Many governments have privacy legislation. From an outsourcing perspective, there have really been two schools of thought. One is the accountability principle that you've heard discussed, the idea that whoever collects that information is accountable for it, wherever it goes, which effectively places the obligation on the data collector in the first instance to ensure that no matter where that data goes, it will meet a certain standard.
The other school of thought is to create a prohibition against data moving across borders unless there is an adequate level of protection in that other jurisdiction. That's the approach that, as you may know, has been adopted in the European Union. There are those who are supportive of it. Others would say that even though it came in the mid-nineties, it still predates the kind of world we live in just 13 years later, and that creating absolute prohibitions on data transfers is just a very difficult thing to do, and that an accountability principle, for all its shortcomings, may better reflect the current realities of both technology and the marketplace.