Washington, DC – U.S. Senator Dianne Feinstein (D-CA) is requesting the General Accounting Office (GAO) to investigate the extent that sensitive personal data about American citizens is outsourced abroad by private companies and Federal agencies for collection and processing.

“I am concerned that overseas outsourcing of sensitive personal data may be putting fundamental American privacy protections at risk,” said Feinstein, ranking member of the Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security.

In a letter to David M. Walker, U.S. Comptroller General, Feinstein asked the GAO to examine data sharing practices of publicly traded companies, identify best practices that companies are using to protect personal information when it is sent abroad, and also identify the extent that Federal regulators are holding American companies accountable for overseas violations of American law.

She also asked the GAO to identify the number and scope of Federal government services being outsourced to overseas vendors, particularly with the possibility that this could compromise national security, expose American consumers to increased risk of identity theft, or violate critical privacy protections like our Federal health privacy laws.

“I am particularly concerned about Federal outsourcing that compromises national security, exposes American consumers to increased risk of identity theft, and violates critical privacy protections like our Federal health privacy laws,” Feinstein said in her letter.

American consumers often lack meaningful legal remedies to stop privacy and identity theft abuses overseas, especially because many of these countries lack adequate consumer privacy and data security laws.

According to recent news accounts, some companies have begun to outsource work to contractors and affiliates in foreign countries.  Some of the documents used in the work include tax returns, credit files, and homeowner appraisals.

Feinstein has warned that if adequate safeguards are not established, she may introduce legislation to protect Americans' personal data that is sent abroad.  The GAO will also include recommendations on possible legislative and regulatory remedies to protect this data in its report.

In the United States, companies handling personal data must comply with the Health Insurance Portability and Accountability Act (HIPAA), the Children's Online Privacy Protection Act (COPPA), the financial privacy provisions of the Gramm-Leach-Bliley Financial Services Modernization Act, and the Privacy Act of 1974.  However, many foreign countries lack similar safeguards when it comes to handling consumer data.

According to the Federal Trade Commission, there were 161,819 victims of identity theft in the United States in 2002. Of these victims, 30,738 were Californians, giving California the highest per capita rate of identity theft of any state.

###