Total Information Outsoucing (TIO) leads organisations to handover the management of their business data to companies which are often based abroad. This may create two privacy issues: disclosure to unknown parties and incompatibilities with national privacy laws.

Disclosure to unknown parties consists for a TIO provider to provide a copy of the data of a client to a party without the client being aware of it. SLAs normally specify in which case this can happen or not. However, national Laws can be invoked to circumvent SLAs in certain cases. The Patriot Act is an example of such Law. Certain digital copyright regulations also create such a requirement in some countries. TIO clients should make sure they become of the applicable laws in relation with terrorism, corruption or copyright and how such laws impact unknown disclosure of their private data to unknown parties.

Incompatibilities with national privacy Laws may result from a conflict between Total Data Portability (TDP) and privacy laws. TDP for example requires to provide a complete log of data input and user access. Certain national privacy laws prevent storing such information more than for instance 6 months or require to anonymise certain data. In the context of corporate information systems, part of such incompatibilities may be solved by appropriate crafting of service level agreements (SLAs) and by making sure all staff signs an appropriate user agreement which notifies them about how information is going to be stored and used.

Both issues are complex and closely related to national laws which scope and principles may change over time. They will require much attention and collaboration with lawyers in the next decade to protect TIO clients from governement or service provider abuses.