Now get the law

The issue of security at India's mushrooming BPO firms will not go away in a hurry. There are too many interests at stake and those in the west against jobs migrating out will try every means possible, fair and foul, to stop what seems inevitable.

The latest is a sting operation by a British tabloid which, it says, has managed to buy personal financial information from an Indian BPO agent. On cue, a British trade union has reiterated the demand that data should not leave British shores. This is to be expected. What is not is the attitude of some members of the industry and the government of India.

At the annual BPO summit earlier this month in Bangalore, a few participants complained that the Indian media had blown out of proportion a single earlier instance of security breach while failing to report much larger breaches in the west.

This is reminiscent of the attitude of many industry members when the outsourcing backlash first raised its head. They argued that the issue was a creation of the Indian media, which blew out of proportion stray acts and opinions in the west. As it eventually turned out, the backlash was real.

Far more serious is the attitude of the union government, or more precisely the IT minister, Dayanidhi Maran. He has said that the latest development has nothing to do with the government and is to be sorted out between the business partners concerned, as also the BPO firm and its employee.

This creates the impression that the government has done all it can to set the regulatory environment right. It has not. There is as yet no sign of a comprehensive data security act. What is more disturbing is that the official attitude in Delhi seems to have undergone a change with the change of government.

Arun Shourie as IT minister was engaged in intensive discussion with industry leaders and Nasscom to frame a data security law but the current line is that there is no need for a new law, various existing statutes have all the necessary provisions. Hence Nasscom is now saying that the legal provisions are 98 per cent there, what is needed is updating them promptly as things change fast in this industry.

This will not do. A cross section of industry feels rightly that there is no substitute for a comprehensive law on security issues and deterrent punishment for transgression. An industry leader has specifically suggested that data theft be made a non-bailable offence.

The Nasscom press release on the sting operation states that Indian companies are already complying with all the provision of the Data Security Act of the UK. That is precisely the point. There is as yet no data security law in India. Organisations like Nasscom's US counterpart have asked for such a law.

Consultants say India is missing out on high-end business because of lack of comfort, in the absence of such a law. It should come, if only to raise comfort levels. Mr Maran should give high priority to formulating and piloting the Bill, instead of going round the world canvassing for an illusory semi-conductor plant. The latter provides a better photo opportunity, but the former is more urgently needed.