|
.
|
The twin BPO
frauds of Mphasis and Infinity e-Search in quick succession has given
raise to a series of discussions on the status of Data Protection Laws in
India. Unfortunately several media persons as well as industry persons have
gone on record with statements indicating that either there is no data
protection laws in India or if it is there, it si grossly insufficient.
The efforts of
Naavi.org in clearing the air is a drop in the ocean when NDTVs and Economic
Times continue to speak in a different tone.
One of the
adverse fall outs of this media publicity is the formation of
international opinion which could be inimical to the reputation of the BPO
industry in India. Perhaps this is the raison d'etre for the Sun Report too.
The shrill cry
for a new law on "Data Protection" will only proliferate the number of laws
int he country applicable for the same offence and will cause more confusion
than comfort. If an offence is adequately covered by one law then claiming
that there is need for one more is absurd. (I will separately address this
issue in a future article..Naavi)
The object of
this article is to highlight that the Indian journalists are unnecessarily
queering the pitch for a new data protection law where it is not warranted. I
want these journalists especially from respected financial papers to first
study the law as it exists and then start passing comments that may force the
Government into some knee jerk reaction.
A few such
reports that have come to our notice are as follows:
| Publication |
Date |
Article |
Atributed to |
Statement |
| Business
Standard |
27,June 2006 |
Now get the law |
Editor |
There is as yet no data security law in India.
... It should come, if only to raise comfort levels
A cross section of industry feels rightly that there is
no substitute for a comprehensive law on security issues and deterrent
punishment for transgression. An industry leader has specifically
suggested that data theft be made a non-bailable offence. |
| Economic Times |
June 26, 2005 |
IT
Act Review Panel to submit report |
Editor |
The need for a data protection law has emerged again
with a leakage of credit card information last week with an employee of a
Gurgaon-based web marketing firm at the centre of the scam. |
| Economic Times |
June 25 2005 |
Needed. New Law, Enforcement Agency |
Editor |
The Information
Technology Act 2000 prescribes as penalty for breach of privacy a fine up
to Rs 1 lakh and/or imprisonment up to two years. This is wholly
inadequate.
We need a separate data
protection law, with tough penalties. .. A separate enforcement agency
with the requisite skill, separate tribunals and high court benches ..The
government must act on this front, and fast. |
| Telegraph India |
June 24 2005 |
|
M. RAJENDRAN Quoting unnamed sources and
Pavan Duggal |
Unnamed Sources: "the government should
enact a data protection law if it wants to instil confidence among foreign
clients".
Pawan Duggal a cyber law expert
:said: “The Information Technology Act alone cannot give that confidence.
The government should show urgency in making data protection an important
part of the act.” |
| BBC News Delhi |
June 24 2005 |
|
Southik
Biswas |
..experts agree that India needs to tighten up call
centre security and info tech laws to stay ahead in the call business
process outsourcing (BPO) business...that India's information technology
laws ..do not give adequate attention to data protection.
If a call centre worker is found guilty of leaking and
selling confidential data, he could face three years in prison and a fine
of 100,000 rupees ($2,297) .. can even be sued for damages up to $225,000
to be paid to people affected by the leakage of information. |
| Sify.com |
8th June 2005 (pre Gurgaon
scam) |
BPOs plump for
law on data security |
President and CEO of EXL
Service, Rohit Kapoor. & Mehra, PWC |
Kapoor: suggested making the existing IT Act more
effective by removing the existing lacunae and strengthening data
protection and privacy rules.
Mehra: though the Indian IT Act makes unauthorised use
of data a punishable offence, there are concerns about its timely
enforcement given the slow pace of the country’s legal system.."The
government needs to be proactive in keeping the IT Act in sync with
advancement in technology and put in place a speedy legal recourse
system," Mehra said |
| Express Computers |
6th June
2005 |
Needed: a facelift for cyber laws |
Sushma |
Data protection guidelines, protection from spam, and
credit card fraud are absent in the Indian cyber law.
:Vishwas Patel, Avenues: “Credit card fraud is still
not covered under the IT Act, so one has to approach the crime branch.”
This defeats the purpose as the crime branch isn’t IT-savvy. |
A few positive
reports that have come to our notice are as follows:
| Publication |
Date |
Article |
Atributed to |
Statement |
| Independent-UK |
26, June 2005 |
Big hearts and small minds: companies rail at the dead hand of the
box-tickers |
Ian El-Mokadem, One-Tel's chief executive. |
"It is easier to set up a call centre in India than in
the UK," says "There is a more flexible workforce, a more flexible
set of policies in India." |
| TOI |
24th June 2005 |
Indian BPO is safer than UK's: Brit firms |
RASHMEE
ROSHAN LALL
|
Tim Pullan an IT & Outsourcing partner at London law
firm Lawrence Graham LLP told TOI on Friday that his clients, who signed
some of the biggest outsourcing contracts with India over the last two
years, were eminently satisfied with the security standards in place in
call centres across Delhi, Mumbai, Bangalore and elsewhere in India. |
A small attempt
has been made in this report just to high light the fact that the media may
require better understanding of Indian Laws on Data Protection before adding
fuel to the fire of speculation about security.
It is important
for us to remember that "Security" where human elements are involved is
extremely complicated and frauds are a reality of the society. We need to
balance our criticism of the Indian BPO industry with the level of security
which is now available which is in fact considered to be superior to other
countries including perhaps US and UK.
I reiterate
that
India has a robust Data Protection Law ,
the
current incident could be Cyber Terrorism, there is a
threat
to Indian sovereignty if we do not respond with conviction to the present
crisis and we need a
strategy for security management
Naavi
June 26, 2005
(Comments
welcome)
For Structured Online
Courses in Cyber laws, Visit Cyber Law College.com
|
|
