Know thy enemy and you may find he is your friend

I only bought Release 3.0 of Tom Friedman’s “The World Is Flat” because he mentions me and my company in this release. After all, I already have the two earlier releases of the same book. However, once I read the book, I was really glad I bought it. There are two excellent new chapters and one of the stories is a must read:

Mr. Friedman highlights the Flat Classroom Project where American and Bangadeshi 10th and 11th grade Computer Science and IT students collaborated with each other on joint projects leveraging a plethora of web-based collaboration tools. In the book, the two educators who started the project state “Students are hungering for meaningful connections with one another. They want to understand if the stereotypes portrayed by much of the mass media are true and they want to connect and decide for themselves…”

Much of mainstream media is telling 10th grade American students studying Computer Science that their jobs are being “stolen” by the developing world. It is critically important that they interact with their peers in the developing world and make up their own mind. I believe such projects are a big step in the right direction and look forward to more projects of this type. The plug from Tom Friedman doesn’t hurt this trend either.

Startup moving from India to the US to save money! (no, this is not a typo)

Riya, a very interesting startup that evolved into like.com just moved its development team from India to the US to save money. They don’t seem to be the only one: I heard a similar story from another small startup recently. This is a perfect example of what I was trying to explain in my post “Why globalization does not mean your job will get outsourced to India.” You can’t just look at labor cost differentials: you have to look at total cost differentials. Munjal Shah, the CEO of Riya points out in his blog that for some programmers, the salary rapidly rose to 55% of US salaries. He writes:

“Bangalore wages have just been growing like crazy. To give you an example, there is an employee of ours who took the first 5 years of his career to get from 1% to 10% of his equivalent US counterpart. He then jumped from 10% to 20% of his US counterpart in the next 1 year. During his time with us (less than 2 years) he jumped to 55% of the US wage. In the next few months we would have had to move him to 75% just to “keep him at market.”

Once the salary rises to 75% of US salaries, the overhead cost differences between India and the US would overwhelm the financial viability. Consider the additional overhead of managing two offices, flying between the two centers, dealing with the cultural differences, etc. Munjal writes:

The costs of having two offices, which are twelve time zones apart, is significant. People in both offices frequently had conference calls at 10pm and midnight every night (as a result the office in the US didn’t get started until noon sometimes or people rolled in tired). We were all traveling constantly. Development and communication moved slower due to the distance and teams.

This problem is actually especially bad for startups, because:

• Lack of scale: Larger firms can compensate for Indian infrastructure problems. Public transportation is unviable? Driving takes too long? The company bus or chauffeured car will ferry you between home and office. Electricity supply is intermittent? The company has enough electricity generation capacity to last days. Startups can’t afford to compensate for these problems as effectively.
• Speed of change & high cost of errors: By definition startups like Riya have to move exceptionally fast. Business models can change overnight and every major bug can threaten the survival of the company. In such a fast moving environment the communication overhead of a split operation becomes even more problematic.

Munjal points out an additional factor for why the Total Cost of the Indian team grew so rapidly for them:

Keep in mind that Riya are at the leading edge of this trend. We tend to only hire folks from IIT or other top schools. We tend to only hire the smartest folks from these schools. We only hire in Bangalore (just too hard to have three offices). We tend to only hire folks with a lot of experience. These are all characteristics that are critical for technology startups, but not necessarily for a big company like IBM or a services company like Infosys who can afford to train new graduates. I do believe that other startups in Bangalore will see the same issue in 12-24 months.

Is this trend dangerous for India’s future? Not so. In the short-term, some of the outsourcing business will move to Tier 2 and Tier 3 Indian cities where the costs are lower and the infrastructure under less strain. In the long-term, if low margin IT outsourcing becomes untenable, Indian entrepreneurs will have to move towards more profitable packaged software businesses. See the second half of my earlier post “Why a US ban on offshore outsourcing is the best possible thing for India!” for how this might play out.

Munjal has a great perspective on this as well. He writes:

In general this wage inflation is really good for my employees and great for India. I am so proud of the strides forward that India has made. While others have chided Intl companies for opportunistically leveraging the cost difference, I am a true capitalist in my belief that all of the employers rushing to India in the last 3 years has increased wages and provided more opportunity than 20 years of a closed socialist leaning economy ever did. India is a true global powerhouse now. There is no doubt.

I could not summarize any better.

India vs. China: Forrester right on facts, wrong on conclusions?

Forrester recently published a report entitled China's Diminishing Offshore Role which has been widely quoted by the likes of Computerworld, Times of India, the Hindu Business Line, and China Economic Review. The Computerworld article says:

Forrester Research came out with a report with a rather downbeat assessment of offshoring successes there to date. According to analyst John McCarthy, the market "has not taken off as expected. While there continues to be demand from Japan and multinationals with operations in China, the offshore business from the US and Europe has been slow to materialize. In fact, China’s percentage of GDM resources for the top services firms like Accenture has dropped, while India and the Philippines have seen far greater investment."
The findings in the report , China's Diminishing Offshore Role, were based on interviews with executives at 10 large IT services firms. Reasons cited for disappointing growth included high attrition rates, a lack of English speaking workers, and inadequate intellectual property laws. According to one executive interviewed for the report, offshoring to China "would have to be 20% cheaper than India to be viable." Currently, McCarthy says, the costs are about he same.

