough analysis of privacy law the paper also determine the risk to privacy and data security posed by the 'offshore outsourcing' and strategies employed by institutions and regulators to identify, measure, monitor, and control the risk to personal data. KEYWORDS: outsoursing, data protection, safe harbor, privacy, data security
1. Introduction Liberalization of trade and the rising globalization of the provision of goods and services among the community of nations have brought about tremendous economic changes and much controversy. In recent decades advocates of free trade have achieved considerable victories and vindicated many of their centuries-old theories. However, despite the setbacks for economic protectionists, their populist appeal serves as a potent voice in the battles still being fought. The latest battle being waged is over the importation of services from foreign countries, also referred to as 'offshore outsourcing'. Outsourcing is defined as the strategic use of outside resources to perform activities traditionally handled by internal staff and resources. It is a strategy by which an organization contracts out, usually on a long-term basis, non-core business functions to specialized service providers, which allows the organisation to refocus their scarce finance and technology resources on creative and value-added services such as business strategy and execution, pricing, business interpretation and planning. 'Offshore outsourcing' is the practice of hiring an external enterprise (service provider) to perform business functions in a country other than the country where the customer is located. This can be contrasted with 'offshoring', in which the functions are typically performed by a foreign division or subsidiary of the parent company. The business practice of 'offshore outsourcing' has created a flurry of controversy in the recent months, the media and politicians frequently characterizing it in terms of countries like India stealing UK's and US's jobs. Much of this debate is understandably emotional, because involvement of the human element associated with it. As US Government Accountability Office (GAO) paper states: offshoring causes controversy because some jobs are lost immediately and visibly, while other potential impacts such as lower costs, job creation in other sectors, and economic growth are less visible, more diffuse, and typically delayed. (1) No authoritative official statistical number exists on the extent of offshoring and offshore outsourcing in Europe, and no coordinated official attempt, national or EU-level, to gauge it has been made. It is important to grasp that the very dearth of such solid statistical quantification of offshoring and offshore outsourcing in Europe will inevitably fuel the widespread public anxiety about the issue. (2) However the effects of outsourcing go beyond the unemployed worker and could affect consumers. Outsourcing arrangements often involve cross-border transfers of indeterminately large proportions of a client's proprietary and confidential information assets. Increasingly, companies with facilities overseas are contracting with hospitals, accounting firms and insurance companies. The services these outsourcers provide include tax preparation, processing of insurance and medical claims and transcribing dictation from doctors relating to all areas of the health-care process, from patient visits to surgical procedures. In most cases, this information includes sensitive information, such as financial data, medical data, payroll and benefits information, social security numbers and purchasing histories. (3) Virtually any outsourced business process may involve privacy violations arising from mistakes or negligence in the receipt, custody, processing, storage, access, encryption and transmission of confidential records of individuals in a class could form the basis of a mass tort. Information security is an area which often neglected in offshore outsourcing. After all, most experts agree that security in protecting data is only as strong as the weakest link. The weakest point in the chain could be anything from a human problem, to a data problem, to an encryption problem, to a policy problem, to a customer service problem. Information security aims at ensuring the integrity and privacy of data owned the companies. One crucial component of the trust framework is privacy protection--the provision of assurances by means of law, technology design, and industry practice that personal information will be collected, exchanged and used fairly. In light of these developments, the purpose of this paper is to gauge the risk to privacy and data security posed by the 'offshore outsourcing' of those functions that require customer data, focusing on: * The risks associated with 'offshore outsourcing' * Strategies employed by institutions and regulators to identify, measure, monitor, and control the risk to personal data.
