The cool American may be partying or tanning it out in a Jamaican beach resort. But there will be this Indian guy who goes on a shopping freak with his cash. This is exactly the biggest upcoming concern of the so-called booming Indian BPO sector-the issue of "identity theft ".

The issue was caught in the eye of media storm when an employee in a call center in Noida misused the credit card and other details of a US citizen to go on a mega shopping spree last year. Though there is a big talk of the India growing into the BPO epicentre of the world, the reality is that a major share of the job outsourced to India are the lower end ones, mostly low-end call centre and data processing work. Because of the lack of proper data security legislature in the India, jobs in the higher end of the value chain are not getting outsourced to India.

Major ITES companies in the country are urging the government to put in place an appropriate legislation that will ensure that foreign vendors sending jobs to India are indeed feeling safe with their data. So, an Act regarding this could be expected any time the new government comes to power.

 

In fact, Nasscom is working on adding new clauses to the Information Technology Act, 2000. The Government preferred an amendment in the IT Act rather than a new Act as this will simplify matters and will remove any sort of complexity that may creep in settlement because of multiplicity of laws. Nasscom president Kiran Karnik pointed out that the amendments will meet regulatory requirements of major customers of the Indian BPO industry.

The Indian BPO sector managed to survive the securitisation provision till now because bulk of the business that India receives have come from US, which has a liberal policy on data security issue than many European countries. Members of the European Parliament belonging to the Labour party have moved a motion in the European Union for framing laws to protect British citizens from possible identity theft when their details are transferred to countries like India.
 
The IT Act in the present version has provisions for charging a person on the grounds of unauthorized access and data theft from computers and networks and carries a maximum penalty of about $2,20,000, and does not have specific provisions relating to privacy of data.

Nasscom is mainly concentrating on enabling the new clauses to confirm to the EU norms like the Data Protection Directive. The legislature as such won't be enough as India will have to enter into ministerial level negotiations with EU to recognize India as safe domicile for transfer
and privacy of data.

Indian BPO firms are mainly relying on US and European regulations like the Sarbanes Oxley Act, Safe Harbor Act, GLBA for Financial Services, FDCPA (Fair Debt Collection Practices Act), OCC regulations for banking and HIPAA for healthcare to showcase their data security credentials. The problem with these regulations are that they doesn't hold in Indian judiciary and they are problematic, time consuming and self defeating for the overseas firms if there is any leakage in the data privacy.

Sanjay Kumar Chief Executive of vCustomer, an Indian call center which employs more than 3,500 people in New Delhi and Pune told the Seattle Post that to protect against sensitive data from leaking out, the company bans pencil and paper on the call center floor. He added that the agents computers do not have CD-ROM drives and the print and save-to-disk functions are disabled. Further, all of the customer information is stored on servers in New York and Seattle.

The sectors that are on the top end of the value chain like financial, medical, engineering, research and development and bio-technology is not reaching the Indian shores mainly because of the lack of data security issues. The loss suffered because of the non-entry of the high end business amounts to $2.5 billion. It is because of this that many of the Indian statess like Karnataka, Maharashtra and Andhra Pradesh have taken the lead by announcing individual legislature that assures the highest levels of security.

But this is not going to help as the business is getting more complex and the industry is growing and the nature of work becomes more specialized like the financial accounting and tax preparation. While the average American citizen remains still wary of the 9/11 incident and with BPO becoming a major poll issue in the US developing outsourcing hot spots for call centre business like Philippines, Malaysia and China are fast recapturing the lost ground by forming stricter data security norms.

India seen as the leader of the BPO pack cannot be left behind as the stakes involved are the lives of a huge upwardly mobile new economy labour force created by the call centre boom. And till the time US Inc., is afraid of identity theft, homeland security, and criminal misuse and abuse of information by globally competing corporations, the call centre guy in Noida, Gurgaon and Pune cannot have a good night out.