Forrester’s facts are 100% right, but their conclusions are almost certainly 100% wrong. The original Forrester report states: "What we found is that while Chinese services firms are supporting a vibrant local IT market, China has not achieved the offshore growth that people expected." I care much less about the absence of a significant offshore market, but the vibrant local market is certainly of interest to me. These Chinese vendors serving local customers do not enjoy a labor cost advantage relative to their customers and thus have to be much more labor efficient than the Indian vendors. Once these Chinese firms figure out how to credibly serve US customers, they will become a credible threat to the Indian vendors unless India can get a lot more labor-efficient. You can see more details on China’s threat to India at this recent article in a leading Indian newspaper [disclaimer: the article quotes me but that is not why I think its good] or at my post on theChinese BPOs’ secret weapon at the Rational Outsourcing Blog.

News article on India vs. China quoting yours truly

See this story entitled “India being Bangalored by China” which quotes me. It came out in Daily News and Analysis which is one of the leading newspapers in Mumbai (India’s financial capital). Here are a few choice quotes:

hard facts too make the point forcefully that India, today’s undisputed leader in outsourcing services, is gradually being, well, Bangalored by China. The Global Outsourcing Report, which ranks countries based on their opportunities, costs, and risks in relation to IT offshoring, predicts that by 2015, China, currently placed second, will have taken over the No 1 spot from India.

In Vespa’s estimation, Indian leaders — like Infosys and TCS — are so far ahead of their Chinese counterparts that even 10 years from now, their standing won’t be seriously threatened.
"If we look at the top 10 companies in the outsourcing market in 10-15 years, I have no doubt that six or seven of them will still be Indian… But China as a whole will have taken over from India as the leading outsourcing destination."

Sengupta too believes that the Indian BPO is at a defining moment. "Clayton Christensen, the author of Innovator’s Dilemma, describes how the integrated steel companies in North America were rapidly disrupted and eventually driven out of business by steel mini-mills.
Likewise, the British used to dominate the motorcycle industry, but the Japanese disrupted them very quickly. In both cases, the incumbents were initially overconfident about their strengths relative to the disruptors until it was too late. I fear that the same is happening today as regards Indian attitudes to Chinese BPOs.
If India wakes up to this threat, I believe it can compete effectively. If it does not, then eventually it will cede its leadership in the global service market and whether that happens in five years or ten, it will be catastrophic for the Indian economy."

Offshoring ≠ illegal immigration

I have been closely following the current immigration debate and I was disturbed to see illegal immigration and offshore outsourcing discussed in the same breath by many commentators. Let us not confuse the two: the first is illegal, the second is not only legal but in fact any limitations on outsourcing would probably run afoul of international free-trade agreements and could ruin the US economy.

It is amazing how shortsighted these opponents of outsourcing are. The United States counts for 12.06% of total world exports while China counts for 5.33% and India a miniscule 1.14%! [Data from “The Economist Pocket World in Figures” 2007 Edition] If the US initiates a trade war and disrupts the global trade environment it stands to lose more than 10 times as much as India. As I have written before, the last time the US turned protectionist, it slid into the Great Depression. Let us not repeat the same mistake again.

All this vilification of outsourced may even be completely counterfactual. Take a look at Robert Samuelson’s “What Offshoring Wave?” article in The Washington Post. He explains that only 4% of mass layoffs stemmed from offshoring. I must admit that there is a flaw in his argument: he is only looking at layoffs of 50 or more and it would have been much more interesting to look at all layoffs. However, there is no reason to believe smaller layoffs would have significantly different causes. Here are a few select quotes from Samuelson’s article:

For the United States, Kirkegaard examined a survey on "mass layoffs" from the Bureau of Labor Statistics to see how many stemmed from offshoring. The answer: 4 percent. That included both manufacturing and service jobs.

In 2004 and 2005, the BLS counted almost 1 million workers fired in layoffs of 50 or more. That isn't a huge number in a labor force of about 150 million. Moreover, most causes were domestic. The largest reason (accounting for about 25 percent) was "contract completion" -- a public works job done, a movie finished. Other big categories included "downsizing" (16 percent) and the combination of bankruptcy and "financial difficulty" (10 percent). Only about 12 percent of layoffs stemmed from "movement of work" -- a category that would include offshoring. But two-thirds of those moves were domestic.

It's true that offshoring doesn't measure the full impact of globalization on U.S. labor markets. That effect would also include trade and investment by multinational firms. Still, with the unemployment rate at 4.5 percent, it's clear that globalization hasn't crippled the U.S. job machine.

