SPACE WIRE
India software body moves to protect foreign firms' data security
BANGALORE, India (AFP) Jun 10, 2004
 India's top software body said Thursday it is drafting plans for outsourcing firms to screen workers to protect against data theft and will push for new legal measures to safeguard intellectual property.

The aim is to ensure India is perceived as a "trustworthy" outsourcing destination, Kiran Karnik, president ofthe National Association of Software and Service Companies said (NASSCOM).

So far, Karnik said, no Indian employee had been caught for stealing information but NASSCOM wished to take no chances.

"There's great customer concern. If we have one unfortunate (incident) ... what we stand to lose is a big market."

NASSCOM would draw up the security plans with the help of industry and government, he told reporters in the technology hub of Bangalore where the industry body was holding its annual meeting.

"One of the big concerns of US and European firms is data security and privacy. They're transferring individual data on taxation, on healthcare and credit cards (to India).

"There's also a broader concern among (global) corporations which are transacting, for example, huge amounts of money and their intellectual property," Karnik said.

Global outsourcing firms were also concerned about the security of networks if they crash and whether Indian firms had disaster recovery centres.

To address these issues, NASSCOM, along with a private security firm, Evaluserve, has launched a "Trusted Sourcing" initiative to assess India's information security situation, Karnik said.

The IT group also wants to establish an industry certification body to ensure security measures are in place and to work with the government for new measures to bring Indian data protection laws up to European and US standards.

"There could be some legislation (in the United States and Europe) saying that no data can go out of the country unless certain requirements are met. I don't want such legislation to come," he said.

There are already some Indian data protection laws but they need to be tightened to bring them into line with international standards.

For instance, he said, tampering with a software programme is classified as a crime but downloading data without company authorisation is not a crime and this situation should be changed.

NASSCOM vice-president Sunil Mehta, in charge of the security drive, said laws needed to be updated to meet new data protection needs as there were many loopholes.

"The (Indian) laws do not address the regulatory requirements of different industries. With this initiative, we're staying ahead of the crowd and from a comparative advantage, we're moving to competitive advantage," Mehta said.

India has emerged as a major backoffice to the world with global firms outsourcing work ranging from credit card processing to air ticketing to take advantage of its less expensive, educated, English-speaking workforce.

SPACE.WIRE