In the past few years, there has been a substantial surge in the use of Indian vendors by U.S. businesses for the performance of business processes. These types of engagements, referred to as business process outsourcing, routinely involve the transfer of sensitive personal data between U.S. and Indian firms. Thus, these types of transfers have raised concerns over the security of such data. The United States currently regulates these data transfers by industry sector. This policy contrasts sharply with other jurisdictions such as Canada, Japan, and the European Union where more broadly defined regulations set principles for the protection of data generally. This Note will examine whether the United States should enact broader based legislation in order to regulate the growing trend of business process outsourcing to India and protect sensitive data that gives rise to personal privacy concerns.