EU law in particular restricts businesses transferring data to countries with weak privacy protection, and with Indian IT wage costs rising – albeit still far behind those in the US and Europe – India wants to eliminate reasons for potential customers to outsource elsewhere.
European firms are severely restricted in terms of the Data Protection Directive of 1995 as to what data can be transferred or stored in countries without equivalent rules and enforcement procedures. At present, India has no such regulations, and relies on individual contracts negotiated between the main company and the Indian outsourcing contractor to address the data protection issues.
In the US, there is unease over data security in outsourcing, and with an election in the offing there is growing pressure on federal and state administrations to limit the export of jobs.
Europe is also facing a backlash, with MEPs from the UK's largest union, Amicus, warning the European Commission in April that offshore outsourcing "is an accident waiting to happen."
India has been planning to tighten its data protection regime for several years. Its National Association of Software and Service Companies (NASSCOM) is in the process of drafting legislation to amend the country's existing Information Technology Act of 2000, with the intention of bringing the data protection regime up to the standard required by the US and the EU.
According to a report in the Economic Times, KK Jaswal, Secretary in the Department of IT, revealed on Wednesday: "Within the next few months, we will remove all the lacunae in laws covering the BPO [Business Process Outsourcing] industry, especially regarding data protection, to inspire confidence among investors".
"A legislative initiative is on the anvil and the amendments, filling all the gaps in the existing laws dealing with the sector, will silence the critics," Jaswal added.