1

LEGAL STRATEGIES FOR INDIAN BPOs –

POST KKARAN BAHREE CASE

2

A PRESENTATION

BY PAVAN DUGGAL,

ADVOCATE, SUPREME COURT OF INDIA

HEAD, PAVAN DUGGAL ASSOCIATES

PRESIDENT, CYBERLAWS.NET

ASSOCHAM20th JULY 2005

3

KKARAN BAHREE CASE

• THE BIGGEST, THE BOLDEST AND THE ONE THAT HAS THE POTENTIAL FOR THE BIGGEST LONG TERM IMPACT.

• TREMENDOUS NEGATIVE INTERNATIONAL COVERAGE FOR INDIAN BPO INDUSTRY.

4

THE GROKSTER JUDGMENT

•MAKES SERVICE PROVIDERS LIABLE FOR CONTRIBUTORY INFRINGEMENT OF COPYRIGHT ON P2P NETWORK SERVICE

5

THE GROKSTER LEARING

•BE PREPARED FOR THE LIABILITY

•GROKSTER JUDGEMENT•PARALLELS FOR THE

INDIAN BPO INDUSTRY•OPENING UP OF THE

PANDORA’S BOX FOR LIABILITY

6

PLAY OF JURISDISTIONS AND

THEIR LAWS•APPLICATION OF MUTI-NATIONAL LAWS AND REGULATIONS BEING CALLED INTO QUESTION

• IT WILL NOT BE LONG BEFORE THE CLIENTS START ENFORCING REMEDIES AGAINST THE SERVICE PROVIDERS

7

LEGAL STRATEGIES AHEAD

• IN THIS STATE OF CONFUSION, WHAT ARE THE BEST LEGAL STRATEGIES FOR INDIAN BPO COMPANIES TO ADOPT?

•THE MAIN AIM BEHIND SUCH ADOPTION SHOULD BE TO INCREASE BUSINESS AND LIMIT LIABILITY

8

NEED FOR PROACTIVE ACTION BY THE INDUSTRY

•TILL SUCH TIME AS THE NEW LEGAL REGIME DOES NOT COME INTO FORCE, THE BPO SECTOR HAS ADEQUATELY COMPLY WITH THE EXISTING LAWS, BOTH IN THE TARGET JURISDICTION(S) BUT ALSO LAWS APPLICABLE WITHIN INDIA

9

LAST FEW YEARS

• VARIOUS CASES HAVE EMERGED

• ARIF AZIM- INDIA’S FIRST CYBERCRIME AND BPO CONVICTION

• BAAZEE.COM CASE• RECENT MPHASIS CASE-16

EMPLOYEES ARRESTED, INVESTIGATIONS IN FULL FORCE

10

LEGAL ISSUES• BAAZEE.COM CEO AVNISH

BAJAJ ARREST HAS OPENED UP A PANDORA’S BOX

• LIABILITY OF NETWORK SERVICE PROVIDERS UNDER THE INDIAN CYBERLAW

• ALL BPO COMPANIES ARE NETWORK SERVICE PROVIDERS

11

NETWORK SERVICE PROVIDERS

• Section 79 in Chapter XII of the IT Act, 2000 details the liability of network service providers.

•Section 79 gives a definition of “network service provider” to mean an intermediary

12

INTERMEDIARY

• Any intermediary concerned with the relevant business of providing network service would come within the definition of “network service provider”. The liability has gone much further as the words used are “network service provider” rather than a narrower version “Internet Service Provider or ISP”.

13

ITES PROVIDERS ARE INTERMEDIARIES

•“Network service provider” shall not

only include Internet Service

Providers but also, all other

intermediaries who are in the

business of network service providing.

• Includes within its ambit the vendors

in the Indian outsourcing industry.

14

LIABILITY –SEC 79

• No person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

15

THIRD PARTY INFORMATION

•“third party information” means any information dealt with by a network service provider in his capacity as an intermediary.

16

LEGAL ISSUES• A large number of legal issues

confront the Indian Outsourcing Industry

• These issues need to be properly heeded to, otherwise can have detrimental effects upon the BPO sector and its future growth in India.

17

NEED TO DO HOMEWORK

• The Indian Industry must do its homework properly.

• Need to appraise about the legal challenges in this sector.

18

COMPLAINCE• Need to ensure voluntary self-

compliance with existing international legal trends relating to outsourcing.

• Industry must be in a position to convince potential client that it has all necessary means to comply with the legal requirements of the client and of the jurisdiction in which the client is based.

19

COMPLIANCE (contd.)

