|
Recurring instances of employee fraud as well as other security concerns have made country's premier trade body and the chamber of commerce of the IT software and services industry in India, National Association of Software and Service Companies (Nasscom), to think of the need for a separate Data Protection Law.
Stressing on the importance of a watchdog over the information security in India, Kiran Karnik, president, Nasscom, said, "There has been a debate on the need of an IT Act separate from the IPC. In the recent past technology has evolved, so, specific areas that were regarded safe now need special attention. India is still far safer than the US and UK when it comes to information security. Even various foreign software companies regard their India operations highly secure, however, Nasscom is committed to ensure that the Indian information security environment benchmarks with the best across the globe."
Nasscom has been working with the government to strengthen information security initiatives being rolled out within IT and ITES-BPO organizations. The chamber has worked with the government to evolve recommendations for amendments to further strengthen the India IT Act 2000. Additionally, most Indian IT/BPO companies conform to global standards such as BS 7799.
Sunil Mehta, vice president, opined, "We are sure that we would create a robust regulatory environment very soon. The best part is - a few cases of security breaches will not affect foreign investment in India. However, we have a long way to go and hence we want a severe enforcement of the security initiatives like Trusted Sourcing initiative and 4E framework to enable companies to overcome the security problem."
In the backdrop of the recent cases of data theft involving BPO employees in leaking out crucial client information to the underworld, Karnik said, "Data theft is an industry wide problem. One or two cases of data theft do not mean that it is a regular phenomenon in the IT industry. Through Self Regulatory Organizations Nasscom intends to minimize the criminal misuse of the information that is widely available in public domain. It is an independent self-regulatory body that will establish, monitor, and enforce privacy and data protection standards for India's IT BPO industry."
In January, Nasscom launched National Skills Registry (NSR), a centralized database of employees of the IT services and BPO companies, as a step to ensure that there is a verified database (with independent background checks) of the human resources within the industry. Around 25000 employees and 24 leading IT companies accounting for 30% of industry's total workforce have already registered in NSR.
Elaborating on NSR, Karnik said, "The initiative was launched to enable both employee as well as the employer to protect their identities. With this an employee not only can keep his/her information a secret, the information will act as a catalyst if he/she decides to switchover and join another IT firm. Employers can directly carry on the necessary checkups by going through his/her online background information. NSR will also be useful to minimize falsification."
Nasscom is also generating awareness among consumers on cyber crimes through Cyber Safety Weeks. The chamber has also set up cyber training labs to train police officers in cyber crime investigation.
|