Common reasons why companies outsource include access to more qualified and experienced applicants, have positions that only need to be filled infrequently, want to send simple tasks offshore in order to save money, or they are a very small business who does not want to deal with hiring employees.
The International Association of Outsourcing Professionals, (IAOP), cites several government regulations that directly impact outsourcing decision-making or implementation. These include regulations surrounding controls imposed on public companies – in the U.S. as well as other countries. Additionally, there are regulations that impact certain industries in different countries and they have to be adequately addressed when going through the outsourcing process (from decision-making to implementation and governance). It is necessary to understand the impact of these and other regulations, and provide actions to meet them.
Hereunder are the common laws in the United States that impact companies that engage in outsourcing or offshore outsourcing:
U.S. Federal Regulations
Privacy Act of 1974 (5 U.S.C 552a)
Graham-Leach-Bailey act for financial institution
Financial Services Modernization Act of 1999, (Pub. L. No. 106-102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies. The Glass–Steagall Act prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company.
Federal Trade Commission (FTC)
Act dealing with disposal of information and records and liability associated with disclosure.
For banks impacting subcontracting of work including offshoring.
Federal Trade Commission (FTC) Act
Dealing with disposal of information and records and liability associated with disclosure.
Health Insurance Portability and Accountability Act (HIPAA) of 1996
Protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
Telecommunications Act of 1996 – Section 222
Dealing with Customer Proprietary Network Information (CPNI).
U.S. Patriot’s Act of 2001
Deals with approving (and identifying) people with whom business is conducted or employment offered. Mostly commonly used legal requirement is that the company must “certify” that the employees (or contractors) are not on the U. S. Government’s list of undesirable/dangerous people or, the “OFAC” list.
Regulation requiring public companies (of certain size) to certify internal controls; including controls over outsourced processes.
Data Protection Act
More commonly known as the Safe Harbor provision as well as the trans-border data flow that regulates how information in shared and communicated between countries and companies.
Acquired Rights Directive
Requires business to follow certain procedures during outsourcing and also provides for employee rights through the outsourcing action such as pension provision.