[Reader-list] NEW DEVELOPMENTS

Rudradep Bhattacharjee bhatt_rudra at yahoo.com
Tue May 23 18:31:32 IST 2006 

Greetings, fellow Fellows...

Month five into the research. While I try to structure
my research material, new developments make sure I am
always on my toes. Well, read on...

In a letter addressed to all employees in the IT
sector earlier this year, Kiran Karnik (President,
NASSCOM) wrote: 

We have just completed a joint NASSCOM-McKinsey study
and this indicates strong growth in the years ahead.
In fact, we expect that exports would reach US$ 60
billion in 2010, from just over US$ 17.8 billion in
2004 - 05. However, reaching this ambitious goal is
contingent on certain actions and steps. A vital one
amongst these is related to ensuring the security of
data; an allied issue is protecting ourselves and our
systems from criminal elements. These issues, if not
properly handled, could derail our growth and our
hopes. 

In recognition of these, NASSCOM – working closely
with industry colleagues – has taken a number of
pro-active steps. Many of you would be aware that most
companies are already taking a few steps to make our
industry a more secure environment for ourselves and
our clients. I have personally communicated to many
CEOs the need to continuously raise the standards for
the safety of the employees and the clients. These
issues are being taken extremely seriously, not only
by NASSCOM, but also the government, the legal
authorities and the police. Together, we will leave no
stone unturned and we aim to make India the “Fort
Knox” of security, positioning ourselves as the gold
standard for security as we are today for quality. 


One of the steps taken was the setting up of the
National Skills Registry (NSR). Hit by allegations of
data theft last year and led by subsequent fear of
losing out on the outsourcing pie, the NSR was set up
in January 2006 to keep an eye on employees in India's
IT and BPO industry. 

Last week, the Indian IT industry declared that all
employees will have to register on its biometric
database so it can assure its Western clients that
their customers' personal data will be protected.

The decree is one of the first instructions of the
Self Regulatory Organisation (SRO), which would be set
up to oversee the data security measures. The SRO
would subscribe that all members would have all their
employees registered in the registry. The SRO will be
created out of Nasscom after a year. The employee
database will be operated outside the industry, by
National Securities Depository Limited (NSDL), which
manages India's stock exchange transactions.

In an article, Mark Ballard writes: 

Nasscom vice president Sunil Mehta said, "The SRO will
prescribe a whole set of best practices, which will
include our adherence to global privacy laws in
relation to our data processing and outsourcing."

Mehta said the rules governing the use of employee
data had been drawn up in a joint effort by Nasscom,
NSDL and the industry. He said it was likely the
guidelines would not be published. Employees'
considerations had been taken into account by
consulting lawyers, he said. "They don't have a union,
but we did focus group discussions to attain their
views. Nasscom said employees get to control the use
of their data. "All information is governed by the
employee and nothing can be done with it without the
employee's consent."

The National Skills Registry is intended to guarantee
that employees are who they say they are. But
employers have open access to the data and, as well as
proving identity, the registry also includes career
history, background checks and "verification
comments". Employers will also be able to link to the
NSR from their HR databases.


Incidentally, another web article quotes a government
official, who did not wish to be named, saying that
companies would now be able to track the career
backgrounds of employees and help law enforcement
agencies tackle data theft. 

While this happens, a new IT Act is on the anvil. In
fact, the Bill might even be tabled in the Monsoon
Session of parliament.

Remember the arrest of Avnish Bajaj, the CEO of
Bazee.com, in December 2004 for allegedly abetting in
the sale of pornographic material? The incident raised
a lot of hue and cry and rightly so. Well, following
all that, as the new IT Bill stands, the government
has decided to totally remove the burden of proof from
the head of the intermediary. 

But the problem, as Pavan Duggal, Supreme Court
advocate and arguably India’s most famous cyber
lawyer, told me is that the new law is vague as to who
an intermediary is and hence the term could be applied
to an ISP as well as to a BPO. The results of totally
removing the burden of proof from the latter, he
believes, can be extremely dangerous and will
undermine India’s national interests. 

The Bill, incidentally, also promises to introduce
privacy laws in India. But I really wonder what that
will entail.

Will be in Delhi end of May. 

Till the next posting...

Cheers,
Deep

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the reader-list mailing list