MUMBAI -
Responding to a string of embarrassing sting
operations exposing data theft in the Indian
business process outsourcing (BPO) industry, the
government this week approved amendments to the
Information Technology Act (2000) aimed at making
life more difficult for IT criminals.
Under the new law, fines of
over US$1 million can be imposed on companies and
individuals who
fail to stop data theft and
the
leakage of personal information.
The cabinet decision follows
Prime Minister Manmohan Singh's
assurance to foreign IT
stakeholders that India is concerned about data
theft and will be acting to stop leakage. The
amendments also aim to combat phishing (e-mail
fraud), identity theft, video voyeurism and other
types of computer crime.
"Concerns have
been raised both within the country as well as by
customers abroad regarding the adequacy of data
protection and privacy laws in the country," said
Parliamentary Affairs Minister PR Dasmunsi.
"[There is a need to] strengthen the legislation
pertaining to data protection and privacy."
The National Association of Software and
Service Companies (Nasscom), the main body
representing the Indian software industry, said
the new amendments have incorporated most of the
recommendations it made to the government to plug
holes in the Indian IT Act (2000).
Leading
IT companies are also pleased with the amendments.
"Any step to safeguard data is good news for the
industry, particularly after the sting operations
and media exposes regarding BPO security in
India," Pradipta Bagchi, a general manager with
Tata Consulting Services (TCS), told AToL.
"Nasscom did a good job in ensuring the
recent media sting operations on BPOs was limited
to the specific firms rather than a general
indictment of the Indian BPO industry. Laws are
evolutionary and no doubt the IT law will evolve
further according to market conditions."
Indian BPOs were left red-faced after the
UK's Channel 4 TV station ran broadcast footage of
a sting operation exposing middlemen hawking the
financial data of 200,000 UK citizens. The
documentary prompted Britain's Information
Commissioner's Office to examine the security of
personal financial data at Indian call centers.
Earlier BPO frauds in India include New
York-based Citibank accounts being looted from a
BPO in Pune and a call-center employee in
Bangalore peddling credit card information to
fraudsters who stole US$398,000 from British bank
accounts.
However, some local IT industry
leaders remain defiant. Writing in The Financial
Express on October 11, Nasscom president Kiran
Karnik stressed that India ranks highest among 40
outsourcing destinations around the world. "India
continues to be comparatively more secure," Karnik
wrote. "Research conducted in 2005 [by AT Kearney
Global Services] found that there were more
security breaches in the UK and the US than in
India."
Cybercrime expert Vakul Sharma
supported Karnik's view, saying: "If you compare
it to the international averages, India has the
lowest rates of data theft in the [world] -
.0001%. In the last six years, maybe 10 thefts
have been reported from BPOs."
However,
confidence in Indian personal data security has
been seriously undermined overseas. Feedback to
Channel 4 after its documentary was aired included
messages such as: "Here in the UK, there's going
to be a great deal of panic amongst the public,
and this would undoubtedly be fanned by the media
and others disgruntled by the shifting of
operations to countries like India and China" and
"This is surely the biggest blow to the
outsourcing industry of India. This documentary
has already done a lot of damage to the image of
India."
Nasscom has implemented
confidence-building measures including: the
creation of a national database of IT and BPO
workers; a 'Trusted Sourcing' initiative targeted
at employees, organizations and enforcement
agencies; and the establishment of a national
advisory board comprising domain experts, industry
players and academics.
Enacting new
legislation is a step forward but laws still need
to be effectively enforced by the courts, as
leading BPO firm Acme Tele Power Limited
discovered the hard way. Acme Telepower claimed it
lost US$166 million after a data theft this month,
and decided to leave India after the main accused
party, a former Acme employee, was granted bail by
the local Sessions Court.
"We are
disappointed in the system. Patents and research
are not protected, so we are not sure if the law
will be able to protect us," said Sandeep Kashyap,
Acme's general manager of marketing.
Around 1,100 Indian Acme employees will be
affected by the decision to move to Australia, and
India's BPO industry is hoping the new amendments
will help keep more companies from leaving.
(Copyright 2006 Asia Times Online Ltd. All
rights reserved. Please contact us about sales, syndication and republishing
.)
