Let's Build a Responsible Cyber Society


Let Compliancy Replace Complacency

.

 

(This is in continuation of yesterday's discussions on the need for Software companies to learn some lessons out of Mr Arun Jain's arrest in Indonesia and the experience of Elcomsoft in USA)

In continuation of our discussions on the lessons to be drawn from the arrest of Mr Arun Jain of Polaris, we shall look at the possible causes that lead to the situation.

It has already been discussed in the earlier articles in this series that the main reason for the predicament of Polaris was that

a) The Contractual Risks were underestimated

b) Country Risk factor was ignored.

While the contract provided for an "Arbitration in Singapore" as has been reported, it is not clear if there was a clause to the effect that " Both parties had expressly waived their other rights  under the laws of Indonesia or India". This risk was therefore ignored.

Further, acknowledging that each country can have its own internal compulsions to impose force-majeure influence on a contract, in any international contract,  it would be necessary to hedge this risk with a higher profit margin while quoting for the contract. This is the quantification of the country risk which should ideally be equal to the insurance premium for covering the risk if such insurance exists.

One of the main action points that should therefore follow now is to find a means of how such country risks can be covered by Indian software countries.

Will a reference to the Embassy of the country be a sufficient guard for a software company to accept a country risk?, or

Is  there a need for quantification of the risk and coverage through insurance?

If the country risk has to be insured, who will provide the insurance?

What is the role of ECGC in Software export contracts?

What role Nasscom can play in developing such an insurance cover?

are some of the questions that arise in this context.

While these long term debates go on, each software Company should start reviewing their internal focus on "Legal Compliancy".

Naavi has a direct experience of the  complacency that prevails in the IT industry on legal compliance. The list of articles found below starting from 2000, highlighting the need for Indian corporates to start addressing the law related risks through a compliancy plan represents the warnings that have been sounded out to the industry. 

However, the industry has not responded to these calls in a manner that  responsible corporate entities should have done. The industry bodies such as Nasscom also have not focused on this issue.

As a result of this complacency, the information assets of the country have been placed at an enormous risk and in direct conflict with the IPR of foreign companies. This loss is the loss of the nation as much as that of the Company.

The Next Threat:

The next blow on the Indian software industry and their information asset base will come in the form of Trade Mark, Copyright and Patent Right attacks on the Products, Services, and Domain Names of Indian software companies.

It is a fair guess that the Indian IT companies are neither prepared legally nor have provided financially for legal battles in the international arena for protecting their information assets.

I agree that "Regulation and Law" are dirty words for businessmen. Many think that they would rather attend two more new marketing presentations than attending to legal compliancy of the contract already on hand.

Being both a marketing person and an advocate of legal compliancy, it is necessary for me to emphasize the market oriented IT companies that in the coming days of legal activism, if legal risks are not properly hedged, even if you get several new contracts, the profits would be insufficient to meet the losses if the legal non compliancy on any one of the earlier contracts is brought to book.

Legal Compliancy of the Products

In addressing these issues we should also remember the lesson from Elcomsoft that legal compliancy should extend to all the products of the Company. If any product violates the IPR of any party, or the Cyber Laws of any country, (eg: HIPAA or GLBA or ITA-2000 )then it is sufficient reason for your executives to land in jails in India or foreign countries and to face damage suits running to millions of dollars.

Even employee related disputes as in the case of Infosys Phaneesh Murthy could be debilitating for companies as it could remove your key employees from action and affect the morale in the company.

A Total Legal Compliance should therefore be nursed as a way of corporate culture that should be inculcated in every employee of the company.

My advise to my friends in the IT industry is therefore " Please shed your Complacency and Take Immediate Steps To Move towards Total Legal Compliance". A stitch in time saves nine.

Naavi

December 25, 2002

Related Articles in naavi.org

Let Arresting of Corporate Executives Stop -December 2002

Software Companies Cannot Drop Their Guard-December 2002

Some Questions Nasscom Should Answer-December 2002

This is Business Terrorism December 2002

Legal Negligence Can Be Devastating- December 2002

IS Managers...Beware, This week you may be heading to Central Prison!!-June 2002

There is No Quality without CCL Compliancy -May 2002

Preparing For Cyber Law Compliancy- May 2002

ISP Managers Beware...You may land in jails..if.. May 2001

CEO s and CTO s- Keep your anticipatory bail ready. -December 2000

Are You Cyber Law Compliant?-November 2000

 



For Structured Online Courses in Cyber laws, Visit Cyber Law College.com

 

Back To Naavi.org