2. Privacy and Data Security Life was good for John Varghese. The 31-year-old Pune (India) resident had just returned from a holiday in Bangkok. Elsewhere, among his circle of young friends mostly BPO employees in their 20s --newly-acquired cars, fancy mobile handsets and jewellery were being flaunted. The present was great, the future bright. Then suddenly, the police swooped and the world woke up to India's first major e-banking fraud (4) Privacy is generally conceptualized as a right (5) and is among the most potent normative concepts of the modern age. The illustrated incidence suggests one of the greatest fears about offshore outsourcing concerns the protection of privacy. In the digital age the concept of privacy is personal data where in the individuals claim that their personal information shall not be made available to individuals or organizations without their consent and if such information is made available the person whose information is made available shall have substantial control over it. (6) In the digital age basic civil liberties, such as privacy and due process, are being eroded through the automation and integration of small, discrete databases, each of which, when taken alone, seem innocent, justifiable and even beneficial. But as personal information is interconnected and networked through sophisticated computer applications, virtual data dossiers are being created and sold without notice or consent. This may harm a person's employability, insurability and good reputation. The most obvious risks revolve around the access, storage and transfer of data (7). The privacy of individuals is under increasing pressure, mainly for two reasons. Firstly, increasing amounts of personal information is collected or produced. Much of this information is collected unnecessarily, but its very existence makes it tempting to misuse for purposes. Secondly, it is excessively difficult for individuals to carry out the control over their own privacy that (European) privacy legislation entitles them. This is mainly because it is very difficult to take hold of which types of systems actually store personal information and what types of information is stored, and because information systems of today usually provide little support for this type of individual control. As economic activity becomes increasingly reliant upon commoditized information, it is important that we question the ethics of privacy and rights to data collection that already exist and will continue to develop. However, over the past few years, the norms governing personal data interactions between consumers and companies have changed dramatically. There is an increasing moral sensitivity regarding the commercial collection and use of personal data (8). The social meaning of personal data collection has changed from a morally neutral to a morally charged status9. Increasingly, a consumer is entitled to control his/her personal data is recognized. These issues are also connected to the larger and also the most overlooked question whether or not a person needs to give consent or need to be informed before their information is outsourced to a third company in a third country. Although under certain legislations companies are required to notify customers of any database breach that may have compromised their personal data, as soon as the breach is discovered. However with overseas vendors, it becomes a lot more difficult to know whether, and exactly when, a material breach may have occurred. In our opinion where breaches of privacy or security do occur, they may often be attributed, at least in part, to organisational or procedural failures. The major deficiency in corporate governance is inevitable compromise of security and privacy. There are two aspects to the privacy arrangements required if organisations are to ensure adequate protection of the personal information that they hold. One concerns the range of security measures surrounding the handling of that information. The second concerns the mechanisms through which a culture of privacy awareness is developed, and which encourages the implementation and enforcement of the relevant security measures. The major challenge to privacy under any offshore outsourcing initiative is to ensure that the outsourcing relationship is adequately managed. It is however possible to discuss privacy issues in the terminology of risk and risk assessment, concepts which are perhaps, more familiar in a business environment. (10) Essentially, with respect to privacy, this is an exercise in 'risk management'. We have identified some of the risks posed to privacy by offshore outsourcing. These include inadequate monitoring procedures, the commercial disincentive to protect privacy, and the failure of contracting agencies to conduct adequate risk assessment. In technical sense data protection measures may be considered as risk management devices, which need to balance the risk to the individual from unnecessary invasion of privacy with the measures necessary to control that risk. However before turning to the discussion of these issues, the next section considers the procedures that should be in place to identify the risks in the first instance.
3. Risk Assessment: Outsourcing as Operational Risk Risk is inherent and inevitable in the conduct of business, and necessarily so. Paranoia and public information are the antitheses of privacy and security, as we naturally strive to eliminate risk.
Source/Publication: Global Jurist Topics
1. Introduction Liberalization of trade and the rising globalization of the provision of goods and services among the community of nations have brought about tremendous economic changes and much controversy. In recent decades advocates of free trade have achieved considerable victories and vindicated many of their centuries-old theories. However, despite the setbacks for economic protectionists, their populist appeal serves as a potent voice in the battles still being fought. The latest battle being waged is over the importation of services from foreign countries, also referred to as 'offshore outsourcing'. Outsourcing is defined as the strategic use of outside resources to perform activities traditionally handled by internal staff and resources. It is a strategy by which an organization contracts out, usually on a long-term basis, non-core business functions to specialized service providers, which allows the organisation to refocus their scarce finance and technology resources on creative and value-added services such as business strategy and execution, pricing, business interpretation and planning. 'Offshore outsourcing' is the practice of hiring an external enterprise (service provider) to perform business functions in a country other than the country where the customer is located. This can be contrasted with 'offshoring', in which the functions are typically performed by a foreign division or subsidiary of the parent company. The business practice of 'offshore outsourcing' has created a flurry of controversy in the recent months, the media and politicians frequently characterizing it in terms of countries like India stealing UK's and US's jobs. Much of this debate is understandably emotional, because involvement of the human element associated with it. As US Government Accountability Office (GAO) paper states: offshoring causes controversy because some jobs are lost immediately and visibly, while other potential impacts such as lower costs, job creation in other sectors, and economic growth are less visible, more diffuse, and typically delayed. (1) No authoritative official statistical number exists on the extent of offshoring and offshore outsourcing in Europe, and no coordinated official attempt, national or EU-level, to gauge it has been made. It is important to grasp that the very dearth of such solid statistical quantification of offshoring and offshore outsourcing in Europe will inevitably fuel the widespread public anxiety about the issue. (2) However the effects of outsourcing go beyond the unemployed worker and could affect consumers. Outsourcing arrangements often involve cross-border transfers of indeterminately large proportions of a client's proprietary and confidential information assets. Increasingly, companies with facilities overseas are contracting with hospitals, accounting firms and insurance companies. The services these outsourcers provide include tax preparation, processing of insurance and medical claims and transcribing dictation from doctors relating to all areas of the health-care process, from patient visits to surgical procedures. In most cases, this information includes sensitive information, such as financial data, medical data, payroll and benefits information, social security numbers and purchasing histories. (3) Virtually any outsourced business process may involve privacy violations arising from mistakes or negligence in the receipt, custody, processing, storage, access, encryption and transmission of confidential records of individuals in a class could form the basis of a mass tort. Information security is an area which often neglected in offshore outsourcing. After all, most experts agree that security in protecting data is only as strong as the weakest link. The weakest point in the chain could be anything from a human problem, to a data problem, to an encryption problem, to a policy problem, to a customer service problem. Information security aims at ensuring the integrity and privacy of data owned the companies. One crucial component of the trust framework is privacy protection--the provision of assurances by means of law, technology design, and industry practice that personal information will be collected, exchanged and used fairly. In light of these developments, the purpose of this paper is to gauge the risk to privacy and data security posed by the 'offshore outsourcing' of those functions that require customer data, focusing on: * The risks associated with 'offshore outsourcing' * Strategies employed by institutions and regulators to identify, measure, monitor, and control the risk to personal data.
