Recently UK-based Channel 4 carried out a sting operation to
expose security lapses in the Indian BPO industry. It claims that a database
with the credit card details of 200,000 people was made available to them. For
the record, there is a lot happening closer to home also. All that Channel 4 had
to do was shell out some money right at home, as data theft in the UK is on the
rise. It costs about £17.50 to find addresses of people in the UK listed on the
electoral register, and £750 for mobile telephone account details. This is
according to the data released by the Information Commissioner's Office (ICO),
UK. In UK, 109 cased were files under the Data Protection Act between April 2005
and January 2006. In the US, the fastest growing crime is of identity theft-a
crime happens every 79 seconds as per CBSnews.com. The Federal Trade Commission
reported that it costs individuals and businesses $50 billion annually. Under
such circumstances, is the seemingly disproportionate interest in the Indian BPO
industry justified. Not at all.
Indian companies are aware of security issues and have been
proactive in tackling them too. Most call centers keep a watch on employees in
various ways, and let them know about it as well. Nasscom's registry of
employees has been supported by several companies. And new self regulatory
mechanisms are on the way. Industry stakeholders reiterate that the problem of
data theft exists, just as it does elsewhere in the world. To ensure fool-proof
data security is not really possible. There will always be a few cases from time
to time. To make them sound like an epidemic does not befit the media-both
Indian and international. Foreign media have their own interests in bringing to
light the loopholes in any kind of outsourcing. It is a sensitive and emotional
topic. Hence it is news and higher viewer ship. But for Indian media to join in
to the chorus is inappropriate.
It is significant that not too much has been heard from
institutions like banks from where the theft takes place. They, for obvious
reasons, like to keep the information under wraps. If they did not, there would
not be many new accounts that will get signed up.
Not much has been heard from those whose data has been 'stolen'
and the misfortunes that have struck them subsequently.
So where are we headed? For the near term, the noise is likely
to continue. The issue is not just about stolen data. It is about jobs that
people think are getting stolen. As long as that continues we will have periodic
stories coming out. So what needs to be done?
The Indian industry could fight back too, such as conduct stings
of its own across the seas. But that would only undermine its credibility. It
has taken the right route of looking for solid evidence to each allegation, and
working at ways to tighten security measures across all companies. The Indian IT
Act does not have enough teeth to penalize offenders. The claim has a parallel
in UK as well-where the Data Protection Act also allows only for paltry fines
and conditional discharges as sentences for data crimes. More stringent
punishment has to be provided. More cases have to be lodged and pursued. Having
the laws in place is not as good as getting convictions.
At the end of the day this is more a marketing and PR problem
then a problem of data theft.
The author is Editor-in-Chief of CyberMedia publications shyamm@cybermedia.co.in