Losing a job is a wrenching experience for anyone, but the lesson here is that most job loss has local causes. The offshoring obsession reflects its novelty and the potential threat to white-collar jobs that seemed inherently safe from foreign competition. In our mind's eye, globalization is so powerful that it's sweeping everything before it. The reality is that, though globalization is increasingly important, it's still a weakling compared with the domestic economy. The antidote to job loss is job creation, and that depends decisively on national economic policies and conditions.

It's easy to blame all our economic anxieties and problems on globalization, because that makes foreigners and multinational companies responsible. Though satisfying, it will also be self-defeating if it diverts attention from fostering a healthy economy at home.

Cartoon on salary inflation in India (also applies to China)

Another interesting cartoon from www.doubtsourcing.com which is somewhat rooted in truth. Take a look at this Hindu Business Line story on how Indian salaries grew fastest in the world. “IT sector salary is set to grow by about 13.7 per cent, and ITES and BPO growth may be by 15.5-16 per cent.” The Economist has a more interesting analysis that looks at “real pay” rather than just salary. This claims that Chinese real pay actually grew faster than Indian ones.

India vs. China: The other side of the story

I was asked by a reader, “so why do you think you will win your bet with Benny?” Most of India’s strengths are self-evident and have been widely written up. Here are a couple of thoughts on why I still believe I will win the bet:

• Be careful what you wish for, or in other words, how China may fall victim to its own success: The Chinese government tends to think big and right now it is trying to start 1000 BPOs by 2010. 1000 is a large enough number that it attracts attention (which by the way is what I think the government was trying to do) but it is too large a number of companies in too short a time for them to learn how to compete smart. If they can’t compete smart, they will compete hard which means they will undercut each other on price and overbid each other on paying workers. Pretty soon they will face the exact same problems India is facing: high employee churn rates, wage inflation and lower margins. The Chinese government has to help Chinese BPOs grow smart rather than just grow fast and that can’t be done by spending money alone.
  
• When it comes to quality, perception is as important as reality: While the Chinese BPO industry has existed for years, they have very little experience serving US and European customers and dealing with their quality expectations. The newer Chinese BPOs also tend to have less extensive quality management experience and technologies. [There are exceptions to every rule: I have met some Chinese BPOs who are investing quite heavily on their quality, while others seem to have very few if any quality experts on staff.] Furthermore, often the definition of quality in BPO engagements is quite subjective. If US customers believe that China has a quality problem, they will perceive lower quality in the processes run by Chinese vendors. Indian vendors addressed this quality perception problem by aggressively adopting CMM and reaching CMMI certification levels that were often higher than their customers’. [Look out for an upcoming post on why CMMI is not sufficient for BPO as opposed to IT outsourcing. But the reality is that the market broadly perceives it as a quality certification.] Chinese BPO vendors can’t follow that exact same strategy. The leading Indian BPO vendors have already invested years in reaching the highest levels of CMM. Even after spending years, the Chinese BPOs can at best match the Indian vendors in CMMI certification, not beat them at it.

No Entrance to Greenland (without English)

I took this picture when I visited Shanghai in 2002. I assume the Chinese text means “please don’t walk on the grass” or some variant thereof. The hilariously incorrect English translation may turn out to be prophetic though: can China gain entrance to the land of “green” (slang for money in America) without addressing their English problem? Probably not. However, there are three forces ameliorating China’s English problem:

• The Chinese Government: A story in fDimagazine.com [part of the Financial Times group] entitled Battle of the behemoths explored the question of: “Will China upstage India and become the epicentre of offshoring?” While the article does say “In terms of talent, India will continue to score above China” it also highlights what China is doing to address the talent gap. “The Chinese government is driving long-term improvements, recently announcing plans to spend more than $5bn on language training to target the BPO market.” As I have mentioned in previous posts, the Chinese government has a track record of successfully spending its way to success. Building ahead of demand can be very risky but it can pay off. Is $5 Billion a large enough investment for China to catch up to India? Assuming a BPO industry headcount target of 1 million operators, this is $5000 per operator of English training. In China, I am sure $5000 buys you a lot of English training.
  
  
• The Olympics: If you haven’t visited China recently, it will be very difficult for you to appreciate how important the Olympics are to the Chinese people. The Chinese are a very proud people, and they want to show off their country in the best light during the Olympics. As part of the preparations for the Olympics, they are investing heavily on English training for hotel staff, taxi drivers, and even shopkeepers. Previous Olympic hosts have ended up with excess hotels and sports arenas after the Olympics ended. China will probably end up with excess English-speaking citizens.
  