2. Privacy and Data Security Life was good for John Varghese. The 31-year-old Pune (India) resident had just returned from a holiday in Bangkok. Elsewhere, among his circle of young friends mostly BPO employees in their 20s --newly-acquired cars, fancy mobile handsets and jewellery were being flaunted. The present was great, the future bright. Then suddenly, the police swooped and the world woke up to India's first major e-banking fraud (4) Privacy is generally conceptualized as a right (5) and is among the most potent normative concepts of the modern age. The illustrated incidence suggests one of the greatest fears about offshore outsourcing concerns the protection of privacy. In the digital age the concept of privacy is personal data where in the individuals claim that their personal information shall not be made available to individuals or organizations without their consent and if such information is made available the person whose information is made available shall have substantial control over it. (6) In the digital age basic civil liberties, such as privacy and due process, are being eroded through the automation and integration of small, discrete databases, each of which, when taken alone, seem innocent, justifiable and even beneficial. But as personal information is interconnected and networked through sophisticated computer applications, virtual data dossiers are being created and sold without notice or consent. This may harm a person's employability, insurability and good reputation. The most obvious risks revolve around the access, storage and transfer of data (7). The privacy of individuals is under increasing pressure, mainly for two reasons. Firstly, increasing amounts of personal information is collected or produced. Much of this information is collected unnecessarily, but its very existence makes it tempting to misuse for purposes. Secondly, it is excessively difficult for individuals to carry out the control over their own privacy that (European) privacy legislation entitles them. This is mainly because it is very difficult to take hold of which types of systems actually store personal information and what types of information is stored, and because information systems of today usually provide little support for this type of individual control. As economic activity becomes increasingly reliant upon commoditized information, it is important that we question the ethics of privacy and rights to data collection that already exist and will continue to develop. However, over the past few years, the norms governing personal data interactions between consumers and companies have changed dramatically. There is an increasing moral sensitivity regarding the commercial collection and use of personal data (8). The social meaning of personal data collection has changed from a morally neutral to a morally charged status9. Increasingly, a consumer is entitled to control his/her personal data is recognized. These issues are also connected to the larger and also the most overlooked question whether or not a person needs to give consent or need to be informed before their information is outsourced to a third company in a third country. Although under certain legislations companies are required to notify customers of any database breach that may have compromised their personal data, as soon as the breach is discovered. However with overseas vendors, it becomes a lot more difficult to know whether, and exactly when, a material breach may have occurred. In our opinion where breaches of privacy or security do occur, they may often be attributed, at least in part, to organisational or procedural failures. The major deficiency in corporate governance is inevitable compromise of security and privacy. There are two aspects to the privacy arrangements required if organisations are to ensure adequate protection of the personal information that they hold. One concerns the range of security measures surrounding the handling of that information. The second concerns the mechanisms through which a culture of privacy awareness is developed, and which encourages the implementation and enforcement of the relevant security measures. The major challenge to privacy under any offshore outsourcing initiative is to ensure that the outsourcing relationship is adequately managed. It is however possible to discuss privacy issues in the terminology of risk and risk assessment, concepts which are perhaps, more familiar in a business environment. (10) Essentially, with respect to privacy, this is an exercise in 'risk management'. We have identified some of the risks posed to privacy by offshore outsourcing. These include inadequate monitoring procedures, the commercial disincentive to protect privacy, and the failure of contracting agencies to conduct adequate risk assessment. In technical sense data protection measures may be considered as risk management devices, which need to balance the risk to the individual from unnecessary invasion of privacy with the measures necessary to control that risk. However before turning to the discussion of these issues, the next section considers the procedures that should be in place to identify the risks in the first instance.
3. Risk Assessment: Outsourcing as Operational Risk Risk is inherent and inevitable in the conduct of business, and necessarily so. Paranoia and public information are the antitheses of privacy and security, as we naturally strive to eliminate risk.
Source/Publication: Global Jurist Topics
Subscribe to:
Posts (Atom)
