ZDNet Asia
18/06/2007
http://www.zdnetasia.com/news/security/0,39044215,62019658,00.htm
India is to finally get a data privacy watchdog to oversee the country's IT and business process outsourcing (BPO) offshore outsourcing industry and to address international concerns about the security of customer records and data.
India does not have any data protection law equivalent to that in the United Kingdom but has been under increasing international pressure to address this in recent years due to a spate of high-profile security breaches.
The new body, which will be called the Data Security Council of India (DSCI), is a self-regulatory member organization and is being set up by Indian IT industry group National Association of Software and Service Companies (Nasscom).
Shyamal Ghosh, chairman of the DSCI, said the board and structure of the organization should be in place by the end of next month.
He told ZDNet Asia's sister site Silicon.com: "The industry felt it is better to have self-regulation because it moves so fast. It will be an independent organization at arm's length from Nasscom."
The DSCI will develop common minimum standards for privacy and security policies, offer certification, enforce a code of ethics and best practice, and punish any breaches by Indian IT and BPO companies--which could include expelling members or calling in police.
Nandkumar Saravade, director cyber-security and compliance for Nasscom, said the DSCI will help improve security standards across the vast number of companies below the big top-tier outsourcers such as Infosys, Tata Consultancy Services and Wipro.
He said: "The aim is to lift the floor of the Indian IT and BPO companies because the top companies already have best practices."
The data security body is just one of Nasscom's initiatives to address international concerns about India's reputation for data security. Another key strand is the National Skills Registry (NSR), which is a centralized database of third-party verified personal and professional details of IT and BPO employees that allows employers to vet staff they are recruiting.
Nasscom said the NSR is used by 40 of India's IT companies and now has 100,000 employees registered on it, with half of those verified and their biometric details recorded.
Nasscom has also helped with the setting up of local cybercrime police labs in five of India's tech hotspots.
