EU law in particular restricts businesses transferring data to countries with weak privacy protection, and with Indian IT wage costs rising – albeit still far behind those in the US and Europe – India is seeking to remove reasons for potential customers to look to elsewhere for their outsourcing solution.
European firms are severely restricted in terms of the Data Protection Directive of 1995 as to what data can be transferred or stored in countries without equivalent rules and enforcement procedures. At present, India has no such regulations, and relies on individual contracts negotiated between the main company and the Indian outsourcing contractor to address the data protection issues.
In the US, there is unease over data security in outsourcing, and with an election in the offing there is growing pressure on federal and state administrations to limit the export of jobs.
Europe is also facing a backlash, with MEPs from the UK's largest union, Amicus, warning the European Commission earlier this month that offshore outsourcing "is an accident waiting to happen."
Consequently, India has plans to tighten its data protection regime. Its National Association of Software and Service Companies (NASSCOM) is in the process of drafting legislation to amend the country's existing Information Technology Act of 2000, with the intention of bringing the data protection regime up to the standard required by the US and the EU.
David Fleming, National Secretary of Amicus, commented: "There are serious doubts over the security of personal data. The Indian Government and offshore industry recognise this and are taking measures to rectify the anomalies."
The union has called for the Information Commissioner to "urgently investigate offshore companies' data protection measures and to hold a public record of those companies which transfer personal data where there is not adequate legal protection."
