AUSTRALIA: Aussies feel threatened by BPO data theft

New documentary shows Indian businesses mistreating their customer's personal information

Times of India
Friday, October 6, 2006

Melbourne --- A documentary to be released soon, revealing alleged sale of confidential material held by Indian call centres, has raised concern among Australians as they feel threatened about their personal details going overseas without permission.

There is a substantial alarm over confidential details such as health and credit files being moved to countries where data security is weak, a media report said.

Some 91 per cent of Australians believed their personal information should only be stored overseas with their permission, according to research by McNair Ingenuity.

About the same proportion said they would choose a bank which kept their records in the country, according to the research commissioned by the country's Finance Sector Union, that is fighting the loss of jobs to India as recently announced by Qantas, Westpac and other leading banks.

The poll comes as alarming evidence is set to be revealed on Friday by a British television programme, allegedly showing Indians selling for as little as 12 dollars, British bank customer details held in India.

Britain's Channel 4, which spent one year on the report, says it has discovered the selling of confidential material held by Indian call centres. This includes the passing on of personal bank account details of a number of customers from a range of British banks.

The programme is to show footage of the buying and selling of the details on an Indian street.

Opposition Labor Party leader Kim Beazley said Australian companies should be compelled to tell customers their files were to be transferred to overseas call centres and data processing operations.

Beazley said he wanted the government to change the Privacy Act to force the declaration before customers hand over their information.

Customers are not usually formally told when they are directed by a company to a call centre based overseas, he said adding nor are they informed when their records with the company, which could include their passport number and credit card numbers, have been sent offshore so that staff can respond to their questions.

"This means businesses are able to make whatever confidential arrangements they like for processing personal data in countries such as India and China -- without ever informing their customers," Beazley was quoted as saying by a newspaper.

"Australian consumers can be left vulnerable to having their data lost, stolen or mishandled since many of these countries have little or no law to protect the personal information of Australian customers," he said.

The McNair Ingenuity research found 85 per cent of Australians were concerned about the security of their files overseas and wanted disclosures by companies sending data offshore.

FSU secretary Paul Schroder said: "It's time the banks stopped looking at cost reduction through exploiting lower-paid workers in foreign countries and started looking at the reputational damage they will cause themselves by going down this short-term road."

Protecting data: Cos face steeper fines

By Sanjay Anand

New Delhi --- Stung by yet another sting operation by a British TV channel, which reportedly exposes vulnerability of data and ID security at India's call centres, the government is expected to fix stricter fines for companies failing to protect data than was being proposed earlier.

Firms and individuals will now be booked for civil and criminal liabilities for failing to plug information leakages and stealing personal data. Officials familiar with the new proposals said implementation and imposition of fines would be made more stringent. For instance, the fine limit on firms would be enhanced to 5 crore as against Rs 1 crore now.

A ministry official said the amendments would include new rules that would "provide for the responsibility on the body corporate and companies to adequately protect sensitive data or information which they own, possess, control or operate."

The proposals are expected to be incorporated in the IT Act 2000, which is being amended to fight a new set of cyber crimes like child pornography, ID, data security and video voyeurism.

IT ministry officials have been 'fine-tuning' the amendments for over a year but are ready now to finally sent them to the Cabinet for approval, so that the amended act could be cleared by Parliament this winter session.

Although IT industry representatives have been pushing for the amendments to take effect, government has taken more time than was initially expected to get the new act cleared. Now, under pressure from the IT industry as well as doubts raised about the security of personal data/identity (credit cards, passport numbers and driving licence details etc.) of people calling BPOs in India, IT ministry is pushing the amendments to the cabinet with a sense of urgency.

Nasscom president Kiran Karnik welcomed the stringent norms and said: "We want those things to happen quickly." Some experts, however, said the government needs to do more. "We need to go beyond raising the penalty limits," said cyber lawyer Pavan Duggal. "All this will be too little, too late."

He expressed concern over the implementation of rules. He said over the past six years, not a single case of compensation has been closed. The government, he said, needed to put legal experts in place for adjudication, and not bureaucrats as is the case at present.