• An Indian BPO service

provider, since located in

India, is duty bound to comply

with the various provisions of

Indian laws which impact the

outsourcing industry.

20

LAWS IMPACTING BPO

• These laws include the following:-Foreign Exchange Management Act,

2000 DOT (Department of

Telecommunication) RegulationsThe Information Technology Act, 2000 The Income Tax Act, 1961 The Trade Mark Act, 1999 Ensure compliance with labor laws.

21

LAWS IMPACTING BPO (contd.)

The Copyright Act, 1957The Patent Act, 1970The Arbitration and Conciliation Act,

1996The Code of Civil Procedure, 1908 The Indian Contract Act, 1872The Information Technology RulesOther Notification/laws relating to or

impacting the BPO sector.

22

STARTING POINT- INDIAN CYBERLAW

• Indian Outsourcing Industry must

comply with requirements stipulated

by the Indian Cyberlaw namely the

Information Technology Act 2000.

23

ELECTRONIC FORMAT

• Legal requirements of any information or any other matter being in writing or in the typewritten or printed form, shall be deemed to have been satisfied if such information or matter is—

24

ELECTRONIC FORMAT (contd.)

(a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference.

25

DIGITAL SIGNATURES• Section 5 provides that wherever

any law provides any particular information to be authenticated by affixing the signature of any person, then that requirement shall also be deemed to be satisfied if such information or matter is authenticated by means of affixing digital signatures prescribed by the Government.

26

DIGITAL SIGNATURES(contd)

• Further, if any law requires any document to be signed or bearing the signature of any person, then such requirement of law shall be deemed to have been met if the document is affixed with the digital signatures of the subscriber.

27

RETENTION OF INFORMATION IN

ELECTRONIC FORMAT

• Companies can legally retain the said information in the electronic form, if-

• (a) the information contained therein remains accessible so as to be usable for a subsequent reference;

28

RETENTION OF INFORMATION IN

ELECTRONIC FORMAT (contd)

• (b) the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

29

RETENTION OF INFORMATION IN

ELECTRONIC FORMAT (contd)

• (c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

30

DAMAGES BY WAY OF COMPENSATION

• Section 43 provides penalty for damage to computer, computer system, etc.

• This provision penalises access without permission to a computer, computer system or computer network.

• Penalty of damages by way of compensation to the tune of INR 10 Million.

31

DAMAGES BY WAY OF COMPENSATION (cont.)

•Also penalised is a person who without permission– downloads, copies or extracts

any data or information, – introduces or causes to be

introduced any computer contaminant or computer virus,

– damages any computer etc.,

32

DAMAGES BY WAY OF COMPENSATION (cont.)– disrupts any computer etc., – denies access to any person

duly authorized to access– charges the services availed of

by a person to the account of another person by tampering with or manipulating any computer

– All grounds for seeking damages

33

DAMAGE TO COMPUTER SOURCE CODE & DOCUMENTS

• Section 65 makes tampering with computer source, documents an offence which shall be punishable with imprisonment up to three years, or with fine which may extend up to INR Two hundred thousand ( Rs 200,000/- ), or with both

34

HACKING

• Section 66 deals with the offence of Hacking with computer system 

• Whoever…destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking

• Punishable with imprisonment up to three years, or with fine which may extend upto INR two hundred thousand ( Rs 200,000/- ), or with both

35

OFFENCES

• Publishing or transmission of

information, which is obscene in

the electronic form- a penal offence

• Section 67 of the IT ACT, 2000

• ‘any electronic information which

is lascivious, or which appeals to

the prurient interests”

36

PRIVACY IN INDIA• There is no comprehensive legislation

on privacy in India • Left to the judiciary to interpret

privacy within the realm of existing legislations

• Right to privacy has been upheld by the Supreme Court of India as an integral part of the fundamental right to life under Article 21 of the Constitution of India – available only against State

• SC issues notice to telemarketers in PIL

37

IT ACT & PRIVACY• Does not deal with Privacy• Section 72 talks about Privacy - refers to

statutorily authorized persons who, after having secured access to any electronic record, book, register, correspondence, information, document or other material, without the consent of the person concerned, disclose such electronic record, book, register, correspondence, information, document or other material to any other person

• Section 72 – has no bearing on violation of an individual’s privacy in cyberspace

38

NO DATA PROTECTION LAW IN

INDIA • INDIA DOES NOT HAVE A

DEDICATED DATA PROTECTION LAW IN PLACE

• DATA PROTECTION IS COVERED IN SOME MEASURE BY THE INDIAN CYBERLAW NAMELY THE INFORMATION TECHNOLOGY ACT, 2000

39

NEED FOR COMPLIANCE

• Indian Outsourcing Industry needs to be complying with requirements of data protection in the American and EU jurisdictions.

