Question

CASE Outsourcing specialized operational tasks has become a common practice. When outsourcing involves the transfer of personal information, issues of security and privacy are raised. Customers may consent to the collection of personal data without realizing that their information could be shared with another company located halfway around the world and subject to different disclosure and protection rules. In recognition of international privacy concerns, the Organization for Economic Co-operation and Development (OECD) created guidelines to enhance privacy protection during transborder data exchanges. Guideline 10 suggests that personal data should not be used or disclosed without the consent of the owner or authority of law. Canadian outsourcing to the United States has become even more controversial since the enactment of the USA PATRIOT Act.15 This legislation allows US lawenforcement officials to obtain personal records or information from any source in the country without the data owner knowing. As a result, there have been several Canadian challenges of personal data outsourcing to the United States. In B.C.G.E.U. v. British Columbia (Minister of Health), union members argued that the Ministry of Health was violating patients’ rights to privacy under section 7 of the Charter by outsourcing physician billing data that contained personal patient information to a private U.S. company.16 The BC Supreme Court disagreed, holding that as long as the contractual arrangement authorized under the Canada Health Act ensured that a reasonable expectation of privacy was protected, the practice was acceptable. Since then BC., Nova Scotia, and Alberta passed legislation that restricts public (not private) sector trans-border outsourcing.17 The Privacy Commissioner rejected a similar complaint against the Canadian Imperial Bank of Commerce. The bank outsourced the processing of credit card transactions to an American company. The specific confidentiality and security contained in the outsourcing agreement were approved by the Office of the Superintendent of Financial Institutions, and this satisfied the Commissioner. Both decisions turned on the specific terms of the outsourcing agreement and prior regulatory approval of the terms. When considering sending sensitive information across the border and outsourcing to American firms, businesses should: • Undertake a security analysis of the American company prior to contracting; • Inform the affected customer data owner; • Include specific confidentiality, security, and reporting provisions in the outsourcing agreement; • Seek regulatory approval of the agreement, if available; and • Regularly audit the privacy practices of the outsourcing company. Increased privacy concerns can be anticipated as the transnational public cloud computing industry replaces user owned software, desks, and laptops as the primary custodians of personal information. “By 2017, enterprise spending on cloud computing will amount to a projected $235.1 billion, triple the $78.2 billion spent in 2011. ….(in 2014) global business spending for infrastructure and services related to the cloud will reach an estimated $174.2 billion, up 20 percent from the amount spent in 2013.”

Question : Are there certain types of information that should remain within Canadian borders? If Canadian data is at greater risk of disclosure when transferred to the United States, why not ban all public and private outsourcing to the United States? Discuss.

Question : How can personal information be protected when stored on a transnational cloud server?

Answer 1

Answer
Data is the lifeblood of the modern global economy. Digital trade and cross-border data flows are expected to When Outsourcing involves the transfer of personal information, issues of security and privacy and patients’ rights to privacy under section 7 of the Charter by outsourcing physician billing data that contained personal patient information to a private U.S. company such types of information that should remain within Canadian borders.

Can not ban all public and private outsourcing to the United States Data is the lifeblood of the modern global economy. Digital trade and cross-border data flows are expected continue to grow faster than the overall rate of global trade. Businesses use data to create value, and many can only maximize that value when data can flow freely across borders, yet a growing number of countries are enacting barriers that make it more expensive and time-consuming, if not illegal, to transfer data overseas. Some nations base their decisions to erect such barriers on the mistaken rationale that it will mitigate privacy and cybersecurity concerns; others do so for purely mercantilist reasons. Yet, whatever the motivation, as this report demonstrates, the costs of these policies are significant, not just for the global economy, but for the nations that “shoot themselves in the foot” by using these policies.

Answer:
Personal information is protected by replacing user owned software, desks, and laptops as the primary custodians of personal information. privacy and security “justifications” nations offer for enacting barriers to data flows, concluding that, while such policies may be well intentioned, these rationales are generally not valid. (A forthcoming Information Technology and Innovation Foundation report will focus on a third motivation—to enable surveillance and government access for law enforcement—and will explain how governments need to develop a revised framework to help them determine jurisdiction over data while also facilitating cooperation among governments.) The examines the economic rationales countries provide to justify their data-localization policies, explaining the shortcomings in those arguments and noting that such policies impose large costs on countries’ own economies. The report then proceeds to review the emerging body of research that estimates the cost of barriers to data flows in terms of lost trade and investment opportunities, higher information technology (IT) costs, reduced competitiveness, and lower economic productivity and GDP growth