By companies outsourcing work to service providers in the country the personal data sent to India, it will not be covered under the country’s stringent new rules for the collection of the personal data. The new information Technology Rules 201, it require the company or the intermediaries to take consent in writing from individuals about the use of the sensitive personal information they collect. The Indian government has assured outsourcers that it will be issuing a clarification soon that the rules do not cover personal data collection by the companies abroad.
The key element of the clarification will be that the new rules apply only to a body corporate in India. A spokesman of the country Ministry of Communications and Information Technology. Indian companies that handle data will continue to be governed under those parts of the rules that require them to follow the stringent security procedures as processor of the data. The India may have gone a bit too far trying to put in a place a tough data protection and a privacy regime to impress investors and the clients of the Indian outsourcers.
To its practicality, the new rule requiring written consent for the collection of sensitive personal data presents numerous questions. It can be implemented particularly in the context of an outsourcing arrangement where the customers is. As the result of the new rules, companies that is currently rely on India-based outsourcing service providers will be required their data collection practices to conform to Indian data protection rules. Even if it has the current practices that may comply fully with the US or European Union privacy rules. The current rules do not make a distinction between Indian outsourcers and the customers abroad, it would appear that the customers abroad will also be having to follow the stipulated procedures for the collection of the personal data.
The Indian outsourcers was particularly the business process outsourcing firms, the process a lot of data that is collected and sent to them by the customers in the US and the Europe. The Indian call centers and Business Process Outsourcing firms also collect data from the individuals on behalf of the customers. The collection of the personal data abroad by the Indian companies will not come under the new rules because of the Indian companies will be collecting the data on behalf of the customer that is abroad and governed by the laws.
The collection of the data by India call centers will have to be done by taking the written consent of the person whose information is collected even such situation. The government altogether removes the provision in the new rules. The Business Process Outsourcing operations in India processing data collected abroad will still have to ensure that the permission was received in writing even for the data collected abroad.
On the service providers, the reasonable security practices and procedures imposed by the new rules that will not known or understood by the vast majority of the Indian outsourcers. This will mainly a small outfits so that they will always be in infringement of the law. The requirements that the companies implement securities is such as those laid down by the International Standards Organization and the other standards bodies that will impose a high cost on the small companies a they try to get a certifications. They handle a content, outsourcers will also come under the category of the intermediaries under a different set of controversial rules of the country.
REFERENCE:
http://www.xtremepccentral.com/forums/showthread.php?t=42484
http://news.hitb.org/content/outsourcing-india-may-not-be-affected-privacy-rules
http://www.pcworld.com/businesscenter/article/234889/outsourcing_to_india_may_not_be_affected_by_privacy_rules.html
