Indian BPO units address security concerns

Before entering the facilities of Wipro Spectramind, the business process outsourcing (BPO) unit of Wipro Ltd. in Bangalore, India, employees are frisked, mobile phone use is prohibited and technology is used to monitor and record data records accessed through employee computers.

"All our facilities are also fully monitored by electronic surveillance, and we have access controls as well," said Raman Roy, chairman and managing director of Wipro Spectramind in Delhi.

In an effort to increase information security, Indian BPO companies now conduct thorough background employee checks, often even looking at school and college records. "We also do a lot of our hiring through referrals by our current employees, which helps us in getting people whose credentials are easily verified," said Shanmugan Nagarajan, founder and chief operating officer of 24/7 Customer, a Bangalore-based BPO company. The BPO industry also circulates privately among members a "black list" of employees who were fired on disciplinary grounds, Nagarajan added.

Intrusive and draconian as these measures may appear, they reflect the determination of Indian BPO companies to prevent data security and privacy breaches. "If one instance of a data security breach should happen, then it will impact the entire Indian BPO industry," said Ashish Gupta, country head and chief operating officer of Evalueserve.com Pvt Ltd in Gurgaon near Delhi, on the sidelines of a BPO conference in Bangalore last week.

U.S. and U.K. worker unions, opposed to outsourcing, have questioned the judiciousness of having personal data processed in India. The U.K.'s Amicus trade union warned earlier this year that offshore outsourcing is "an accident waiting to happen."

To allay such concerns, Indian BPO companies have stepped up security measures, and in the process have impressed some customers.

"We have been very pleased with Wipro's performance and attention to security and privacy," said Chris Larsen, chief executive officer (CEO) of E-Loan Inc., a consumer direct lender in Pleasanton, California, which outsources back-office underwriting functions for its home equity applications to Wipro Spectramind.

Companies outsourcing to India, however, also have to put in work at their end to ensure data security and privacy, Larsen notes. "In making the decision to outsource some of our back office home equity processing to India, we vetted potential partners very carefully," said Larsen. "We chose Wipro, based on their strong reputation and experience in the industry, and perhaps most importantly, based on the fact that they have their own employees working directly on behalf of E-Loan. Some offshore outsourcers subcontract other outsourcers to do the work on their behalf, which makes it difficult to know and control who has access to customer information."

Both to meet regulations in their own countries and also to protect data, companies outsourcing to India keep their data in servers outside of India. "For example, all customer data resides and is stored in E-Loan's domestic databases," Larsen says. "Our partner only has the ability to view that data, and they do not have the ability to store, share, print or retain data in their computers or systems in India."