NASSCOM:- New IT rules will hurt BPOs

The industry body for software and services companies has expressed its anger on the new IT rules 2011, notified by the government, saying they will adversely impact the $76-billion Indian IT-BPO industry.

The rules will impact a large number of BPOs which collect credit card or financial information from companies and individuals in US or Europe on behalf of banks like UBS, Wachovia, Wells Fargo and others.

"Such an explicit consent requirement will put additional burden on the body corporate," Nasscom has complained to the IT ministry in a letter. A parliamentary standing committee was made to draft new rules. "This provision was not present in the draft Rules that were made available for public review," Nasscom further complains.

The new section 43A of the Indian IT Act, notified last month, state that a corporate shall have to obtain permission through letter or fax or email from each client before collection of sensitive information. Thus, BPOs will have to inform the client regarding purpose of usage before collection of such information, if they go by the new IT rules 2011.

Sensitive personal information here refers to financial details related to bank account, credit card or other payment instruments. A large number of BPOs in India have clients such as American Express, Citibank, HSBC, Bank of America and collect financial information before undertaking any transactions.

Sensitive information also refers to physical, physiological and mental health condition, medical records and history. All medical transcription firms operating out of India have to have access to medical records of patients in US.

Besides, Nasscom has also complained on the new intermediary rules on behalf of Data Security Council of India ( DSCI) a non profit body under it. Under the new rules, websites would have to take down content within 36 hours, if an affected party complains in writing or through email signed with electronic signature.

Though good for the victims, Nasscom complains that it would put a lot of burden on the intermediaries, many of whom are its members. The government has also mandated that a grievance officer be appointed by internet companies to take care of complaints if a user's personal info has been misappropriated in cyberspace, or his reputation has been harmed. But Nasscom's member companies want to put the onus on the government.

Nasscom has instead suggested that instead the government should appoint a designated officer who should notify intermediaries of such objectionable information. Clearly, private companies have gone into a tussle with the government on the new rules. But effective April 11, 2011, private companies have to follow government's new norms.