In early April, the BPO industry's pet theme of data and information security hit the spotlight when MphasiS employees were held on fraud charges.

Since then, there has been unceasing debate about the `unduly adverse publicity' the company and the fraud case got in the Indian media; the India position in the security landscape; and the need for greater awareness, rigour and security practices among the Indian ITES/BPO players.

For an event that MphasiS' Jerry Rao was quick to point as being more to do with fraud and collusion than with weak systems or network security, there has been a lot of publicity that MphasiS and the entire Indian BPO industry has had to live with in the past couple of months. Together with a touch of pique that significant data piracy and losses in the Western industry have been ignored in the Indian media while the MphasiS fraud case has netted all the headlines, there is a realisation that Indian ITES and BPO companies have to fight from the trenches since they are under considerable attack already by the anti-outsourcing brigade.

Having security certifications is a necessary but not sufficient condition and indeed, Forrester has warned clients and potential outsourcers that they should not be "lulled into security complacency by the `laundry list' of certifications or process changes that suppliers roll out."

Indian ITES BPO players recognise that there is a need to inculcate security and privacy consciousness among employees and associates, from the bottom-up. "We need initial and subsequent ethics orientation courses so employees are also taught the consequences of their actions," says Jerry Rao.

Apart from the rights of consumers to privacy, it is the wired networked world that is a source of significant concern - the crux is the rapidity of information malfeasance and the presence of organised crime that haunts customers and their end consumers, he says.The Nasscom Vice-President Sunil Mehta says the Association had talked to law firms and done gap analyses with the result that the Indian law enforcement machinery has been recognised as strong. Most customers and regulators are convinced about the legal framework. The focus on data protection can involve the audit of processes but there should also be focus on data loss due to negligence, the industry feels.

There is a feeling that the incident at MphasiS, and to a greater extent any such event in the future, will affect to the credibility of the whole Indian industry. "This is not the problem of a single company, it will become an India issue," says Pramod Bhasin, CEO, GECIS. He feels it is not only necessary to manage the perception of security threats but also address the issue at levels in the organisation, be it inculcating the notion of privacy of information to the call centre associates or establishing policy frameworks, to ensuring quick response mechanisms.

"Going forward, security will be the single biggest threat and challenge to the Indian BPO industry and data protection regulations could come up that will impact the industry," feels Vikram Talwar, CEO, Exl Services.

"We do more in ensuring overall security far in excess of the largest of banks in the Western markets do, by their own admission. When information about nearly four million accounts was compromised in early June at a large bank, there was not half the hubbub about it as happened when the MphasiS incident broke in India. So it always is, but Indian players are recognising that we will have to live and work with that," says Chandu Nair, CEO, Scope eKnowledge, a knowledge-processing company.

Some of the worries are the lack of real standard for employee screening and paying lip service to code of conduct. There is very little creativity around deterrence programmes, says Ted Price, MD, Head, Global Corporate Security, Lehman brothers. "`Security is now an issue for brand India," he says.

"In an industry that is growing at over 100 per cent in some segments, while a company might be hiring 400 people a month, we may not be able to do much background checking," says Jerry Rao. "We need to get our hiring efficiency up and there is a strong need for a national employment registry in this sector," he says."Most customers understand these things happen, what customers are looking for is how quickly and well the organisation responds to it and what the State law enforcement machinery can do about any such event," he says. This means an unrelenting pressure on Indian call centres and BPOs to focus on security.

"As companies and the industry grows, the issue of security is likely to grow more serious than otherwise," Bhasin says.

priya@thehindu.co.in

Picture by Mohammed Yousuf

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page