• Necessary to give potential client the confidence in the services provided by the Indian Outsourcing Industry.

40

GOVERNMENT IN ACTION

• Government of India soon to come up with effective legal regime on data protection.

• Prime Minister Manmohan Singh’s Intervention in the aftermath of the Kkaran Bahree case

41

CONFIDENTIALITY• Confidentiality matter of immense

concern.

• Need to ensure preservation and protection of the confidentiality of potential client and his business.

• Vendors need to take utmost care to ensure that their employees do not breach the confidentiality of the client’s data during business processing, while in India.

42

INFORMATION SECURITY

COMPLIANCES• VARIOUS PARAMETERS RELATING TO INFORMATION SECURITY ALREADY STIPULTED BY THE INDIAN INFORMATION TECHNOLOGY RULES, 2000

• LACK OF ORIENTATION AND AWARENESS ABOUT THE SAME

• COMPLIANCES WITH IT SECURITY STANDARDS eg.BS7799

43

COMPLAINCE WITH FOREIGN LAW

• Service Providers in India must comply with foreign laws and industry specific rules, regulations, byelaws and guidelines of the specific country in which the customer operates.

• Normally service providers insists on the customer providing them with the list of foreign laws, specific rules, regulations, byelaws and guidelines which would be applicable to the services being outsourced along with actual text of the same.

44

FOREIGN LEGISLATIONS

COMPLIED WITH•Gramm-Leach Bliley Act•Sarbanes Oxley Act•CAN SPAM Act, 2003•Homeland Security Act•USA Patriot Act•Children’s Online Privacy

Protection Act

45

UK DATA PROTECTION•UK DATA PROTECTION ACT,

1998• “WE WOULD INSIST ON

COMPLIANCE WITH THE REQUIREMENTS OF THE DATA PROTECTION ACT, 1998 FOR ALL ENTITIES INVOLVED IN OUTSOURCING”- UK DATA COMMISSIONER

46

LIMITING OF LEGAL LIABILITY

• Legal liability of the client needs to be

appropriately limited.

• There is a need for limiting the

liability of the vendor in the contract.

47

BPO CONTRACT

•The crux of any BPO transaction is negotiation of the contract.

•BPO contract document of extreme significance.

•Details the contractual obligations and term and conditions, which govern the outsourcing relationship between the client and the vendor.

48

NEED FOR CAREFUL NEGOTIATION

•Need to ensure careful negotiation of the BPO contract keeping into consideration various risks, operational and legal.

•Necessary to ensure the long-term success of any outsourcing transaction.

•Some essential provisions in such outsourcing contracts need to be appropriately examined

49

EXIT CLAUSE• The contract should be able to be

terminated in case there is a material default or breach of the terms of the contract by any of the parties.

• Need for stipulating for termination after the giving of appropriate reasonable notice.

• Exit Clause needs to appropriately address issues emerging after the termination of the contract relating to various issues.

• These may include payment of outstanding fees, completion of current work, return of delicate and confidential information, restoration of intellectual property rights from the vendor back to the customer.

50

PROTECTING INTELLECTUAL

PROPERTY RIGHTS

•Need to ensure protection of intellectual property rights of the customer, which are transmitted to the vendor for the purposes of performance of outsourcing services.

51

DUE DILIGENCE• Indian Cyberlaw mandates the Exercise of

“All Due Diligence” by the Outsourced

Services Providers.

• The Indian Information Technology Act,

2000 provides a robust framework

governing electronic data or information

52

CYBER LEGAL DUE DILIGENCE

•CYBER LEGAL DUE DILIGENCE•DOCUMENTED, SAFE AND

SECURE•ADDS COMFORT LEVEL TO THE

CLIENTS•ENABLES YOU TO

DEMONSTRATE EXERCISE OF “ ALL DUE DILIGENCE” UNDER THE INDIAN CYBERLAW

53

CONCLUSION• An exciting time ahead for

Outsourcing to India• Rapid, robust rise of the Outsourcing

sector has to be supplemented with further legal provisions relating to data protection , confidentiality and other related laws.

• In this direction alone lies the key for the future growth of outsourcing to India.

54

THAT WAS A PRESENTATION BY

PAVAN DUGGAL,ADVOCATE, SUPREME COURT

OF INDIA HEAD-PAVAN DUGGAL

ASSOCIATES PRESIDENT, CYBERLAWS.NET.

EMAIL : pduggal@vsnl.com

pavanduggal@yahoo.com