Rediff India Abroad
 Rediff India Abroad Home  |  All the sections


The Web

India Abroad

Sign up today!

Article Tools
Email this article
Top emailed links
Print this article
Contact the editors
Discuss this article
Home > Business > Business Headline > Report

BPO: In India data security cost skyrockets

Gaurie Mishra & Bipin Chandran in New Delhi | November 03, 2005 17:01 IST

Part I: BPO firms wake to red dawn
Part II: BPO blues: Attrition goes down as hiring slows

Data protection -- the bugbear of the business process outsourcing industry -- has in the last one year become a critical factor for the 5,000-odd BPOs whose collective revenue is estimated at $ 5.8 billion annually.

According to industry estimates, BPOs have suffered a loss of over $100 million in terms of lost business opportunity. This is around 2 per cent of the annual revenues of the industry. Most companies have re-worked their security apparatus and tripled their information security budgets.

Beginning with instances of leak of confidential financial information from Mphasis to the more recent one involving Karan Bahree, who was working for online search engine Infinity e-Search, Indian BPOs have been shrouded with controversies regarding one leak or the other in the last few months.

Outsourcing and India: Complete Coverage

Indian firms are now expected to comply with the Six Sigma requirements and BS 7799 (a British standard for information security) for renewal of service contracts. "There has been a 25 per cent rise in information security spending per desktop, in the last 15 months," said Sunil Gujral, ex-CTO, Wipro Solutions.

"We had certain bad experiences after which we increased the spending on IT security from 5 per cent two years back to 15 per cent of the IT budget this year," said Satish Sayal, CIO, NIIT Ltd.

The client service level deals now have specific provisions on data security. These include quarterly audits by external agency and a 'zero-violation' clause, which includes heavy penalties on breach of any security measures. "Penalties are imposed by the clients in case of violation of stipulated security measures," said R Narsimhan,CEO, HCL BPO Services.

The BPO industry, which goes in defence-mode, is more concerned with the fact every time it has to defend itself in case of any data theft.

"The security standards used in Indian BPO companies, for the work which was originally done in US or Europe, are similar or more secure," said Raman Roy, ex-CEO, Wipro Solutions.

The industry also argues that data protection issues have been blown out of proportion. "If BPOs were not secure, shouldn't some customer have raised his hand and said that Indian centres pose a data security risk? " added Roy.

The industry also counters the allegation of poor legal system. The lapses in security in smaller BPOs have also raised the issue of benchmarking the minimum standards to be adhered to by the industry.

"Most companies have their own specific standards but there are no industry-wide framework and there needs to be some kind of a set-up to ensure that basic measures are adhered to by all," said Ashish Gupta, CEO, Evalueserve.

There is mounting pressure from foreign countries to put in place a stringent data protection law. "If India is going to have a world-quality BPO market, the leaks need to be plugged.... We are in talks with the Indian government for a data protection law which fits with the international norms," British High Commissioner Sir Michael Arthur said.

The government is, however, not acting yet. As per the draft IT Bill, data protection will not be mandated for BPO units.

Powered by

Share your comments

 What do you think about the story?

Read what others have to say:

Number of User Comments: 1

Sub: Information Security (BPO)

Refer your article on Information Security at Rediff Homepage on 3 Nov. 2005. CII has recently done survey of about 100 companies; 86% of them ...

Posted by Vineet Verma



Copyright 2005 India Limited. All Rights Reserved.