One thought that the industry would be able to handle it on its own, but no
Nasscom, with the full backing of the Government of India is finally stepping in
to set up self-discipline mechanisms for the growing software and BPO industry.
An independent self-regulatory organization (SRO) will soon come up for
establishing, monitoring, and enforcing data protection standards. This was one
area that was getting breached repeatedly, threatening to impact India's
reputation as the world's choice for outsourcing.
Expected to commence operations in the next three to six months, the SRO will
lay down best practices, and provide training in the area of privacy and data
protection. It will also help companies with processes and technologies for
capacity building while not compromising with data security.
While this is a good move, there are quite a few challenges that Nasscom will
have to not just keep in mind, but will actually have to work towards, to make
SRO effective. And for successfully doing so, it will have to take everybody
along-right now there are quite a few small players in software and BPO who
are not members of Nasscom. For their buy-in, the high profile industry body,
often seen as the voice of only the large players, will have to take the first
steps.
SRO should also address the issue of better alignment between companies, law enforcement agencies, and the judiciary |
A key component of SRO success will be the industry's faith in the National
Skills Registry, which was set up sometime back. So far it has got only 24
companies out of the over 1,500 in the business; and about 25,000 employees out
of the lakhs in the trade have registered. While most security breaches that
have got the attention of the media have happened in large BPO/ITeS
organizations, many of these problems in smaller companies are said to be going
un-reported.
The other challenge is with respect to some amendments that have been
proposed in the Indian IT Act. While Nasscom officials say that it is in the
final stages of approval and will be tabled in the coming session of Parliament,
there are some unconfirmed reports that say that it might take some more time
than just a few more months. Nasscom will have to use its good relationships
with the government to make this happen fast.
While the SRO also envisages for itself the role of enforcing the code of
conduct, it will surely need the support of law enforcement agencies. Again, the
readiness of Indian police and judicial system to deal with cyber crimes is not
anything to write home about. Even though there are plans to set up training
labs in Pune, Bangalore, Delhi, Hyderabad, and Kolkata, the total number of
policemen actually trained so far is very small-1,800 so far. In fact, Nasscom
will have to quickly do some capacity building so that more enforcement
personnel are trained. And it might be a good idea to get members of judiciary
also exposed to crimes, laws and policies relating to IP, security, and data
protection.
Finally, it must be understood by all members of the industry, big or small,
that the success of India in software and BPO now depends not just on low costs
and quality work, but also on the confidence level their international customers
have. And security related processes and policies will play a big role here.
They will have to offer their full support
As global customers give more high-end work to Indian software companies, and
start outsourcing more critical work to Indian BPO organizations, they are also
increasing their stake in India. With emerging laws on security compliance which
are now becoming more and more mandatory, India does not have any other way out
but to quickly update itself with the best practices globally, if it has to be
the best destination.