| A report in this paper says that BPO (or business process outsourcing) companies will not be on the list of network service providers envisioned in the amendments. |
| If this goes through and becomes law, it means going back to square one""not because there is anything wrong with what is proposed, but because of the complementary action that is not being taken. |
| The logic of excluding BPO firms, as the new Bill apparently proposes to do, is sound in that they are not network service providers, an expression that covers entities like those entrusted with network maintenance, storage service providers, and internet cafes. |
| Experts familiar with the way the IT Act is structured say that it will be difficult to include under this nomenclature a pure service provider like a BPO firm. This is because the existing Act was fashioned at a time when the all-important task was to certify electronic signatures. |
| It is very closely related to technology in general and computers in particular. It is a statute structured to tackle computer-related crime. And the point is that a BPO firm may not use a computer at all; it may easily manage with the help of a telephone. |
| What is more, today the BPO business has even evolved into knowledge process outsourcing. The systemic link with technology and computers is getting more remote. |
| What is needed and is still lacking is a statute to address the need for data protection. Data protection or information security covers essentially three areas. One is confidentiality, preventing intentional or unintentional unauthorised disclosure of information. Two is data integrity, or modification of data by an unauthorised person or unauthorised modification by an authorised person. Three is availability, which covers reliable and timely access to data for the right people. |
| Taken together, this is an altogether different concept and to try to fit that into the existing IT Act is to try to put a square peg in a round hole. |
| The basic problem is that the government is persisting with the notion that the country does not need a separate data protection law and, after all the provisions against fraud that are there in other laws, all that is needed is to update the IT Act so as to include data protection. |
| During NDA rule, considerable effort was made to give India suitable data security legislation. Even foreign experts visiting India had vouched for the fact that the government was working towards that. |
| But following the change of government, the notion has gained ground that there is no need for a separate law and all that is needed is to alter the existing ones. This is proving to be difficult because data protection and the IT Act are two different animals; trying to marry the two will be difficult and is unlikely to succeed. The sooner the information ministry gives up this futile attempt and gets down to devising a separate data protection law, the better it will be for everyone. |
| The government should be aware that it is data security that has been one of the points of American attack against the whole BPO business, and the absence of a suitable law will come in the way of Indian BPO firms maximising their potential. |
Top Section
Explore Business Standard