legal strategies for indian bpos –post kkaran bahree case
DESCRIPTION
LEGAL STRATEGIES FOR INDIAN BPOs –POST KKARAN BAHREE CASETRANSCRIPT
1
LEGAL STRATEGIES FOR INDIAN BPOs –
POST KKARAN BAHREE CASE
2
A PRESENTATION
BY PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF INDIA
HEAD, PAVAN DUGGAL ASSOCIATES
PRESIDENT, CYBERLAWS.NET
ASSOCHAM20th JULY 2005
3
KKARAN BAHREE CASE
• THE BIGGEST, THE BOLDEST AND THE ONE THAT HAS THE POTENTIAL FOR THE BIGGEST LONG TERM IMPACT.
• TREMENDOUS NEGATIVE INTERNATIONAL COVERAGE FOR INDIAN BPO INDUSTRY.
4
THE GROKSTER JUDGMENT
•MAKES SERVICE PROVIDERS LIABLE FOR CONTRIBUTORY INFRINGEMENT OF COPYRIGHT ON P2P NETWORK SERVICE
5
THE GROKSTER LEARING
•BE PREPARED FOR THE LIABILITY
•GROKSTER JUDGEMENT•PARALLELS FOR THE
INDIAN BPO INDUSTRY•OPENING UP OF THE
PANDORA’S BOX FOR LIABILITY
6
PLAY OF JURISDISTIONS AND
THEIR LAWS•APPLICATION OF MUTI-NATIONAL LAWS AND REGULATIONS BEING CALLED INTO QUESTION
• IT WILL NOT BE LONG BEFORE THE CLIENTS START ENFORCING REMEDIES AGAINST THE SERVICE PROVIDERS
7
LEGAL STRATEGIES AHEAD
• IN THIS STATE OF CONFUSION, WHAT ARE THE BEST LEGAL STRATEGIES FOR INDIAN BPO COMPANIES TO ADOPT?
•THE MAIN AIM BEHIND SUCH ADOPTION SHOULD BE TO INCREASE BUSINESS AND LIMIT LIABILITY
8
NEED FOR PROACTIVE ACTION BY THE INDUSTRY
•TILL SUCH TIME AS THE NEW LEGAL REGIME DOES NOT COME INTO FORCE, THE BPO SECTOR HAS ADEQUATELY COMPLY WITH THE EXISTING LAWS, BOTH IN THE TARGET JURISDICTION(S) BUT ALSO LAWS APPLICABLE WITHIN INDIA
9
LAST FEW YEARS
• VARIOUS CASES HAVE EMERGED
• ARIF AZIM- INDIA’S FIRST CYBERCRIME AND BPO CONVICTION
• BAAZEE.COM CASE• RECENT MPHASIS CASE-16
EMPLOYEES ARRESTED, INVESTIGATIONS IN FULL FORCE
10
LEGAL ISSUES• BAAZEE.COM CEO AVNISH
BAJAJ ARREST HAS OPENED UP A PANDORA’S BOX
• LIABILITY OF NETWORK SERVICE PROVIDERS UNDER THE INDIAN CYBERLAW
• ALL BPO COMPANIES ARE NETWORK SERVICE PROVIDERS
11
NETWORK SERVICE PROVIDERS
• Section 79 in Chapter XII of the IT Act, 2000 details the liability of network service providers.
•Section 79 gives a definition of “network service provider” to mean an intermediary
12
INTERMEDIARY
• Any intermediary concerned with the relevant business of providing network service would come within the definition of “network service provider”. The liability has gone much further as the words used are “network service provider” rather than a narrower version “Internet Service Provider or ISP”.
13
ITES PROVIDERS ARE INTERMEDIARIES
•“Network service provider” shall not
only include Internet Service
Providers but also, all other
intermediaries who are in the
business of network service providing.
• Includes within its ambit the vendors
in the Indian outsourcing industry.
14
LIABILITY –SEC 79
• No person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.
15
THIRD PARTY INFORMATION
•“third party information” means any information dealt with by a network service provider in his capacity as an intermediary.
16
LEGAL ISSUES• A large number of legal issues
confront the Indian Outsourcing Industry
• These issues need to be properly heeded to, otherwise can have detrimental effects upon the BPO sector and its future growth in India.
17
NEED TO DO HOMEWORK
• The Indian Industry must do its homework properly.
• Need to appraise about the legal challenges in this sector.
18
COMPLAINCE• Need to ensure voluntary self-
compliance with existing international legal trends relating to outsourcing.
• Industry must be in a position to convince potential client that it has all necessary means to comply with the legal requirements of the client and of the jurisdiction in which the client is based.
