Policy & Trends

The Supreme Court, in 1964, recognized a right to privacy implicit in the Constitution under Article 21:
           No person shall be deprived of his life or personal libery except according to procedure established by law.

A proposed Draft in the Parliament, similar to the European Union Data Privacy Act includes principles like:

• Personal data should be obtained and process fairly and lawfully
• Personal data should be used or disclosed only for lawful or compatible purposes
• Personal data should be surrounded by proper security
• Curb unethical movement of information

"Security is a very important thing and protection of data is one of the major concerns for customers."
              -RR Shah, Secretary, Ministry of IT and Communications, Government of India.

Call centre threat:

A study by the Wharton Business School showed that:

• Security concerns and vendor viability were the key reasons why only 5% of the US companies with $100 million to $4 billion in revenue outsourced offshore
• India’s security is a huge concern
• Legislation not adequate yet to protect data
• India IT Act, 2000 silent on the issues of privacy, protection and revelation of data
• Credit card fraud is a ~1.5 billion dollar a year business
• Stealing of card data in call centres is an area of increasing concern

IT security guidelines

5.5 Prevention of Computer Misuse

1) Prevention, detection and deterrence measures shall be implemented to safeguard the security of computers and computer information from misuse.

6.1 Use of Security Systems or Facilities

1) Security controls shall be installed and maintained on each computer system or computer node to prevent unauthorized users from gaining entry to the information system and to prevent unauthorised access to data.