The main trade body representing India’s IT services industry is planning to create a national registry of all IT workers in a bid to allay security concerns.
The move is part of a coordinated effort in India to fend off what it sees as ill-founded criticisms of its information security standards by protectionists in the West who want to slow down the use of offshore outsourcing.
Later this year, India will also pass a series of amendments to its IT Act of 2000, aimed at strengthening India’s laws covering data protection and integrity.
Nasscom – the National Association of Software and Services Companies, says details of about 1 million IT professionals will be recorded in its proposed registry, which will go online late in 2005. The database will cost around $1 million to set up and will be operated NSDL – the National Stock Depositry, which already stores details of some 30 million shareholders in India.
Speaking in London, Phiroz Vandrevala, a board member of Nasscom and executive vice president of Tata, India’s biggest IT services company, said that security is the most significant non-trade barrier that is used against using Indian offshore services. But, he argued, standards are extremely high and problems are largely the result of a few rogue individuals.
The new database will give the IT industry in India the ability to track and expel workers who have committed security breaches. Although the scheme is voluntary, it already has the support of the major IT service companies in India. Nasscom has 900 member companies, many of them based in the US and the UK.
According to Scotland Yard’s Computer Crime Unit, 98% of all crimes against companies have an insider connection. In one recent case, one individual in London committed no less than eight IT related frauds in one year, each worth more than £50,000. In all but the last case, the individual was sacked but not prosecuted, allowing him to immediately find new employment. A database such as the one Nasscom proposes might help to outlaw such an individual much earlier.
Both Nasscom and the Indian government are concerned to protect India’s thriving IT industry, by establishing standard that match or exceed those of the West in every area. IT now accounts for 7.5% of Indian GDP and 40% of Indian exports. Indian IT services exports were worth $17.5 billion in 2004, and are on target to reach $50 billion by 2009. Vandrevala said that Nasscom will also consider extending the scheme to cover employees of Indian based companies working in other countries, if no similar scheme exists there.
Nasscom said it has been liaising with member companies and with the police in London in an attempt to establish the facts behind a report in The Sun newspaper that a reporter was able to buy UK banking customer records from a call centre worker in Mombai. Since the report, there has been growing scepticism that the journalist was able to buy the type of details reported.