  
• Chinese entrepreneurs: Some entrepreneurs are adopting very interesting process innovations to address the English problem. One leading Chinese BPO splits up every document into its smallest component parts. Thus, one of their operators only processes the ‘Social Security number’ field of every loan application while another processes only the ‘employer’ field. At this level of granularity, the skill required is not really English language skill, but rather symbol identification and transcription skill. The Chinese written language contains more than 3500 characters and thus the Chinese are exceptionally good at symbol identification and transcription. Of course, this solution only works for low-end data entry work because higher-order tasks such as Knowledge Process Outsourcing or even advanced BPO activities such as insurance claims adjudication can not be easily broken into minute components. However, low-end data entry work constitutes the majority of Business Process Outsourcing work today and most Chinese entrepreneurs would be happy to capture a significant proportion of this market away from India. [For details on Chinese characters, see the website of the Chinese Language Program at Harvard University: “The Xiandai Hanyu Changyongzi Biao (Modern Chinese Commonly-Used Word List), compiled by the national language committee and national education committee in 1987, includes the most frequently-used 2,500 characters, as well as the second most frequently-used 1,000 characters. Thus it comprises 3,500 characters altogether. Those who have received a junior or senior high school education should know and utilize these 3,500 most commonly-used characters.”]

Overall, I don’t think China has adequately addressed its English Achilles’ heel yet, but both the government and the people are aggressively trying to address this shortcoming. Anyone who ignores the Chinese threat to the Indian BPO industry on the basis of English language gap alone does so at their own peril.
Note: I wrote this post because of comments from reader Greg Cruey and a visitor from the “China Law Blog.” Keep the questions coming; I will try to answer them as soon as possible.

The secret weapon of the Chinese BPO industry

I have an ongoing bet with my COO Benny who happens to be Chinese. He believes that the Chinese Business Process Outsourcing (BPO) industry will eat India’s lunch in the next few years. I on the other hand have always been confident that Indian entrepreneurship and innovation will help Indian BPOs beat all competitors including the Chinese. Till recently, I never worried that I may actually lose the bet. A recent conversation with Mr. Roc Yang (CEO of China Data Group, a leading Chinese BPO) forced me to acknowledge for the first time that perhaps Benny could win the bet after all.

Mr. Yang raised several reasons why China might beat India on the BPO arena. Some of these reasons I had heard before: lower employee churn rates, lower effective salary, and better infrastructure. While China may have these advantages today, either India will be able to address them over time (as in the case of better infrastructure) or China will face the same problems as its own BPO industry develops further (as in the case of employee churn).

Some of the competitive factors Mr. Yang raised (such as an ability to provide end-to-end services or more sophisticated operational procedures) are quite possibly valid for his specific company but I can’t imagine that they are true for all Chinese BPOs. Moreover, I can imagine conversations with CEOs of Indian BPOs who would raise the exact same factors as competitive advantages that the Indians enjoy. An analysis of who is right is beyond the scope of this blog. Most probably, only time will tell who is right on this issue.

One point that Mr. Yang highlighted however may turn out to be the secret weapon of the Chinese BPO industry. Contrary to popular perception, the Chinese BPO industry has existed for many years and quite possibly is as old as the Indian BPO industry. The reason that the Chinese have stayed under the radar is that they primarily serve the Chinese market. As Mr. Yang pointed out, because their customers are also Chinese they could never count on labor cost differentials as a critical factor in their business. Thus, out of necessity, they have had to be incredibly cost conscious. He believes that because the Indians have enjoyed a large labor cost differential relative to their customers, they have been much less labor efficient than the Chinese BPOs.

I must admit that many Indian BPOs often have an attitude that labor is cheap so we can always throw a lot of bodies at any problem. This has in many cases led to inefficient use of labor. If Chinese BPOs have truly figured out a way to be profitable in the absence of a labor cost advantage and are now shifting their attention to the US market then Indian BPOs may have cause for concern. An industry that is used to running lean and mean in their own country would have a huge advantage once they gain the additional advantage of the labor cost differential between China and the US. Look out India!

In reality, if the Chinese BPOs can truly bring labor-efficient solutions to the market, that would only spur Indian vendors to respond similarly. Due to the high employee churn rates and salary increases, Indian BPOs have already started to become more labor efficient. The entry of labor-efficient competitors from China would only accelerate the trend. I would expect to see even faster efficiency and accuracy improvements primarily via the adoption of new technologies and consistent processes across customers. This competition from China may just help spur the Indian vendors to the next stage in their evolution.

Time for some BPO magic: 99.9% accuracy = 1.8% accuracy!

