One proposed amendment to India's IT Act of 2000 would make companies doing business in India responsible for computer crimes committed by their employees if they're found to have lax security procedures. Another would increase fines for unauthorized disclosure of personal data from about $2,000 to about $10,000 for each instance. Additionally, companies that are found guilty of such disclosures would be forced to pay victims of identity theft compensatory damages of up to roughly $220,000. Presently, liability for such crimes is limited to the individuals who commit them.
Officials at India's Ministry for Communications and Information Technology are expected to submit the proposals--which were drafted last year--to the full Indian cabinet led by Prime Minister Manmohan Singh in the coming weeks. The amendments could then be enacted into law by India's national parliament in its upcoming winter session.
Security within India's multibillion-dollar technology and customer service outsourcing industry has come under scrutiny after the U.K.'s Channel 4 network on Thursday aired a broadcast claiming to show Indian workers accepting cash payments in exchange for data files containing sensitive personal information on U.S. and British consumers.
The trade group representing Indian outsourcers claims the allegations are part of a trumped-up sting operation by Channel 4. "These operations sometimes go beyond uncovering wrongdoing and actually induce criminal activity," said Kiran Karnik, president of India's National Association of Software and Service Companies, in a statement.