India’s information technology sector will set up a self-regulatory body to tighten security after incidents of data theft last year shook confidence in the industry.
The move is the latest in a series by the country’s $23bn-a-year IT sector to reassure overseas clients that India is a safe place to do business.
Sunil Mehta, vice-president of Nasscom, India’s software employers’ association, said: “Information security and data protection could potentially emerge as the single largest non-tariff trade barrier and affect economic growth. We decided to do what we needed to do to offset the threat.”
The $5.2bn call-centre industry came under heavy scrutiny last April after three employees of Mphasis, a Bangalore-based outsourcing firm, were arrested for allegedly stealing $350,000 from Citibank account holders in New York. Two months later, an IT employee in Delhi was reported to have sold confidential information on 1,000 banking customers.
Mr Mehta said potential overseas clients choosing between rival offshoring locations would look favourably upon such an organisation.
“It would change the rules of the offshoring game,” Mr Mehta said. “It wouldn’t just be about lower costs but safety.”
Ranjan Biswas, head of the technology practice at Ernst & Young, said that while many of India’s IT companies already had many checks in place, an independent regulatory body would provide an extra layer of comfort.
“It would give an outsider confidence that compliance is not just being left to the companies,” he said.
Nasscom will set up the independent regulatory body with initial funding of $300,000, after which membership dues will cover operating costs.
Mr Mehta said the independent body would have the unique mandate to audit its members as well as to punish those that fail to comply with regulations.
Already, some 1,050 companies representing 98 per cent of the IT industry have agreed to become members of the new independent body, which will be launched within a few months once a chief executive is found.
Mr Mehta said the body’s independence from Nasscom would lend it credibility. “It would have an independent and larger board, possibly with international participation,” he said.
Other measures adopted recently by Nasscom to curb security breaches included the launching of a nationwide register of IT employees that will include workers’ photographs, fingerprints and employment histories.