Fifteen Stanford students are working with me this quarter as part of a Stanford Marketing class. One of them recently asked me: “How can you say there is a quality problem with Business Process Outsourcing (BPO) if most vendors advertise 99.9% accuracy?” Before I could answer him, I had to explain what 99.9% accuracy really meant:

• Is it document-level, field-level or even character-level accuracy? Or how 99.9% accuracy can equal 2% accuracy! If 99.9% of documents have no errors, that is indeed an impressive level of quality. Let’s assume that the 99.9% accuracy is actually a field level number. Now, an insurance claim may easily have 200 fields. In that case, the document-level accuracy would just be 82% (if you like math, this is 0.999 multiplied by itself 200 times). However, usually once you ask the vendor, you will find that such a high accuracy level is actually a character-level accuracy. If 99.9% of characters have no errors, and most fields have 20 characters, then an average document field would only have 98% accuracy. Assuming 200 fields on average per document, if 98% of fields have no errors, then on average the document-level accuracy would be just 1.8%. In other words, if the character-level accuracy is 99.9%, only about 2% of documents would be error free. Make absolutely sure what is the context for the reported 99.9% accuracy, because it may translate to only 82% or even just 2% document level accuracy.
  
• Was the base of the field-level accuracy the hypothetical number of fields that might be filled out or the actual number of fields that were filled out? Or how 99% accuracy can equal 90% accuracy! I recently analyzed an insurance claim that had almost a thousand fields. For example, it had space to specify about 30 separate diagnoses along with associated details. However, most of the time the claims contained just one to three diagnoses and an average claim had only about 100 fields out of 1000 filled out. If there was an error in ten fields in such a document, is that 90% accuracy or 99% accuracy? Remember that in most cases, only a small subset of fields are filled out for each document. Thus, whether we divide the errors by the total number of fields that could have been filled our or the number of fields that were actually filled out can significantly affect the reported error rate.
  
• How was the accuracy evaluated? Or how 99.9% accuracy can equal 89.9% accuracy! Several vendors use double-entry for quality control and assume that any field that was consistently typed by both operators was not an error. Sounds reasonable, doesn’t it? After all, there is only one way in which a field can be processed correctly and multiple ways in which it can be processed incorrectly. Thus, if two operators typed the field consistently, they must have gotten it right! I recently evaluated a BPO vendor who leverages double-entry and discovered an interesting fact that completely blew this assumption out of the water. Over 50% of the errors in the insurance claims processed by the vendor came from fields being left blank. I was really intrigued by this pattern and researched it further. It turns out, in double-entry if the operator has any difficulty reading a field, they may leave the field blank assuming the 2nd operator will get it right. Leaving a field blank also reduces the probability that a discrepancy will be reported [a field may be entered incorrectly several different ways, but left blank only one way]. Even without collusion this can lead to systematic under-reporting of operator errors in a double-entry system. Essentially, the operators quickly figure out that if they try to interpret bad handwriting and put in their best guess, then the supervisor usually reports an error. However, if they are ‘lazy’ and simply leave the field blank, the supervisor rarely complains. Humans are really smart and quickly learn from such feedback, even when the lesson they learn is exactly contrary to what the BPO vendor would want them to do. In this specific case, if 50% of the errors come from fields left blank, 25% on average and up to 50% of the errors would not have been caught by the double-entry. Let us assume that the average first-time quality of the operators as reported by the double-entry system is 10%. The real first-time quality of the operators would thus be 13% to 20%. Now, almost all of the errors caught by the double entry system would have been corrected, and thus, the vendor might reasonably report a 99.9% accuracy. In reality, the 3% to 10% of the cases where both operators incorrectly left the field blank would never be caught, and the actual accuracy rate would be between 89.9% and 96.9%.

So what was my answer to the Stanford student? Be very careful what 99.9% accuracy really means. If a vendor has a real document-level error rate of 99.9%, they would really have exceptionally high quality. By the way, this vendor may still have a quality problem: they may simply be spending too much to achieve that level of quality!

Cartoons on outsourcing

I just came across a site with cartoons on outsourcing. The site is really new, but has potential. You can check them out at www.doubtsourcing.com.

Interesting perspective on the Chinese BPO industry

William Dodson has a very interesting post entitled The Buddha and China Business Process Outsourcing on his “This Is China! Weblog.” Here are a few select quotes, but I would recommend you read the complete post.

The VC’s remote research had lead them to conclude there were still no pack leaders in the BPO market, no companies breaking away from the others and distinguishing themselves; especially for the North American and European marketplaces. They knew the Indians were coming to China, and that the Chinese government was promoting cities in China to become IT/BPO centers of excellence. They were confident and vested in the development of the China BPO market; but how long would it take to see an industry grow up that was as formidable as India’s?

China has no Y2K to finance or to educate its armies of fresh-eyed programmers in the hard-as-nails realities of Western business practices and operational processes. It does not have the troops of English-speaking, customer-focused go-getters that India does to kick-start an industry into the stars. Instead, China is going to have to boot-strap itself to become a world-beater in both the IT/BPO realms.

Certainly, the Chinese government has its heart in the right place and its intentions firmly set. Newly fielded economic development zones throughout China are flush with cash, already investing in platoons of engineers and hi-tech infra-structures. One partner in a venture to work with a local government to build its IT/BPO service base told me the governments are using the same approach they had in developing their manufacturing prowess: if you build it, they – the foreign companies - will come.

