'India's info security needs further tightening'

New Delhi, Oct 1: Even though India is much safer than most other countries including the US and UK with regard to information security, a further tightening of IT/BPO security backed by a strong legal framework is a must to further improve the country's position as an outsourcing destination, Nasscom President Kiran Karnik said.

In the wake of recent incidents of call centre data thefts doing the rounds in the country, the National Association of Software and Service Companies (Nasscom) is working out key initiatives to create a 'secure' information security environment in the IT, ITes/BPO segments, for which it is closely working with the government.

''As more transactions are done on the interet these days including booking tickets, shopping, and banking security has become a major concern all over the world. In India, which is comparatively safer, our target is to create a more secure environment and do away with the loopholes, imperative for the growth of the country,'' Mr Karnik said.

Key initiatives undertaken by Nasscom to make India free from IT-related crimes and data theft are the Self Regulatory Organisation (SRO) to be rolled out in the next 2-3 months, and the National Skills Registry (NSR) unveiled in January this year.

''We will be rolling out the SRO, entailing a common standard to be followed by companies who are a part of it, that will broadly provide training, capacity building and also serve as a dispute resolution mechanism, in another 3-6 months,'' Mr Karik said.

On further details on the companies who have evoked interest to enrol in the SRO, Mr Karnik said, '' Discussions are on, and we are still in the early stages. It will be operational within 2-3 years.'' The initial funding of the SRO is complete, and once operational, it will establish, monitor and enforce privacy and data protection standards for India's IT/BPO industry. Some penalties will also be imposed on the faulting companies, he added.

Nasscom is keen to strengthen the overall ambience of the IT security scene in India and is working with the government and enforcement agencies to strengthen the legal framework, and do away with loopholes in the system.

The NSR, the first such registry in the global IT/BPO industry, was launched to ensure a verified database of human resources of the segment, and is a voluntary online registry of workers containing an employee's professional history, education and personal background.

Since its inception, it has already registered 25,000 employees and 24 companies accounting for 30 per cent of the industry's total workforce.

''Six leading companies, which belong to our board, have said they would have 100 per cent of their employees on the NSR by the year 2007,'' Mr Karnik said adding, ''a significant proportion of industry would be on the NSR in the next 18-24 months.

Asked about whether India should have a separate set of laws pertaining to information security, Mr Karnik said,''I don't think we need separate laws, as a lot of enactments already exist in India.'' In the US, which reported 148 cases of identity thefts in the last year and a half as against 10 cases reported in India, there are no separate laws to deal with a breach of IT security. The European Union is the only one which has a separate mandate for information security.

Besides, Nasscom is also working with the government to evolve recommendations to amend the Indian IT Act 2000, to protect overseas customer data and tightening punishment for defaulters.

The Act, which is in the final stages of approval with the government, will be tabled in the winter session of parliament.

UNI