19
COMPLIANCE (contd.)
• An Indian BPO service
provider, since located in
India, is duty bound to comply
with the various provisions of
Indian laws which impact the
outsourcing industry.
20
LAWS IMPACTING BPO
• These laws include the following:-Foreign Exchange Management Act,
2000 DOT (Department of
Telecommunication) RegulationsThe Information Technology Act, 2000 The Income Tax Act, 1961 The Trade Mark Act, 1999 Ensure compliance with labor laws.
21
LAWS IMPACTING BPO (contd.)
The Copyright Act, 1957The Patent Act, 1970The Arbitration and Conciliation Act,
1996The Code of Civil Procedure, 1908 The Indian Contract Act, 1872The Information Technology RulesOther Notification/laws relating to or
impacting the BPO sector.
22
STARTING POINT- INDIAN CYBERLAW
• Indian Outsourcing Industry must
comply with requirements stipulated
by the Indian Cyberlaw namely the
Information Technology Act 2000.
23
ELECTRONIC FORMAT
• Legal requirements of any information or any other matter being in writing or in the typewritten or printed form, shall be deemed to have been satisfied if such information or matter is—
24
ELECTRONIC FORMAT (contd.)
(a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference.
25
DIGITAL SIGNATURES• Section 5 provides that wherever
any law provides any particular information to be authenticated by affixing the signature of any person, then that requirement shall also be deemed to be satisfied if such information or matter is authenticated by means of affixing digital signatures prescribed by the Government.
26
DIGITAL SIGNATURES(contd)
• Further, if any law requires any document to be signed or bearing the signature of any person, then such requirement of law shall be deemed to have been met if the document is affixed with the digital signatures of the subscriber.
27
RETENTION OF INFORMATION IN
ELECTRONIC FORMAT
• Companies can legally retain the said information in the electronic form, if-
• (a) the information contained therein remains accessible so as to be usable for a subsequent reference;
28
RETENTION OF INFORMATION IN
ELECTRONIC FORMAT (contd)
• (b) the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
29
RETENTION OF INFORMATION IN
ELECTRONIC FORMAT (contd)
• (c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.
30
DAMAGES BY WAY OF COMPENSATION
• Section 43 provides penalty for damage to computer, computer system, etc.
• This provision penalises access without permission to a computer, computer system or computer network.
• Penalty of damages by way of compensation to the tune of INR 10 Million.
31
DAMAGES BY WAY OF COMPENSATION (cont.)
•Also penalised is a person who without permission– downloads, copies or extracts
any data or information, – introduces or causes to be
introduced any computer contaminant or computer virus,
– damages any computer etc.,
32
DAMAGES BY WAY OF COMPENSATION (cont.)– disrupts any computer etc., – denies access to any person
duly authorized to access– charges the services availed of
by a person to the account of another person by tampering with or manipulating any computer
– All grounds for seeking damages
33
DAMAGE TO COMPUTER SOURCE CODE & DOCUMENTS
• Section 65 makes tampering with computer source, documents an offence which shall be punishable with imprisonment up to three years, or with fine which may extend up to INR Two hundred thousand ( Rs 200,000/- ), or with both
34
HACKING
• Section 66 deals with the offence of Hacking with computer system
• Whoever…destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking
• Punishable with imprisonment up to three years, or with fine which may extend upto INR two hundred thousand ( Rs 200,000/- ), or with both
35
OFFENCES
• Publishing or transmission of
information, which is obscene in
the electronic form- a penal offence
• Section 67 of the IT ACT, 2000
• ‘any electronic information which
is lascivious, or which appeals to
the prurient interests”
36
PRIVACY IN INDIA• There is no comprehensive legislation
on privacy in India • Left to the judiciary to interpret
privacy within the realm of existing legislations
• Right to privacy has been upheld by the Supreme Court of India as an integral part of the fundamental right to life under Article 21 of the Constitution of India – available only against State
• SC issues notice to telemarketers in PIL
37
IT ACT & PRIVACY• Does not deal with Privacy• Section 72 talks about Privacy - refers to
statutorily authorized persons who, after having secured access to any electronic record, book, register, correspondence, information, document or other material, without the consent of the person concerned, disclose such electronic record, book, register, correspondence, information, document or other material to any other person
• Section 72 – has no bearing on violation of an individual’s privacy in cyberspace
38
NO DATA PROTECTION LAW IN
INDIA • INDIA DOES NOT HAVE A
DEDICATED DATA PROTECTION LAW IN PLACE
• DATA PROTECTION IS COVERED IN SOME MEASURE BY THE INDIAN CYBERLAW NAMELY THE INFORMATION TECHNOLOGY ACT, 2000
39
NEED FOR COMPLIANCE
• Indian Outsourcing Industry needs to be complying with requirements of data protection in the American and EU jurisdictions.