Problem is, the Chinese have no credibility when it comes to understanding and articulating the kinds of back-office applications that matter to knowledge-driven Western companies. Most Chinese IT companies cater to domestic customers; the vast majority support Japanese and Korean companies with relatively unsophiscticated programming that has been passed to them through highly detailed specifications; and the few BPO resources there are have made it this far performing rote activities that do not require much in the way of analysis or creativity: insurance claims processing, data entry and the like.

This is all not to say the Chinese will not develop a successful BPO industry, for I firmly believe they will, I told the VC on the conference call. And the VC, for their part, reiterated their long-term commitment to developing the BPO industry in China. However, we all agreed, it’s just going to take years longer than we would all prefer. And the industry will likely go through many incarnations before it makes as large an impact on the world scene as the Indian model has. But it would happen in this lifetime, we were confident.

I agree with several of the points raised by Mr. Dodson. I have previously expressed my concerns about China’s “build it and they will come” attitude in my China planning its way into Business Process Outsourcing? post. However, I have had similar concerns in the past, and have been proven wrong. When I first visited Shanghai, the Pudong area was full of beautiful new buildings, most of which were empty. The wide roads to the airport had so few cars that I was struck by the infrastructure overcapacity. China was clearly building ahead of demand and I felt it was a very risky gamble. However, today the buildings in Pudong are full and the roads are crammed. The gamble paid off for China. Will the BPO gamble pay off? Only time will tell.

Bangalore nee Boston Globe: why the privacy red herring may come back to haunt the Boston Globe union

If you haven’t heard about the union objections to the Boston Globe outsourcing 50 positions to India, then you should see the Boston.com or Times of India or the Outsourcing Weblog sites. You can also see the actual ad here (as a pdf).

The union says: “Further, billing and account information will now be shipped overseas to Bangalore, India, putting customers’ most vital information at risk.” As I have written several times before, this is a red herring. Outsourcing these task to India may actually improve information security. Remember, just last year Boston Globe saw one of the most absurd privacy breaches I have ever heard of. If you have forgotten, here is a quick reminder from a Boston.com story.

Credit and bank card numbers of as many as 240,000 subscribers of The Boston Globe and Worcester Telegram & Gazette were inadvertently distributed with bundles of T&G newspapers on Sunday, officials of the newspapers said yesterday.

The confidential information was on the back of paper used in wrapping newspaper bundles for distribution to carriers and retailers. As many as 9,000 bundles of the T&G, wrapped in paper containing subscribers' names and their confidential information, were distributed Sunday to 2,000 retailers and 390 carriers in the Worcester area, said Alfred S. Larkin Jr., spokesman for the Globe.

In addition, routing information for personal checks of 1,100 T&G subscribers also may have been inadvertently released.

The Globe and T&G financial information was inadvertently released when print-outs with the confidential information were recycled for use as so-called "toppers" for newspaper bundles. A topper, placed on top of abundle of newspapers, is inscribed with the quantity of papers in each bundle and the carrier’s route number.

Oh, the irony! Before using privacy as a Fear Uncertainty and Doubt (FUD) attack against outsourcing, the union should have remembered that those who live in glass houses should not throw stones.

Related Posts:

• Reprise: Consumer privacy protection and outsourcing to India
  
• Consumer privacy protection and outsourcing to India
  
• Who would you trust with your credit card number: an Indian college grad, or an American felon?
  
• Nasscom’s new Data Security Watchdog: it has bark, will it have bite?
  
• Really informative article on the Information Security laws in India

Single source for outsourcing news and opinion

I recently created a new Rational Outsourcing site on Ning. I have been looking for a single site where I can get a quick update on outsourcing related news and opinion. I am trying to make this new site fulfill that role. It already includes the 3 to 5 most recent outsourcing related posts/articles from about 25 blogs and newspapers. I also included an open discussion board. Please take a look and let me know what you think.

Really informative article on the Information Security laws in India

Thanks to Google alerts I came across a really interesting article in law.com that “surveys the state of data security legal protections in India.” Check out the complete article. To whet your appetite, here are a few excerpts:

The Indian legal system is substantially based on the British common law system. While there is no omnibus Indian data security law, there are several laws that apply to data theft or misuse in India. Typically, when an incident involving data occurs, a complaint is filed for theft, cheating, criminal breach of trust, dishonest misappropriation of data and/or criminal conspiracy under the provisions of the Indian Penal Code, 1860 (IPC) and for hacking under the Information Technology Act, 2000 (ITA). Many of these offenses under the IPC and the ITA allow for an arrest without a warrant, are non-bailable and carry penalties that range from imprisonment for a year to life imprisonment, as well as fines.

the criminal complaint can be made to Anti Cybercrime Cells set up by the State Police Departments. These cybercrime cells have been established specifically to investigate and prosecute cases of data theft and copyright infringement, as well as other cybercrime cases. Cybercrime cells of several state police departments (e.g., Delhi) organize training programs to enhance investigators' skills and knowledge concerning data protection, and use advanced equipment to investigate data security incidents. In fact, the U.S. Department of State recently trained Indian cybercrime investigators on investigating techniques. The investigating officers at Anti Cybercrime Cells have the power to seize infringing or stolen data by conducting searches and raids on the premises of the alleged offenders and can also prosecute the offenders in the criminal court that has jurisdiction over the police station where the complaint was registered. The law enforcement agencies also have the power to arrest offenders and keep them in custody during the course of the investigation and prosecution unless bail is granted to the offenders by the court.

