Financial Daily from THE HINDU group of publications
Monday, Apr 18, 2005
eWorld
Features
Stocks
Port Info
Archives

Group Sites

 eWorld - Security
Info-Tech - Economic Offences


Wake-up call in order

Krishnan Thiagarajan

eWorld takes a look at the deeper message underlying the recent incident of reported fraud at the BPO arm of an Indian player.

AT Nasscom's annual industry event held last year, the fears of an outsourcing backlash from the US affecting IT service and BPO companies was top-of-the-mind recall for most industry captains and other participants.

Representatives from IT industry associations, economic policy institutes, and think-tanks in the US were invited in large numbers to discuss the strategic, policy and regulatory responses of India to the growing protectionism in the US.

Strangely, in this sombre atmosphere, a senior executive at one of India's highly respected companies completely pooh-poohed the adverse impact of the outsourcing `noise', as he called it. He said categorically that the outsourcing backlash will not kill the industry, but what will affect us badly are issues relating to data security and privacy.

These words are turning out to be quite prophetic for the Indian BPO industry. In the run-up to the US Presidential elections in November last year, protests over loss of jobs to outsourcing slowly died out in the natural course. Even as this noise faded, key issues relating to data security and privacy were left unaddressed by the Indian Government.

The recent media spotlight over alleged theft by former employees of MphasiS' BPO arm, MsourcE, has rocked the BPO industry.

Can this latest episode be quickly dismissed as an isolated case that the overzealous media is attempting to blow out of proportion? Hardly so. The latest instance of alleged theft is entirely different from other instances of outsourcing deals that fell short of expectations in the past few years. For instance, compare the latest theft to Dell's decision to stop handling technical support services for its corporate customers from third-party BPO outfits in India. Or compare it to Lehman Brothers' move to pull out its technical help desk support from an Indian third-party BPO or for that matter, US-based Conseco's agreement to sell its interest in a customer and back office outsourcing work to an Indian BPO company.

Clearly, the decisions by Dell, Lehman or Conseco were policy moves that emerged on account of expectation mismatch between vendors and customers or inappropriateness of long distance BPO for certain kinds of customer care jobs. Unlike these, the latest fraud exposes the soft underbelly of data security in BPO outsourcing, if employees decide to play truant and breach the internal data security norms in place.

This episode has larger implications for the sustenance and growth of the Indian BPO industry as a whole. Instances of fraud or other misdemeanours have surfaced regularly in the US and Europe, but these two countries either have necessary legislation in place for data protection or enforcement cells that can protect the interests of the customers. Unlike these countries, India does not have a comprehensive data protection law in place. No wonder, for the last few years, data security and privacy has been one of the key concerns of US-based financial services and telecom service companies offshoring voice-based customer care and support to India. So far, labour arbitrage and cost considerations have outweighed security concerns.

But this development is bound to put security right at the top of the customer's offshoring checklist. If the BPO industry has to emerge unscathed from this, the industry, Nasscom, and the Government will have to swing into action on multiple fronts to make some fundamental changes to the way the industry operates. The four areas on which focus is imperative are:

  • Law on data protection: Nasscom, along with the BPO companies, will have to push for putting necessary data protection laws in place as early as possible. This aspect has remained in limbo for too long.

    The industry will have to now decide whether the data protection law should be covered under the Information Technology Act, 2000, which is under review, or there is a need for a separate and comprehensive Data Protection, Security and Privacy Act.

    India will have to create a well-defined and stringent regime in data protection and privacy. Since there is no consensus on data protection legislation in Europe and the US, India will have to ensure that any Act proposed covers the key provisions of European Union Data Protection Directive and is also in line with US Safe Harbour Agreement (a voluntary scheme for self certification for data protection and privacy).

  • Legal enforceability of agreements: The second fallout of this incident will be questions over legal enforceability of agreements between a US customer and an Indian vendor. The Indian laws will have to be made as stringent as possible for legal enforcement of BPO contracts, if any breaches were to happen in future. US and European customers will have greater confidence in dealing with Indian vendors only if their legal contracts for voice or non-voice based BPO contracts are enforceable, both in their home country and in India. Unless this is done, BPO contracts may contemplate moving to alternate locations such as the Philippines, Mexico, Russia or China in no time.

  • Technology: No amount of process certification and quality considerations will satisfy the US customers in sensitive operations such as credit card or insurance claim processing. Most third-party BPO outfits will have to invest in technology such as keypad authentication of PIN numbers for credit card processing or means of identification to quell any cries of an outsourcing backlash among clients. Obviously, checks and controls in the form of concurrent audits will also help allay the fears of customers in the near term.

  • Screening candidates: The best practices followed by top consultancies in the US and Europe for screening candidates and doing background checks will have to be employed by all BPO outfits. While large outfits are already doing this, smaller outfits that are scaling up quickly will have to fall in line, though it will find these quite onerous and margin-dilutive in the near term.

    While this episode is a wake-up call for the industry, in our view, a single incident like this cannot undermine the momentum established by the customer care and support (or call centre) industry in a big way. The effects of this could, however, spin out of control, if the industry fails to put in place these damage control measures quickly or the Government dilly-dallies on the necessary regulatory reforms for the sector.

    Picture by K.K. Najeeb

    maverick@thehindu.co.in

    Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

    • Stories in this Section
    Widen the Wi-Fi road

    Hands-on learning
    Waiting to fly
    Unfolding scene
    Blue Screen syndrome
    Leave it to the expert
    Wake-up call in order
    A shattered image
    Overload spells trouble
    Quiz
    Of cryptography & call centres
    Cartoon

    The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
    Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

    Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line