The Rational Outsourcing Blog

Thursday, December 07, 2006

Who would you trust with your credit card number: an Indian college grad, or an American felon?

Recently there have been a series of articles on Indian companies’ problems with information security and fraud. However, the BPO vendors I personally evaluated in India tended to have as good if not better information security procedures than most US companies. I was recently semi-joking with the CEO of an Indian BPO that workers in California would never accept the kind of restrictions Indian companies regularly place on their employees to prevent information theft. Some of these restrictions (such as keystroke monitoring) may even be illegal in countries like Germany. However, right now when it comes to outsourcing, perception is reality and the pervasive perception is that India has a data security problem.

I must admit, I am a bit confused by this. If Americans are OK with felons in US prisons accessing their information, surely they would be OK with trusting a college graduate in India? Strange as this sounds, I am not making this up. In July 2004, USA Today reported:
About a dozen states — Oregon, Arizona, California and Iowa, among others — have call centers in state and federal prisons, underscoring a push to employ inmates in telemarketing jobs that might otherwise go to low-wage countries such as India and the Philippines. Arizona prisoners make business calls, as do inmates in Oklahoma. A call center for the DMV is run out of an all-female prison in Oregon.

At least 2,000 inmates nationwide work in call centers, and that number is rising as companies seek cheap labor without incurring the wrath of politicians and unions. At the same time, prison populations are ballooning, offering U.S. companies another way to slash costs.

As expected, there are some “information security problems” with using prison labor in call centers:
executives shudder at the prospects of inmates sharing the personal information of customers with fellow prisoners, as some did in Utah in 2000.

An article from NPR comments:
Labor unions and some states say they believe it's too much of a security risk to have prisoners talking to the outside world, even if they're being monitored. Private businesses say it's also a security risk to have prisoners taking down customers' credit card information.

Maybe it is just me, but it seems that if information security outcries restrict offshore outsourcing, companies are more likely to shift the work to similarly priced prison-based call centers than to hire American workers who even at the minimum legal wage are several times more expensive. To quote the UNICOR Federal Prison Industries website: “Imagine... All the benefits of domestic outsourcing at off shore prices. It's the best kept secret in outsourcing!” By the way, you also have to see the slick marketing video on their website. Maybe it is just me, but I would prefer to share my credit card information with an Indian college graduate than with a felon. [To be fair, I am sure UNICOR works hard to restrict their operators access to private information, as do Indian BPOs. The problem arises when the system does not work as planned.]

I am not trying to belittle the information security problem in India. It exists, just like similar problems exist in the US, and needs to be addressed proactively. But, let’s please take the politics out of business decisions and stick to Rational Outsourcing.

Labels: , , , ,


  • You make some excellent points.

    Perception is indeed reality when it comes to information security or for that matter physical security or healthcare- notice the visible security at airports primarily aimed at making you feel protected, or millions of dollars spent making you feel that Orange Juice can make you healthier. So it boils down to interest groups (US-based outsourcing vs India-basd) fighting PR campaigns.

    Actually, a Nasscom 'seal of data privacy' approval would go some distance in helping. Remember how Indian SI's leveraged CMM and ISO certifications in late '90s to gain Y2K business.

    By Blogger Anshu Sharma, at 3:15 PM  

Post a Comment

<< Home