While several measures have been put into place to deal with data security issues, some concerns still remain regarding the Indian legal system. Indian courts are overburdened -- in 2005, the lower courts had more than 20 million pending cases, while the high courts had more than three million. Delays in the system are common, and an average case can take several years to be resolved. However, things are changing. Several measures are underway, and the Prime Minister of India, as well as the Chief Justice of the Indian Supreme Court, have committed to dealing with the issues facing the Indian courts. Further, the system itself, while slow, works. More importantly, as previously discussed, the service providers themselves are putting into place several preventive measures to deal with data security and privacy issues.

Reprise: Consumer privacy protection and outsourcing to India

It really is a small world! I was talking to a friend on Sunday and it turns out she is an active volunteer for the Privacy Rights Clearinghouse. She had been a victim of identity fraud and speaking with her gave me a better appreciation for what the Privacy Rights Clearinghouse was talking about in the Statement on Outsourcing and Privacy. For example, my friend had her information stolen by an employee of a hospital she visited. She actually had to privately track down the person who had stolen her information. I can see how this would have been more difficult if the thief had been in a foreign country. However, I do believe that outsourcing if done right would actually improve privacy protection rather than harm it.

For example, a significant part of basic data-entry in the US is done by temporary workers or high school graduates who do not see data-entry as a career path. On the other hand, a BPO in India typically employs people with some or significant college education, who expect to have a career in the BPO industry. Thus, I believe these Indian workers have less of an incentive to break the law. If crime rates are anything to go by, an Indian college graduate is far less likely to commit a crime than a young American earning close to minimum wage.

My friend did raise an interesting argument that an Indian worker earns significantly less than an US worker and thus may be more tempted to carry out identity theft. I actually disagree with this for several reasons:

• We should consider the lifestyle that the salary can purchase, not just the dollar amount. While Americans earning close to minimum wage struggle to feed their families, Indian BPO operators earn enough that they have significant disposable income. In many cases they earn significantly more than their parents did. In general, a young Indian fresh out of college actually sees a BPO job as a somewhat good life and most of them are focused on the prize of being promoted to management and achieving a better life than the vast majority of Indians. An American making close to minimum wage certainly does not see his job as a path to the good life.
  
• In both India and the US identity theft is not prosecuted as aggressively as it should. Many US companies do not conduct sufficient background checks on their employees. Indian companies face a different problem in that it is more difficult to carry out formal background checks in India. However, in India two factors ameliorate this problem. First, most BPO operators are recruited / recommended by an existing employee. In some BPOs I felt like they had recruited away entire classes from certain universities! These strong peer bonds serve as informal background checks as well as a strong inhibitor for illegal activities. Second, Nasscom, the association of Indian BPO vendors, has been aggressively pushing for stricter information security laws and a national database of certified operators.

  The new National Skills Registry (NSR) is backed by Indian IT trade association Nasscom and was set up following a series of customer data breaches at offshore call centres last year. The NSR, set up by Nasscom and the National Securities Depository, is a centralised database that will store information about each IT worker's educational and professional background. Biometric technology will be used to verify the identity of individuals. [from a silicon.com story]

  This database is still in its infancy and only about 30% of the industry’s total workforce registered with it in the first nine months [See this Indian Express story for details] but this is already better than what you would expect in the US where it would be very difficult to set up such a registry.
  
• Moreover, generally information security is the lifeblood of a BPO vendor. Even one information security problem could completely ruin its reputation and subject it to severe financial liability to its customer. As such, BPO vendors tend to be far more careful about information security and put in far better safeguards than most US firms. For examples of what Indian BPO vendors are doing to improve data security, see the “Indian BPO providers tighten data security” story from SearchDataManagement.com:

  Take a look inside a typical BPO outfit, "where you will find airport-style frisking at the entrance a routine," said Raghu Iyer, a Bangalore-based call center worker. Agents (BPO workers) are required to surrender everything they carry, like mobile phones, PDAs, pens, notebooks and even tissue papers, which could enable smuggling data.
  
  Access to personal e-mail accounts is not allowed and firewalls block access to any Web site not necessary for work. At the end of the day, workers have to shred notes of conversation with customers, and workers are forbidden from socializing with non-employees during work hours. Visitors are required to seek permission and are required to sign a document of non-disclosure as well. "Above all these measures, with closed-circuit TV cameras watching your every move, the job of a typical BPO worker has never been so suffocating," Iyer added.
  
