Offshoring privacy: when companies offshore business processes, they are putting consumers' most sensitive personal information at risk--and there's little consumers can do about it.

• Author: Swartz, Nikki
• Position: On the edge: the use & misuse of information

While Americans are concerned about offshoring taking away jobs from U.S. workers, many do not realize that there is a bigger, more insidious, problem associated with the practice.

Offshoring also poses risks to the security and privacy of consumers' personal data because when companies offshore business processes they also send their customers' most sensitive information overseas. Once sent abroad, the information is at risk because U.S. federal laws do not apply to foreign companies operating overseas. In fact, many countries that contract for offshore work with U.S. companies have far weaker security and privacy laws than the United States. For example, India has no laws to protect personal and private data. The situation is made more complex by the fact that it is extremely difficult for Americans to use foreign courts to sue foreign companies that misuse American data.

These factors leave the most sensitive details of the lives of millions of consumers vulnerable to lax security and malicious identity thieves. And the problem is growing. Consider the following examples:

* Tax returns for about 200,000 Americans were prepared in India in 2004. Indian workers processed only about 1,000 U.S. tax returns two years ago. Tax returns include Americans' names, Social Security numbers, income, employers, addresses, and other personal details.

* The American Association of Medical Transcription estimates that 10 percent of all transcription of doctors' notes is done abroad.

* An executive from Trans Union, one of the major U.S. credit agencies, told the San Francisco Chronicle that 100 percent of the company's mail regarding customer disputes is sent to India at some point,

A few recent incidents illustrate the risk that international offshoring poses to consumers. In one case, a low-paid transcriber in Pakistan working as a subcontractor to the University of California Medical Center in San Francisco threatened to post confidential patient information on the Internet unless the university coaxed her boss into paying her bills. In Noida, India, an employee working at a call center used an American's credit card information to buy electronics equipment from Sony. In some areas, a thriving black market for personal identity information exists. According to one report, stolen names, addresses, phone numbers, and bank account information--including account numbers--are sold on Indian streets for pennies.

"It's not merely that Americans' identities are vulnerable when sent abroad. The problem is that American companies obscure how much outsourcing they do, and when they are doing it," Sen. Dianne Feinstein (D-Calif.) recently told the U.S. Congress.

Few...