• Necessary to give potential client the confidence in the services provided by the Indian Outsourcing Industry.
40
GOVERNMENT IN ACTION
• Government of India soon to come up with effective legal regime on data protection.
• Prime Minister Manmohan Singh’s Intervention in the aftermath of the Kkaran Bahree case
41
CONFIDENTIALITY• Confidentiality matter of immense
concern.
• Need to ensure preservation and protection of the confidentiality of potential client and his business.
• Vendors need to take utmost care to ensure that their employees do not breach the confidentiality of the client’s data during business processing, while in India.
42
INFORMATION SECURITY
COMPLIANCES• VARIOUS PARAMETERS RELATING TO INFORMATION SECURITY ALREADY STIPULTED BY THE INDIAN INFORMATION TECHNOLOGY RULES, 2000
• LACK OF ORIENTATION AND AWARENESS ABOUT THE SAME
• COMPLIANCES WITH IT SECURITY STANDARDS eg.BS7799
43
COMPLAINCE WITH FOREIGN LAW
• Service Providers in India must comply with foreign laws and industry specific rules, regulations, byelaws and guidelines of the specific country in which the customer operates.
• Normally service providers insists on the customer providing them with the list of foreign laws, specific rules, regulations, byelaws and guidelines which would be applicable to the services being outsourced along with actual text of the same.
44
FOREIGN LEGISLATIONS
COMPLIED WITH•Gramm-Leach Bliley Act•Sarbanes Oxley Act•CAN SPAM Act, 2003•Homeland Security Act•USA Patriot Act•Children’s Online Privacy
Protection Act
45
UK DATA PROTECTION•UK DATA PROTECTION ACT,
1998• “WE WOULD INSIST ON
COMPLIANCE WITH THE REQUIREMENTS OF THE DATA PROTECTION ACT, 1998 FOR ALL ENTITIES INVOLVED IN OUTSOURCING”- UK DATA COMMISSIONER
46
LIMITING OF LEGAL LIABILITY
• Legal liability of the client needs to be
appropriately limited.
• There is a need for limiting the
liability of the vendor in the contract.
47
BPO CONTRACT
•The crux of any BPO transaction is negotiation of the contract.
•BPO contract document of extreme significance.
•Details the contractual obligations and term and conditions, which govern the outsourcing relationship between the client and the vendor.
48
NEED FOR CAREFUL NEGOTIATION
•Need to ensure careful negotiation of the BPO contract keeping into consideration various risks, operational and legal.
•Necessary to ensure the long-term success of any outsourcing transaction.
•Some essential provisions in such outsourcing contracts need to be appropriately examined
49
EXIT CLAUSE• The contract should be able to be
terminated in case there is a material default or breach of the terms of the contract by any of the parties.
• Need for stipulating for termination after the giving of appropriate reasonable notice.
• Exit Clause needs to appropriately address issues emerging after the termination of the contract relating to various issues.
• These may include payment of outstanding fees, completion of current work, return of delicate and confidential information, restoration of intellectual property rights from the vendor back to the customer.
50
PROTECTING INTELLECTUAL
PROPERTY RIGHTS
•Need to ensure protection of intellectual property rights of the customer, which are transmitted to the vendor for the purposes of performance of outsourcing services.
51
DUE DILIGENCE• Indian Cyberlaw mandates the Exercise of
“All Due Diligence” by the Outsourced
Services Providers.
• The Indian Information Technology Act,
2000 provides a robust framework
governing electronic data or information
52
CYBER LEGAL DUE DILIGENCE
•CYBER LEGAL DUE DILIGENCE•DOCUMENTED, SAFE AND
SECURE•ADDS COMFORT LEVEL TO THE
CLIENTS•ENABLES YOU TO
DEMONSTRATE EXERCISE OF “ ALL DUE DILIGENCE” UNDER THE INDIAN CYBERLAW
53
CONCLUSION• An exciting time ahead for
Outsourcing to India• Rapid, robust rise of the Outsourcing
sector has to be supplemented with further legal provisions relating to data protection , confidentiality and other related laws.
• In this direction alone lies the key for the future growth of outsourcing to India.
54
THAT WAS A PRESENTATION BY
PAVAN DUGGAL,ADVOCATE, SUPREME COURT
OF INDIA HEAD-PAVAN DUGGAL
ASSOCIATES PRESIDENT, CYBERLAWS.NET.
EMAIL : [email protected]