Computerworld - India has successfully claimed a significant share of the offshore business process outsourcing (BPO) market, but recently, there have been allegations that call center employees there have stolen data entrusted to their employers. As a result, concerns have risen about the security of data held by Indian service providers, and companies that outsource to India are seeking out the remedies that are available to them to deal with and prevent the misuse of data in India.
Preventative Measures
The National Association of Software and Service Companies (Nasscom), one of the most recognized and vocal trade organizations in the IT software and services industry in India, has established several measures to address data security concerns regarding service-provider employees. Earlier this year, Nasscom launched a National Skills Registry for IT professionals to help employers conduct background checks by tracking certain information about employees, such as employment history. More recently, Nasscom announced plans to set up an independent, self-regulatory organization to set and monitor data security and privacy best practices by outsourcing service providers in India.
Service providers in India are also increasingly adopting compliance programs and comprehensive security audits, including personnel and equipment audits to prevent misuse of sensitive information and data. Compliance programs include training of employees to enhance awareness of confidentiality and of managers with regard to securing computer systems, common threats to information security, access-control techniques, risk assessment and management, intrusion detection, authentication and other issues. Enforcement agencies in India also work with business process outsourcers to conduct workshops aimed at improving employees’ knowledge and skills in the area of the misuse of data.
However, despite the preventative measures, non-Indian companies should still be aware of their remedies in the event of a data security breach in India.
Laws Relating to Data Security in India
The Indian legal system is substantially based on the British common law system. While there is no omnibus Indian data security law, there are several laws that apply to data theft or misuse in India. Typically, when an incident involving data occurs, a complaint is filed for theft, cheating, criminal breach of trust, dishonest misappropriation of data and/or criminal conspiracy under the provisions of the Indian Penal Code (IPC) of 1846 and for hacking under the Information Technology Act (ITA) of 2000. Many of these offenses under the IPC and the ITA allow for an arrest without a warrant, are nonbailable and carry penalties that range from one year to life imprisonment, as well as fines.
Moreover, certain offenses carry higher penalties when the offender is an employee, a public servant, a merchant, an attorney or an agent. For example, misappropriation of data by criminal breach of trust could lead to imprisonment for up to three years. However, when the criminal breach of trust is carried out by an employee -- i.e., if the data is dishonestly misappropriated and converted by an employee for his own use -- the penalty increases to imprisonment for up to seven years. Further, when the offender is a public servant, merchant, attorney or agent, the penalty can be as high as life imprisonment.
Free Insider Guide
How does your salary compare with your peers? Find out using our Smart Salary Tool.
Copyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
