India to set up data security watchdog

Organization will focus on data security and privacy practices in India's call center and BPO industries

India's National Association of Software and Services Companies (Nasscom) is setting up a watchdog organization that will focus on the introduction and monitoring of best data security and privacy practices in the country's IT services, call center and business process outsourcing (BPO) industries.

"We are planning a self-regulatory organization (SRO) that will be initially set up by Nasscom, but will operate independently with an independent chief executive officer and board," said Sunil Mehta, vice president of Nasscom in Delhi.

The move is one of several measures by Nasscom and the local industry to strengthen data security and privacy in the Indian call center and BPO industries. The organization set up a National Skills Registry in January that enables employers to do background checks of employees they hire.

The initiatives by Nasscom come in the wake of allegations in the U.S. and U.K. that Indian call center workers have stolen and sold data processed by Indian outsourcing companies.

The SRO aims to raise the bar in data security and privacy by including the best practices currently stipulated by certifications such as the ISO17799 standard for information security of the International Organization for Standardization (ISO) in Geneva, as well as data privacy and data protection laws worldwide, Mehta said.

"We want to change the rules of outsourcing to India," he said. "Customers should be interested in outsourcing to India not for lower cost alone but because of the superior data protection and privacy we offer."

The SRO will be set up by Nasscom later this year, and the chief executive officer and board of directors will be appointed by the organization on behalf of the industry, Mehta said. Membership of the SRO will be open to IT, BPO, and call center companies.

"Being a member of the SRO will in effect be a certification, as member companies will have to follow the best practices specified by the SRO," he said.

Besides setting benchmarks and training companies on the best data protection and data privacy practices, the new organization will also have the authority to punish and expel erring member companies

The SRO will be funded for one year by Nasscom, which has budgeted $300,000 for the purpose. After the first year, the SRO is expected to finance itself from membership, training, and audit fees.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies