Privacy Officers Network

30 January 2007

Dresdner Kleinwort, London


Host: Dresdner Kleinwort

Managing privacy when outsourcing to a country without a privacy law includes issues, such as:

  1. what national Data Protection Authorities (DPAs) in different EU countries require of companies
  2. DPAs' requirements for specific countries, for example, India, China, South Africa
  3. customer perceptions of culture and levels of security in different countries to which processing is outsourced
  4. how to handle outsourcing from a data controller in an EU country to a processor in a non adequate territory
  5. auditing a remotely located processor in a non adequate country both when there is the same parent company and/or when there is an independent provider.

Surveillance/investigation of employees/tracking employees/customers includes issues, such as:

  1. active badge systems
  2. surveillance of employees and customers via access to websites
  3. privacy problems related to use of closed circuit television (CCTV) and/or webcams in processor, controller, data center or other premises
  4. types of controls on physical access to data centres
  5. tracking people through buildings via fingerprints and iris scans
  6. use of conversion of fingerprints into a mathematical code and using it as an authentication token
  7. security of this type of data
  8. combining this data with an Human Resources database for different purposes
  9. need for DPA prior approval of biometric data in some countries, with conditions for limited use
  10. need for a written/recorded notice informing call centre staff and customers of their Data Protection duties and/or rights
  11. drawing up a Data Protection clause in call centre contracts
  12. handling an outsourced call centre's wish to sub-contract to another party; establishing duty levels in such circumstances.