Duggal however believes that even in such situations, the collection of data by Indian call centers will have to be done by taking the written consent of the person whose information is collected, unless the government altogether removes the provision in the new rules. BPO operations in India processing data collected abroad will still have to ensure that permission was received in writing even for the data collected abroad, he added.
The reasonable security practices and procedures imposed on service providers by the new rules will not be known or understood by the vast majority of Indian outsourcers, which are mainly small outfits, Duggal said. So they will almost always be in infringement of the law, he added.
The requirement that companies implement security best practices such as those laid down by the International Standards Organization (International Organization for Standardization) and other standards bodies will impose a high cost on these small companies, as they try to get these certifications, Duggal said.
As they handle content, outsourcers will also come under the category of intermediaries under a different set of controversial rules of the country's IT Act, he added.