In a meeting Wednesday, Singh directed the Department of Information Technology to hasten the process of amending the Indian IT Act to ensure that any breach of secrecy and any illegal transfer of commercial or privileged information is made a punishable offence.
"Indian professionals have built for themselves an enviable global reputation through hard work, dedication and commitment, and the occasional misguided acts of some individuals should not be allowed to damage the high reputation of all professionals," Singh was quoted as saying in a government statement.
Singh reviewed the situation in light of the recent case of alleged sale of customer data by an Indian call center employee to an undercover reporter of British newspaper The Sun last week. Singh said the sting operation may have been directed to give Indian industry a bad name in light of its growing competitiveness.
Karan Bahree, the call center worker who figured in the incident, has reportedly been fired by his employer, Infinity e-search, but has yet to be formally charged by local police. He has been reported missing since the Sun report was published, although he has sent statements to the company.
U.K. authorities have warned banks against possible breaches of the British Data Protection Act after the incident.
In India, the National Association of Software and Service Companies has stressed that "tight data security norms [are] followed by the industry." As a measure of further caution, NASSCOM is building a database of all employees in the business process outsourcing industry. This segment currently employs 350,000 workers.
INDIA HAS SUFFICIENT DATA PROTECTION LAWS.
The proposed change in the Information Technology Act, 2000 for conferring data protection or its separate enactment is not only unwarranted but is equally based on misinterpretation of the provisions of the Indian Copyright Act, 1957 and the TRIPS Agreement.
The concerns and apprehensions of the MNCs are far-fetched and unwarranted. The TRIPS Agreement and the Copyright Act, 1957 provides sufficient safeguards for preventing violations of databases of MNCs. The data, information and details provided by the MNCs will get the protection of ‘Data Property” if the same involves intellectual creations within the meaning of Article 10(2) of the TRIPS Agreement. If they fail to satisfy the requirement of Article 10(2), still they will be protected as copyright. The brightest and the positive aspect of this situation is that even non-data items are also protected, both under the TRIPS Agreement and the Copyright Act, 1957. Thus, the MNCs should concentrate on their “business initiatives” rather than wasting their resources and time on unnecessary concerns.
See http://perry4law.blogspot.com/2005/05/mandates-of-wto.html for more details.
It must be appreciated that it is not the “enactment” of a law but the desire, will and efforts to accept and enforce it in its true letter and spirit, which can confer the most strongest, secure and safest protection for any purpose. The enforcement of these rights requires a “qualitative effort” and not a “quantitative effort”. The “enforcement” problem cannot be “bypassed” and “labeled” as inadequacy of data protection laws in India. For instance, if we do not enforce the provisions of Copyright Act, 1957 or the Trade Marks Act, 1999, properly, then we can again argue that these Acts need to be amended to accommodate the wishes of MNCs. Any objection of lack of data protection laws in India is raised only due to the ignorance of the availability of data protection laws in India.
India has a sound cyber law regime and both paper based and electronic form data can be effectively and legally protected in India. Any objection regarding “insufficient” cyber law or Data protection law is only a misconception and ignorance of law in this regard.