The government is planning to introduce a law on data protection, which will regulate the working of Indian business process outsourcing companies. The proposed legislation will provide a framework to govern the use of customer data by Indian companies and prevent any misuse.

This will be the first attempt by the government to regulate the working of call centres and BPO companies. The proposed law will cover areas like financial transactions, unsolicited bulk e-mails, hacking and unauthorised access to personal information, such as health information, credit card and other personal details.

The new law has been necessitated by an European Union directive, which insists on EU member states restricting outsourcing to countries that fulfill certain data protection requirements.

Government sources said the law would not only cover companies offering outsourcing services to overseas customers, but also those operating in the domestic market.

The government has also set up an expert group to review the existing legal framework in the country, including the IT Act, 2000, and suggest specific changes.

According to the sources, the proposed law will not only have provisions to protect the privacy of individuals and companies, but will also set stringent conditions on the use of personal information by companies in India.

The sources also said the government might introduce the law as a separate legislation or may amend the IT Act to incorporate various clauses on data protection.

"We can introduce a new law or amend the IT Act," a senior government official said.

The official said the government's objective was not just to make Indian companies compliant with EU norms, as most companies were bound by contractual obligations, but also to introduce a law encompassing the broad aspects of privacy and protection of personal information.

As a step towards framing the legislation, the government has asked industry associations to come forward with detailed papers on best practices and how such a regulation will impact the Indian software and BPO sectors.

Secure information

• Government to ask companies to take contractual steps to ensure data protection.
• Global norms to be studied before framing law.
• Information technology department to hire a professional agency to advice it on the legislation.
• Indian courts will be enabled to handle such cases.