|Rediff India Abroad Home | All the sections|
BPO: In India data security cost skyrockets
Gaurie Mishra & Bipin Chandran in New Delhi | November 03, 2005 17:01 IST
Data protection -- the bugbear of the business process outsourcing industry -- has in the last one year become a critical factor for the 5,000-odd BPOs whose collective revenue is estimated at $ 5.8 billion annually.
According to industry estimates, BPOs have suffered a loss of over $100 million in terms of lost business opportunity. This is around 2 per cent of the annual revenues of the industry. Most companies have re-worked their security apparatus and tripled their information security budgets.
Beginning with instances of leak of confidential financial information from Mphasis to the more recent one involving Karan Bahree, who was working for online search engine Infinity e-Search, Indian BPOs have been shrouded with controversies regarding one leak or the other in the last few months.
Indian firms are now expected to comply with the Six Sigma requirements and BS 7799 (a British standard for information security) for renewal of service contracts. "There has been a 25 per cent rise in information security spending per desktop, in the last 15 months," said Sunil Gujral, ex-CTO, Wipro Solutions.
"We had certain bad experiences after which we increased the spending on IT security from 5 per cent two years back to 15 per cent of the IT budget this year," said Satish Sayal, CIO, NIIT Ltd.
The client service level deals now have specific provisions on data security. These include quarterly audits by external agency and a 'zero-violation' clause, which includes heavy penalties on breach of any security measures. "Penalties are imposed by the clients in case of violation of stipulated security measures," said R Narsimhan,CEO, HCL BPO Services.
The BPO industry, which goes in defence-mode, is more concerned with the fact every time it has to defend itself in case of any data theft.
"The security standards used in Indian BPO companies, for the work which was originally done in US or Europe, are similar or more secure," said Raman Roy, ex-CEO, Wipro Solutions.
The industry also argues that data protection issues have been blown out of proportion. "If BPOs were not secure, shouldn't some customer have raised his hand and said that Indian centres pose a data security risk? " added Roy.
The industry also counters the allegation of poor legal system. The lapses in security in smaller BPOs have also raised the issue of benchmarking the minimum standards to be adhered to by the industry.
"Most companies have their own specific standards but there are no industry-wide framework and there needs to be some kind of a set-up to ensure that basic measures are adhered to by all," said Ashish Gupta, CEO, Evalueserve.
There is mounting pressure from foreign countries to put in place a stringent data protection law. "If India is going to have a world-quality BPO market, the leaks need to be plugged.... We are in talks with the Indian government for a data protection law which fits with the international norms," British High Commissioner Sir Michael Arthur said.The government is, however, not acting yet. As per the draft IT Bill, data protection will not be mandated for BPO units.