Fallout of Kkaran
The exposure by Oliver Harvey,
the reporter from the British newspaper, The Sun, of Kkaran Bahree, the
Gurgaon IT worker, has stirred up much passion in Britain and India. In
Britain, a spokesman of Amicus MSF, the trade union of skilled and professional
workers, asked companies to reflect on their assumption that cost savings
outweighed customer confidentiality and confidence.
Amicus is not just another trade
union; every Labour member of Parliament and 12 members of the European Parliament
are its members. It has long been been pressing for a Parliamentary Commission
on offshoring of jobs; such a commission would have many of Amicus’s MP friends
in it were it to be appointed.
There was considerable unease in
Britain in 2003 when HSBC moved 4,000 jobs to India. A Parliamentary Commission
at that time would have reflected the public mood and supported action against
migration of jobs. Patricia Hewitt, the British minister of trade and industry,
instead ordered a departmental enquiry, which came up with the conclusion last
year that Britain would create 200,000 jobs in call centers in the next three
years, increasing the total to a million, or four times as many as India. Its
major theme was that India could not compete with Britain in quality jobs and
that Britain could raise the productivity of its call centers if low-value work
went to India. The report was clearly designed to ward off policy action aimed
at preventing jobs from migrating to India. With that report and with its
resolute stand, the British government in effect rescued the Indian call center
industry from grass roots pressure in Britain – as did the McKinsey report from
such pressure in the US.
From the present crisis, however,
no government in the world can save the Indian call centers. For The Sun has
struck a blow at their credibility. Of course the evidence is extremely limited
– just one bent worker – but its impact on the minds of India’s BPO customers
can be manifold. They will not be impressed by the fact that the chances of
their confidentiality being violated or their customers being robbed is one in
a million; they will not be able to forget the fact that they may be that one.
They will not forgive Indian firms because a hacker somewhere else recently
accessed records of 4 million MasterCard customers.
The Prime Minister has understood
the seriousness of the case: it affects the reputation of our BPO industry, and
through it, our national image. He has asked the department of information
technology and NASSCOM to work out how law could be strengthened to punish
cyber crime. But law will not be enough. Our law enforcement machinery is
notoriously slow and ineffective; it tends to be even more so in dealing with
white collar crime. The government took away the entire wealth of Harshad
Mehta, set up a fast track court to try him, and threw hordes of investigators
into his case. Ten years passed, and he died before the government could prove
him guilty of any crime.
Hence we need something better
than government enforcement. We need industry practice that would keep out
Bahrees and stop them from accessing sensitive data if they manage to get in.
This is not as impossible as it sounds. All good IT firms have best practices
designed for these purposes. Some have been made to adopt such practices by
their clients, while others have developed their own as a means of
differentiating their service quality. But these practices are very
firm-specific at present; every company keeps its practices close to its chest.
What the industry needs is to
discuss, define and disseminate best practice. An individual company may think
that it gains competitive edge by keeping its practices to itself. But the
industry loses far more if a single firm has such a scandal as Infinity
eSearch, Bahree’s employer, has been so unlucky as to have – and the losers
include those that had the best of best practices. Reputation has external
economies – and its loss engenders external diseconomies. The rest of India has
gained from the prowess of its IT industry without lifting a finger – and will
lose if the industry blots its copybook.
Hence collective action is
required to upgrade the IT industry’s security and reliability. It should not
come from the government. This industry has flourished on account of the
government’s neglect; long may it so continue. The action must come from its
own representative organization. NASSCOM should gather its members together and
persuade them to share their practices. It should organize periodic conferences
to discuss and upgrade these practices. It should bring out publications laying
down the practices. And it should publish lists of firms that follow the
practices. In brief, NASSCOM should lead the industry in its moment of crisis.
