Offshore work raises legal red flags

Performing software development, data entryand customer services work with offshoresubsidiaries or subcontractors is a commoncommercial practice. It might be the subjectof occasional criticism, but it is widelyaccepted as a way to reduce costs. But when a governmentcontractor wants to launch an overseas operationor send work offshore, the practice raises questions thatthe company must analyze before moving ahead.The questions that arise whensending work offshore differfrom those that arise when performingthe contractor's backofficeor other functions withnon-U.S. employees. Some constraintsmight arise under theFederal Acquisition Regulationand be disclosed in the contract,but others have nothing to dowith the FAR and find theirsource in authorizing or appropriatinglegislation, privacystatutes or other laws.For federal contracts for softwaredevelopment and systemsintegration, contractors should analyzea number of federal statutes. Questionsto ask include: Such constraints can applywhether the work is done in theUnited States or abroad but barsending such work to a subcontractor'sforeign office. Contractorsshould analyze securityclearances, nondisclosure clausesand export control regulations.If the technology that is the subjectof the contract work falls under theCommerce Department's ExportAdministration Regulation, contractorsshould consider licensing requirements.If the work would be considereda defense service or involvesdefense items regulated by the InternationalTraffic in Arms Regulation,registration and approval of a technicalassistance agreement from the StateDepartment might be necessary.More mundane contract work, suchas simple data entry or database maintenancecontracts, can raise equallychallenging issues. For example, if thecontract involves working with governmentrecords systems that contain personalinformation, the contract willhave obligations under federal privacylaws and agency implementation regulations.Those regulations impose avariety of restrictions on the use, disclosureand protection of personalinformation that an offshore providerwill have to adopt and the contractorwill need to monitor.Similar obligations are imposed ongovernment contractors whose workrequires them to access individuals'health records. Regulations require thecontractor to take steps to ensure thatits offshore contractors comply withthe regulations. If the proposal is tosend work not directly related to contractperformance offshore, the problemstill requires analysis. For example,company-funded research and developmentcan still involve contractualissues related to exports.Even having back-office functions ?such as accounting, billing and recordsmanagement ? performed offshoremight raise issues that require analysis.For example, companies with regularaccess to government facilities or datasystems are required to implementemployee identification systems thatmeet minimum standards for collection,maintenance and disclosure ofemployee information and confirmationof employee identification. Thoserequirements often are not consistentwith privacy laws in other parts of theworld where company personnel mightbe located. The challenge is to complywith requirements imposed on the contractorby the U.S. government withoutviolating the laws of the foreignemployee's home country.