• United States



by Dave Gradijan

India’s IT Industry to Set Up Data Security Watchdog

May 10, 20063 mins
CSO and CISOData and Information Security

India’s National Association of Software and Services Companies (Nasscom) is setting up a watchdog organization that will focus on the introduction and monitoring of best data security and privacy practices in the country’s IT services, call center and business process outsourcing (BPO) industries.

“We are planning a self-regulatory organization (SRO) that will be initially set up by Nasscom, but will operate independently with an independent chief executive officer and board,” said Sunil Mehta, vice president of Nasscom in Delhi.

The move is one of several measures by Nasscom and the local industry to strengthen data security and privacy in the Indian call center and BPO industries. The organization set up a National Skills Registry in January that enables employers to do background checks of employees they hire.

The initiatives by Nasscom come in the wake of allegations in the United States and United Kingdom that Indian call center workers have stolen and sold data processed by Indian outsourcing companies.

The SRO aims to raise the bar in data security and privacy by including the best practices currently stipulated by certifications such as the ISO 17799 standard for information security of the International Organization for Standardization in Geneva, as well as data privacy and data protection laws worldwide, Mehta said.

“We want to change the rules of outsourcing to India,” he said. “Customers should be interested in outsourcing to India not for lower cost alone, but because of the superior data protection and privacy we offer.”

The SRO will be set up by Nasscom later this year, and the chief executive officer and board of directors will be appointed by the organization on behalf of the industry, Mehta said. Membership of the SRO will be open to IT, BPO, and call center companies.

“Being a member of the SRO will in effect be a certification, as member companies will have to follow the best practices specified by the SRO,” he said.

Besides setting benchmarks and training companies on the best data protection and data privacy practices, the new organization will also have the authority to punish and expel erring member companies.

The SRO will be funded for one year by Nasscom, which has budgeted US$300,000 for the purpose. After the first year, the SRO is expected to finance itself from membership, training and audit fees.

For more on data security, read 19 Ways to Build Physical Security into a Data Center.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

By John Ribeiro, IDG News Service