From Slashdot comes a story about how a series of outsourcing led to workers in Pakistan handling confidential patient data--without the hospital's (let alone the patients') knowledge.
The specific example that is the foundation of the article strikes me as a little off topic. The article recounts how a person hired to transcribe a hospital's records circumvented a contractual provision and outsourced the work to a person in Pakistan. It seems to me that the problem with what the responsible party did here had nothing to do with the fact that it was a Pakistani who actually did the transcribing. Privacy is lost whenever a person who agrees to keep data confidential gives that data to somebody else, whether that person is in the United States or not. What happened here was a problem inherent in any outsourcing, not just foreign outsourcing.
Of course, the article does point out what might be a real problem: giving private data to people outside of the United States who are not subject to American law and against whom American judgments cannot be enforced, as a practical matter. I imagine the same problem would exist for outsourcing the programming of security/encryption software. This is, unfortunately, not a problem that the market will likely solve, due to information deficiencies--do you know who transcribes the records in your local hospital? I suppose we could just legislatively mandate massive (double/treble), strict-liability tort awards for loss of privacy, and let private actors adjust their behavior accordingly.