Outsourcing and transborder data flows: the challenge of protecting personal information under the shadow of the USA Patriot Act
| Author | Lorna Stefanick |
| DOI | 10.1177/0020852307083456 |
| Published date | 01 December 2007 |
| Date | 01 December 2007 |
| Subject Matter | Articles |
Outsourcing and transborder data flows: the challenge of
protecting personal information under the shadow of the
USA Patriot Act
Lorna Stefanick
Abstract
Governments are increasingly outsourcing service provision to private contractors
in an effort to realize cost efficiencies. The passage of the USA Patriot Act, how-
ever, has caused concern that government outsourcing of data management to
US-based companies could result in the violation of fundamental civil liberties.
What follows is a case study of a Canadian provincial government´s plan to out-
source the administration of a public health insurance and drug plan to a Canadian
subsidiary of an American company. Within the context of the larger international
concern about the reach of the USA Patriot Act, the article discusses the Canadian
response to the fear that outsourcing will compromise the security of personal
health information. It concludes that while different privacy protection experts
worldwide have drawn different conclusions as to the implications of the USA
Patriot Act, the ability of governments to protect the large amounts of data that
are entrusted to them is becoming increasingly difficult.
Points for practitioners
Globalization and electronic communication not only challenge the sovereignty of
the nation-state, but complicate the environment that both companies and
governments ‘do business’ in. This is particularly true given the swift passage of
the USA Patriot Act 45 days after the September 11 attacks on New York´s twin
towers. This study of public sector data management outsourcing demonstrates
that accountability, transparency and control over governments and their agents
must not be compromised in the face of high profile demands to enhance
Lorna Stefanick is Associate Professor, Coordinator BPA – Governance, Law and Management,
Chair, Centre for State and Legal Studies, Director, BPA Program Council, Athabasca University, Canada.
Copyright © 2007 IIAS, SAGE Publications (Los Angeles, London, New Delhi and Singapore)
Vol 73(4):531–548 [DOI:10.1177/0020852307083456]
International
Review of
Administrative
Sciences
national security or due to more mundane pressure to increase administrative
efficiency.
Keywords: accountability, administrative secrecy, data management, data secur-
ity, national security, privacy protection, service delivery, transparency
The ‘reinvention’ of government is a theme that dominated discussions of public
sector reform during the last decade of the millennium. During this time, public
services were alternately described as inefficient and obsolete. Proponents of New
Public Management (NPM) called for streamlined, ‘better’ government in which
empowered citizens have more control over mission-driven administrators who focus
on improved services for their ‘customers’. Governments were under intense pressure
to follow the lead of private industry in order to deliver services in a timely and cost-
effective manner. In response, governments looked to a number of possible solutions
to administrative malaise, including the adoption of Information Communication
Technologies (ICTs) to improve services and outsourcing, and the practice of hiring
external suppliers to provide services that previously were provided ‘in-house’.
Enthusiasts hail outsourcing as an innovative and practical approach to realizing
efficiencies and budget reductions, particularly in the delivery of services that are
technology dependent or require specialized knowledge.1New ICTs make it possible
to outsource to companies located anywhere in the world, allowing the contractor to
circle the globe in the quest for the lowest cost. By the dawn of the new millennium,
the adoption of ICTs and outsourcing of government service provision to private con-
tractors has come to be seen as an irreversible process that best serves the public
interest.
But other pressures are also coming to bear on governments in the era of
globalization and cyber communication. Two notable concerns are the provision of
security in the wake of terrorist attacks on civilian targets and the increasing concern
regarding the collection and use of citizens’ personal information. The swift passage
of the USA Patriot Act 45 days after the September 11 attacks on New York’s twin
towers undoubtedly reassured Americans that their government was ‘doing some-
thing’ to protect them from international terrorism. The Act’s potential to compromise
the protection of personal privacy, however, has led to claims that fundamental civil
liberties are not only in danger of being violated, but of being completely ignored
(American Civil Liberties Union, 2001, 2006). Due to the rapid dissemination of infor-
mation among governments and corporations, the reach of the USA Patriot Actgoes
far beyond American borders. Those who fear coming under ‘Big Brother’s’ surveil-
lance are very concerned that American companies doing business outside the US
are now required to turn over their customers’ data to US authorities on demand and
that these same companies are prohibited from acknowledging to anyone that their
records have been accessed by a foreign government. The recent transatlantic
controversy over a Belgian-based company’s compliance with the US Department of
Treasury’s subpoenas of stored messages held by its US-based subsidiary suggests
that no organization that does business in the US can escape the reach of the
American government (Anderson, 2007). Moreover, privacy concerns are not con-
fined to the private sector, but are arguably most worrisome for ‘customers’ of
532 International Review of Administrative Sciences 73(4)
To continue reading
Request your trial