India's strong IT Laws but weak Cyber Enforcement

India plans IT staff registry
The National Securities Depository would keep background records that workers could allow companies to see, though it would not breach employee rights as they would not be obliged to join.
Tuesday, May 17, 2005

Narayanan Madhavan

BANGALORE: India's information technology firms will set up a workers registry next quarter and seek legal changes to prevent employee fraud, a key industry official said on Tuesday, amid client concerns about recent security breaches.

"As more and more sensitive financial work is transferred to India, many customers and regulators (overseas) are insisting that the employees undergo background checks," Sunil Mehta, vice-president at the National Association of Software and Service Companies (NASSCOM), said in a phone interview.

"We are looking at a pilot (database) in the next quarter."

The National Securities Depository Ltd. (NSDL), which manages electronic share transfers, would keep background records that workers could allow companies to see, though it would not breach employee rights as they would not be obliged to join, Mehta said.

The industry employs 350,000 call centre and back-office agents in India who work for about a fifth of Western wages.

The $17-billion industry was shaken last month by a $400,000 online credit card fraud involving three ex-employees of MphasiS BFL Ltd., who police said allegedly enticed Citibank customers to part with personal identification numbers.

Mehta said the creation of the employee registry was not related to the scandal, but NASSCOM was keen to ensure the whole industry did not suffer from the actions of a few individuals.

"Because of a few bad apples, others should not get a bad name," he said.

NSDL's database will assign workers identity numbers and keep employment backgrounds and biometric details like fingerprints.

Mehta said NASSCOM opted for the share registry to ensure no conflict of interest with the industry. On top of helping firms and employees when they change jobs, the registry would offer an audit trail of workers that may help prevent fraud, Mehta said.

NASSCOM is also pushing the government to clarify IT laws. Mehta said police would be helped if the law distinguished between unauthorized and authorized use of data and a planned introduction of IT-related procedures to the Indian Penal Code.

The IT ministry was expected to pass drafts to the law ministry in about four weeks, and NASSCOM hopes parliament will pass the amendments in its winter session starting in November.

© Reuters