It has been a growing trend in the U.S. for many years: the outsourcing of customer service and data processing jobs to India. But India has implemented some new restrictions regulating the transfer of data to the United States.

This year, India enacted new Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules. The rules impact India companies that gather personal data.

The rules mandate that no India-based firm may send personal consumer information to a third party outside the country, unless the company receiving the data can provide the high level of data security required under the India IT Rules. The private information includes:  passwords, certain health conditions and medical records; and sexual orientation.

What does this mean for online retailers in the U.S.? American firms that obtain this kind of data from Indian companies must adhere to Indian privacy regulations if they want to continue receiving the data. The regulations also may apply when information is collected about non-Indian residents.

Needless to say, companies doing business with Indian customer service firms need to make sure they are in compliance with the nation's IT Data Rules.