Indian companies are establishing India's reputation as a trustworthy outsourcing destination by proactively addressing data privacy and security concerns.

Why is data privacy and security one of the foremost concerns in outsourcing to India ?

Data privacy and security are not new concepts in outsourcing. When there is transfer of sensitive and confidential information, concerns about a leakage or abuse do arise. For anti outsourcing parties, data privacy and security is cited as one of the main reasons to curb outsourcing. Some consider the security risks to be the same if the data were handled offshore or onshore, while others are unsure about the data privacy and security laws in countries like India and view it as a serious deterrent to their decision to outsource.

Whether or not the concerns are baseless, companies in the US and UK are under increasing pressure from legislation that insists on them guaranteeing the privacy of their customers' financial and medical data. Indian companies realize that they need to scale up their security in order to cater to these concerns before they actually turn out to be a problem. From individual companies to associations like NASSCOM, proactive measures are being taken to ensure that India 's unique value proposition is "trustworthy outsourcing".

How is India dealing with data privacy and security issues?

Most of the data privacy and security fears are unfounded. India may not have laws which are as stringent as those in the US , but the government and associations such as NASSCOM are working towards ensuring that laws are on par with international legislation. Except for one known case of fraud there have been no other problems in India 's $3.6 billion business-process services. Last year a programmer for India 's Geometric Software Solutions Co. tried to sell a U.S. client's intellectual property. He was arrested and is awaiting trial.

Other than legislation, measures set up between companies which outsource to India and Indian vendors ensure that there is little left to chance. Confidential data is stored on the servers of the companies that are outsourcing and their Indian vendors have tightly controlled access. Therefore if there is a security breach the US or European company outsourcing the work is legally responsible.

However, these are technicalities which cannot be used to skirt the issue and Indian companies realize this. In the instance of a single security breach the publicity created will not only destroy the reputation of the concerned company, but of India 's well established name as the foremost outsourcing destination.

NASSCOM

The National Association of Software Services Companies or Nasscom is working with the government to ensure that India 's data privacy legislation is more in line with the U.S. It also intends to have the security practices of all its 860 members audited by international accounting firms. A cyber crime unit, which NASSCOM initiated in Bombay 's police department where officers were trained to investigate data theft, is planned in nine other cities.

NASSCOM also encourages Indian companies to share information on back office workers, create a certification authority for safety and plug gaps in Indian laws by familiarizing themselves with international laws.

Proactive measures by individual companies

Indian companies have already put in place or are currently honing their privacy and security measures even before the government finishes with the legislation. It is common to see employees swipe identity cards through readers, have their bags and pockets searched and deposit devices like cell phones, PDAs, pens and notebooks in lockers, and shred notes of client conversations after the shift ends. Visitors are not even allowed into the working area and if they are they must fill out a form promising not to communicate any knowledge of what they see inside. Call center operators such as Mphasis BFL, Wipro Spectramind, and 24/7 Customer, as well as back-office subsidiaries of companies such as General Electric, are quickly adding state-of-the-art systems to monitor phone conversations, guard data, and watch workers' every move.

Companies like Mphasis BFL Ltd., which employs 6,000 workers who work with sensitive and confidential information, already have stringent security measures in place. If the outsourcing company prefers the names of customers, social security numbers, and credit cards can be masked. E-mail, CD-ROM drives, hard drives, and other means of storing, copying, or forwarding information are removed from computer terminals. Indian employees can view information from US servers only for specific tasks. Video cameras are installed all over the area. Phone conversations are recorded and monitored. Disgruntled former employees attempting to commit data theft can be locked out and their access to PCs and phones cut three minutes after a resignation! This process took three days a year ago.

Other leading outsourcing companies like Infosys, Wipro, and Cognizant all ensure that the data stays in the hands of the people who are working on that particular project. Infosys uses biometric security, including retina scans and palm reading, to identify employees against their records. Employee background checks, magnetic access cards, monitoring access electronically, physically searching bags on entry and exit, video security are staple security features at all these companies.

Other initiatives

India is pursuing the tag of "trustworthy outsourcing" with a fierce determination. BangaloreIT.Com, an IT summit which was held in November 2004, focused on outsourcing and issues related to security of information. It is organized by the Department of IT, Biotechnology and Science and Technology in association with Software Technology Parks of India, Bangalore . The event saw 400 companies from India and 14 other countries participate. International business experts, companies, and IT professionals educated the participants on key issues like best management practices in outsourcing, wireless technology, third-generation technology and information security among other things.

India as a trustworthy outsourcing destination

The proactive measures the government and individual companies have taken have definitely made an impression. Hill & Associates, an enterprise security and risk management consultancy firm, conducted a study which revealed that the Indian cities of Bangalore , Hyderabad and Mumbai are low risk outsourcing locations.

Many of the fears and insecurities are unwarranted as one has to understand that Indian companies have as much to lose as their clients if an incident were to occur. This is why efforts to counter any mishaps are being taken. The country is not only moving up the value chain by offering more complex services, but is determined to establish its trustworthiness. The Hill & Associates study shows that India is on the right track.

About IWD

IWD is the .NET division of Bangalore based Stylus Systems Pvt. Ltd. IWD offers qualified and experienced .NET Software Engineers on contract to global companies to work from IWD premises. CIOs whose roles are changing from purely technical to business oriented solutions development find our .NET Software Engineers very useful and productive towards realizing their company’s goal and the overall development of the IT department. Contact us with your outsourcing requirements. Our Client Engagement Team will get back to you within 24 hours.

With our experience in handling over 250 clients across the globe, we have designed efficient processes which will help CIOs and IT managers in providing a valuable contribution in reaching their business goals. This has helped us in gaining quality experience with technology and we specialize in .NET technology.