As mentioned in a prior post on this blog, earlier this year the Indian Ministry of Communications and Information Technology issued new privacy and data security rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “Privacy Rules”). The strict consent requirements relating to the collection and sharing of sensitive personal data or information seemed to threaten the viability of India’s successful outsourcing industry and affect the data collection practices of non-Indian companies who are otherwise in compliance with data security and privacy requirements in their home jurisdictions. On August 24, 2011, the Ministry issued a release clarifying certain aspects of the Privacy Rules which will undoubtedly cause the Indian outsourcing industry and non-Indian companies to breathe a sigh of relief.

On February 16, 2010, the EU Article 29 Working Party published Opinion 1/2010, in which it clarified the definitions of “data controller” and “data processor” as those designations are used within the European Data Protection Directive. The Working Party’s opinion is welcome guidance, as such designations are often difficult to apply in practice, especially given the increasing complexity of globalization, organizational differentiation, and information and communication technologies.

Proskauer Rose LLP has just released “Proskauer on International Litigation and Arbitration: Managing, Resolving, and Avoiding Cross-Border Business and Regulatory Disputes.” The online guide is a practical reference work for businesses and practitioners; it explores best practices and creative yet practical approaches to manage, resolve, and avoid controversies affecting multiple jurisdictions. The 28-chapter guide is available free in e-Book format at www.proskauerguide.com. It includes a thorough chapter on international privacy law.