The objective of introducing new data protection rules was to bring India in line with the West. Has the new legislation changed the way Indian outsourcers deal with their clients’ data?
On numerous occasions we have written about new privacy and data protection legislation brought about by the Indian Department of Information Technology in April this year. The new rules were introduced by Indian politicians as a response to fears that data in India is unprotected. Silicon.com reports that outsourcing companies that handle data for global corporations are rather confused over the new rules.
No written consent – no work
India’s amended Information Technology Act states how personal and confidential information, within and outside India, should be collected and used by companies on the subcontinent. All companies operating in India must obtain prior written consent by letter, fax or email stating they can collect personal data; otherwise penalties will be applied. And these could range from fines of several thousand dollars to lengthy prison sentences. The new law makes even company directors liable for prosecution.
Is it worth not to comply? Certainly not!
“Data security and privacy laws are lax and outdated”
Investors and multinationals still see India’s data security and privacy laws as “sloppy” and “out-of-date”. On the other hand, outsourcing companies in India say they have complied with Western privacy laws and are concerned about the implications this heavy layer of disclosures will have on their customers. Before even collecting their customers’ data, such measures will burden them with additional costs.
When the two leading outsourcing companies, Convergys and Wipro, were asked specific questions about the practicalities and logistics following the new privacy rules, a clear answer wasn’t given.
If India finds a way to tackle the proposed rules, the panic over them will subside. If not, India’s outsourcers will keep struggling to cope with the new regulations.
Be prepared and comply with the new privacy and data law
Here at IT Governance Asia we recognise the importance of the new law. We offer readymade solutions for keeping your information secure every single day. Our best practice reports, pocket guides, eBooks and toolkits offer you all the help and support you need to comply with the new rules in India.
Our Information Security Law: The Emerging Standard for Corporate Compliance (eBook) is designed to help companies understand this developing law of information security, the obligations it imposes on them, and the standard for corporate compliance that appears to be developing not only in India but also worldwide.