PRZOOM - /newswire/ -
Shipston On Stour, Warwickshire, United Kingdom, 2006/10/30 - Following up from the Channel 4 revelations on data theft in Indian call centers, this article explains the facts behind data theft.
So what exactly is the problem?
Firstly, it’s important to distinguish between data theft and data negligence. Data negligence is where companies allow loopholes in their data security strategy to enable data to be stolen. Without data negligence, data theft is almost impossible. Despite public perception to the contrary, data negligence is actually rare among professionally run call centres compared with other areas of business. Last week, here in The Midlands, Central News ran an article where they asked a security expert to go through the bins in a high street of a small town. In the bins of a lawyer, they found copies of wills, shareholder agreements and divorce settlements. This is a prime example of data negligence which would enable anyone to easily steal consumer data. With consumer data being central to the role of our industry, procedures are generally in place which would prevent this kind of thing happening in a call centre environment.
The problem lies with unprofessional outfits who don’t understand the necessity behind data security. And herein lies the problem not just for data security but for the offshore industry as a whole. In countries like India and The Philippines, local entrepreneurs have seen the huge growth in call centres and would like a piece of the action. With limited funding and knowledge, they approach their venture believing that “it can’t be too difficult to make or receive a few phone calls”. Despite their lack of knowledge, they fail to bring in expertise in any areas of call centre operations. Their operations don’t know how to recruit people with the required skills, train them to adequate standard or put in place performance management systems which should be standard in any call centre operation. They also fail to put in place effective data management procedures and so the fact that Channel 4 were able to buy data so easily is nothing more than a symptom of badly managed companies. With limited marketing budgets, these companies take on projects such as selling mobile phones where the clients are often at fault themselves. Their clients are typically small companies in The UK or USA who see an opportunity to make quick money out of offshoring. They pay call centres on commission only and don’t conduct any due diligence on the centres who will manage their data. These companies have no brand, no assets and minimal desire to protect the telemarketing industry. They have sold everything from insurance to mobile phones. While we don’t seek to undermine entrepreneurial creativity, it is important that these companies are aware and liable for their actions and inactions. Quite simply, these brokers and the poor quality offshore centres they outsource to are the reasons why the offshore industry has achieved a reputation it does not deserve. I know a number of people who tell their friends what line of business they are in and they immediately come back with a negative response about “someone who they couldn’t understand and pestered them to sell them a mobile phone”. I believe that these brokers have an obligation to ensure that the centres they outsource to have agents with adequate English (understandable), competent management and effective data security and should be legally liable if they fail to address these issues.
And what exactly is being done about it
When I first read the responses which have come from NASSCOM and some senior people in the offshoring industry, I was somewhat bemused. Their attitude seemed to be that data theft wasn’t happening and that this was hyped journalism. On a newsgroup, I read an article from Ganesh Natarajan who is the deputy chairman & MD, Zensar Technologies Ltd. He claimed that this was a sting operation. However, the use of the word “sting” would suggest that this would not have happened had it not been for Channel 4’s documentary. Ironically, the previous posting on the forum was from someone offering to sell leads with financial information. The truth is that there is an issue and it needs to be eradicated.
When I continued to read NASSCOM’s statement, it was clear that there is action already being undertaken in India. Certain states are bringing in legislation to ensure companies are properly registered and that staff are effectively vetted. Existing laws for data theft are being enhanced and let’s not forget that a number of people have already been convicted for previous high profiles crimes in this area. Unfortunately, the convictions received far less publicity than the crimes themselves. NASSCOM were also keen to have received evidence from Channel 4 in order that they can assist with the prosecutions of the individuals involved.
There is an isolated problem with data theft in Indian call centres (call-centres.com) but it is not dissimilar from other countries or industries and the issues that do exist are almost exclusively in low-level telemarketing. Channel 4 had attempted to imply that this was an issue with the banking industry. They had shown an example of a flaw in the voice recording system of the vendor used by Abbey. However, it is clear that this was an isolated incident which was quickly rectified. Consumers using Lloyds, Barclays or HSBC (who all have offshore centres) are no more at risk at than customers of RBS, Natwest or HBOS (who don’t have offshore centres) of their financial information being stolen. The professionally run centres in India are actually doing more than most domestic centres in this area in order to counter the consumer perception of the issue. Back in The UK, our Government needs to tighten and implement existing data protection laws and hold those companies accountable that fail to ensure their offshore providers comply with legislation.