India’s National Association of Software and Services Companies (Nasscom) is setting up a watchdog organization that will focus on the introduction and monitoring of best data security and privacy practices in the country’s IT services, call centre and business process outsourcing (BPO) industries.
“We are planning a self-regulatory organization (SRO) that will be initially set up by Nasscom, but will operate independently with an independent chief executive officer and board,” said Sunil Mehta, vice president of Nasscom in Delhi.
The move is one of several measures by Nasscom and the local industry to strengthen data security and privacy in the Indian call centre and BPO industries. The organization set up a National Skills Registry in January that enables employers to do background checks of employees they hire.
The initiatives by Nasscom come in the wake of allegations in the U.S. and U.K. that Indian call centre workers have stolen and sold data processed by Indian outsourcing companies.
The SRO aims to raise the bar in data security and privacy by including the best practices currently stipulated by certifications such as the ISO17799 standard for information security of the International Organization for Standardization (ISO) in Geneva, as well as data privacy and data protection laws worldwide, Mehta said.
“We want to change the rules of outsourcing to India,” he said. “Customers should be interested in outsourcing to India not for lower cost alone but because of the superior data protection and privacy we offer.”
The SRO will be set up by Nasscom later this year, and the chief executive officer and board of directors will be appointed by the organization on behalf of the industry, Mehta said. Membership of the SRO will be open to IT, BPO, and call centre companies.
“Being a member of the SRO will in effect be a certification, as member companies will have to follow the best practices specified by the SRO,” he said.
Besides setting benchmarks and training companies on the best data protection and data privacy practices, the new organization will also have the authority to punish and expel erring member companies
The SRO will be funded for one year by Nasscom, which has budgeted US$300,000 for the purpose. After the first year, the SRO is expected to finance itself from membership, training, and audit fees.