Data Protection: A Need of the Hour for Information Technology Enabled Services (ITES)

Introduction

In India there is no law relating to Data Protection or Privacy, these have evolved through imperative process. The right to privacy derives itself from two sources one being common law torts and the other source being constitutional (Divan, 2002). The right to privacy is not a separate Fundamental Right; it is only through judicial interpretation that the right to privacy is included within the realms of right to life enshrined under Article 21 of the Constitution of India. In most of the common law constitutions, right to privacy is not given expressly to their citizens, but derived from judicial review and court decisions.² Over a period of time the broadest definition that has been promulgated encompasses “privacy” as “the rightful claim of the individual to determine the extent to which he wishes to share of himself with others and his control over the time, place and circumstances to communicate with others. It means his right to withdraw or to participate as he sees fit. It also means the individual's right to control dissemination of information about him; it is his own personal possession” (Arora, n.d.).

The Indian ITES (Information Technology Enabled Services) has made an astounding growth from US$ 10.2 billion in 2001-02 to reach US $ 58.7 billion in 2008-09³ and by 2011-12 which is also the terminal year of the eleventh five year plan, the figures are expected to touch US$ 72 billion., this is assuming a 20% growth rate YOY (year over year) for 2011-12.⁴ This upsurge of outsourcing of ITES (Information Technology Enabled Services) into India can be attributed to globalization and increasing BPO (Business Process Outsourcing) industry in India as India being one of the most preferred destination to outsource work due to the cheap and skilled labour ensuring cost control without compromise on quality, but the question over here is What about security..?? With such vast and rising figures of ITES imports/exports and revenue gains Data Protection warrants some serious legislation to keep ahead of the increasing competition, even the smallest decrease in the business of IT sector and the outsourcing industry can change the economic graph and the employment levels in India.

Data protection refers to the policies designed to regulate the collection, storage, use, or dissemination of information. The term, data protection, is a translation of the German Datenschultz (Murray, 2008) there are two principal issues pertaining to data protection ‘privacy’ and ‘security of data’.

The point is simple ‘legislation for data protection’ but it has several aspects:

• •

  Why data protection warrants legislation: The right to privacy has been recognized as a fundamental right and the copyright issues related with data that is handled.

• •

  What protection has been provided so far by Indian laws: The provisions of the Indian Penal Code, 1860; The Indian Contracts Act, 1872; The Constitution of India, 1950; The Copyright Act, 1957; Information Technology (Amendment) Act, 2008; other self regulating guidelines.

• •

  Where does it lack: The infamous incident of data theft relating to credit cards, from a Bangalore based BPO, the various scandals from forged identity to loss of confidential information by corporate house, the rights over intellectual property created by an employee of Multinational Corporations all fall in the purview of data that demands protection.

• •

  What improvements have been made and can be made to curb the menace of cyber crimes and data privacy infringements in India: Self regulating guide lines like the BS 7799 and the ISO 17799, the introduction of the Personal Data Protection Bill, 2006, and the latest efforts of improving the situation by the Ministry of Communications and Information Technology, Government of India has been the publishing the Official Gazette the Information Technology (Reasonable security practices and procedures and sensitive personal data or information).