Abstract

Within a span of over a decade, India has become one of the most favored destinations across the world for business process outsourcing (BPO) operations. According to the National Association of Software and Service Companies (NASSCOM), the ITES-BPO exports from India in 2003-04 was US$ 3.1 billion was estimated to be US$ 6.3 billion by 2005-06.1 Despite the strong growth in this sector, some of the challenges faced by the Indian BPO sector are shortage of quality manpower, wage inflation, infrastructure problems, etc. However, over the past few years, information and data security has become one the main challenges faced by the Indian BPO industry. Instances of data thefts and frauds like the fraud at Msource, the BPO unit of MphasiS, and the KKaran Bahree case have attracted worldwide attention and become a major cause for concern among the industry players and associations in India. Some of the information security and data privacy challenges that Indian BPOs face include lack of stringent data protection laws, use of portable devices such as laptops by employees to store confidential business information, rising data security costs due to increased employee background checks, training employees in maintaining data security, ensuring compliance with security policies implemented in the company, and systemic plugging of any loopholes through employee activity monitoring procedures. To ensure that the confidentiality of a client's information is maintained, BPOs need to implement data security measures, which can be classified into measures taken at the recruitment level and measures taken at the operational level. The Indian government is evaluating the possibility of reviewing the Information Technology Act of 2000 to bring various computer crimes relating to information privacy under its purview. NASSCOM announced plans to establish a self-regulating organization (SRO) to deal with information security issues related with outsourcing to India and introduced the National Skills Registry (NSR). NASSCOM also proposed that the Indian government should establish a special court to speed up the trial process of cases related to information/data security and other cybercrimes booked under the Information Technology Act 2000.

Learning Objectives

The case is structured to achieve the following Learning Objectives:

• 0

Keywords

Business Process Outsourcing, Information and data security, Theft and online fraud, Security Hardware, NASSCOM, Data Protection Measures, Information security system, Cyber Regulations, Sarbanes Oxley Act, Integrated security strategy, Information Technology Act of 2000, ISO IEC 17799 standard, BS7799, Network Security, KKaran Bahree Fraud, India ITES Outsourcing , Government