Data Security and the Risk of Outsourcing
In separate, recent incidents, British and Australian journalists were able to purchase customer data including bank account, credit card, passport and driver's license details of U.K. and Australian customers from an Indian call center. The call center was used by a U.K. bank and an Australian telemarketing company.
Earlier this year, a security breach at another call center in India led to a theft of $350,000 from, reportedly, the accounts of U.S. Citibank customers. A Forrester Research analyst wrote that the "breach, coupled with recent onshore disclosures of sensitive customer data, will have far-reaching negative connotations for the offshore BPO (business process outsourcing) space." Other analysts disagreed, but recognized that even the perception of danger could hurt the market.
The response of the National Association of Software and Service Companies, an Indian trade body, pointed out the responsibilities of both the foreign IT companies and their customers: "Indian IT companies undertaking work for global companies contractually comply with all the requirements of the relevant privacy and data protection laws of the home country, as well as other security and confidentiality safeguards. Each of our customers must perform strict due diligence on all their vendors and ensure contractual commitments to relevant laws."
Indian Prime Minister Manmohan Singh has ordered that the Information Technology Act be amended to make it more stringent.
Posted by Brian Wong