Data Security a Key Consideration for Outsourcing to India

India must do more to protect data security or risk future growth in business process outsourcing, according to a report by an influential Indian trade body. The rise of Indian business process outsourcing operations and call centres has increased calls within that country to implement a data protection law. The Indian National Association of Software and Service Companies (NASSCOM), author of the report, has long lobbied the government to implement a privacy and data protection statute that conforms to European Union standards. In 1998, a national task force called for a national policy on privacy and examined the UK Data Protection Act as a model. This past year has seen several high profile data breaches in India, sparking concerns in North America and Europe that data outsourced to that country may be vulnerable to misuse. At least one European data protection commissioner has launched an investigation into outsourcing personal information to India. In an attempt to respond to these concerns, and in lieu of national legislation, NASSCOM plans to adopt a US-style safe harbour in 2007, by establishing a self-regulatory body to monitor and enforce privacy and data protection standards across the outsourcing industry. Currently, foreign data controllers must rely on contractual obligations to impose privacy protection obligations on Indian data processors. For an article on a UK Information Commissioner investigation, see: http://inulikit.notlong.com For an article headlined "[Indian] PM to UK Investors: Your data is safe", visit: http://prehgato.notlong.com Summary by: Jason Young