  It may be uncomfortable for many workers, but "BPO firms have little choice but to follow more quality checks and more auditing, and impose more regulations that could be demanded by their customers," said Sudhin Apte, country manager of Forrester Research Inc.

In conclusion, I believe information security is stronger in a leading Indian BPO than in most US companies. As such, organizations such as Privacy Rights Clearinghouse may actually find that their privacy goals are better met when companies outsource their processes to leading Indian BPOs than when they keep these processes in-house. The major caveat here of course is that the BPO contracts have to be structured appropriately, the BPO vendor’s information security procedures have to be carefully evaluated, and the final BPO decision has to be based on Total Cost of Ownership (including expected PR expenses and regulatory risk stemming from potential information security breaches) rather than just labor cost.

Consumer privacy protection and outsourcing to India

I recently came across a Statement on Outsourcing and Privacy to two California Senate committees by an organization called the Privacy Rights Clearinghouse. The statement starts with:

I do not want to infer that companies outside the U.S. are less capable of protecting records containing personal information. On the contrary, news accounts of several such offshore companies describe security practices that far exceed the privacy protection strategies of many U.S. businesses.

However, it then goes on to list several consumer protection concerns with offshore outsourcing. Generally, most people don’t realize that outsourcing contracts are rarely signed directly with an Indian company. Almost every outsourcing contract I have seen is set up with an US or UK domiciled company which is backed up by significant insurance coverage from a major insurer. In most privacy / information security situations, the real recourse is financial compensation via legal action. Because of the structure of these outsourcing relationships, there are sufficient assets that a litigant could go after in US courts even when the delivery happened from India.

However, let me comment on each of the concerns raised by the Privacy Rights Clearinghouse in order. [Please note that I am most comfortable talking about offshore outsourcing to India, but several of my comments are probably generally applicable. Disclaimer: I am not a legal expert and these are just my personal opinion.]

What recourse does an individual have if his/her personal information is handled improperly by an overseas company? Most countries to which data is being transmitted have no data protection laws on the books.

India does have several laws that address data protection and several more are in the works. Moreover, even “Undisclosed information and trade secrets” are protected under WTO-TRIPS (see Understanding the WTO for details) and India has to comply with TRIPS. Finally, the outsourcing industry is a powerful lobby in India and they have been pushing hard for stringent data protection laws to be enacted. In general, over time, a country like India which has a significant portion of its GDP and growth tied to information security is more likely to adopt stringent laws than even the United States.

If a U.S. law or regulation is violated, will the appropriate U.S. regulatory agency, such as the Federal Trade Commission or the Office of the Comptroller of the Currency, send investigators to the offshore company to conduct an investigation? Probably not likely.

If an US agency really needed to, they could probably collaborate with the appropriate Indian agencies and conduct such an investigation. For example, the US Food and Drug Administration (FDA) inspects medicine factories in India. Far more likely, US regulatory agencies could leverage India’s enforcement obligations under WTO-TRIPS, the 1999 US-India mutual extradition treaty and their 2001 Treaty on Mutual Legal Assistance in Criminal Matters to pursue the matter.

If an employee of an overseas company observes improprieties and wants to blow the whistle, who can he or she contact to file a complaint? And will that individual be protected by U.S. whistleblower laws? Again, not likely.

This is an excellent question and we should also consider the broader question of whether US style whistleblower protection is sufficient to promote the transparency we seek.
First, India does have an interim whistleblower protection mechanism in place and the government is under pressure from the Indian Supreme Court to rapidly enact a more extensive whistleblower protection law. [Note: Whistleblower laws are particularly American and they can actually run afoul of European privacy laws. See the Tip-line bind: Follow the law in U.S. or EU? story for an excellent example.]
Second, in general whistleblowers face severe harassment even when they are protected from being fired due to the US whistleblower laws. Data center employees earn so little each month that just protecting their jobs may not be sufficient incentive/protection for them to come forth and provide information against their employers. Anonymous tip lines on the other hand can easily become a medium for harassing people you don’t like and has a flavor of Soviet era anonymous tips that I don’t particularly like. Perhaps Indian outsourcing vendors and US outsourcing customers can set up a whistleblower fund for rewarding outsourcing employees who report problems that are eventually independently confirmed. Even a small financial incentive of a few thousand dollars would probably compensate these workers for lost wages and harassment due to their whistleblowing and would be more effective than US style whistleblower laws.

If an individual becomes a victim of identity theft and is able to trace the illegitimate access to his or her personal information back to an overseas company, can that individual attempt to take legal action against that company for its negligence? Technically perhaps, but realistically probably not. A bigger question is if the victim of identity theft would even be able to trace back to the source of the data breach. Not likely.

I am not sure I quite understand the premise of this question. Because of the focus on outsourcing, I am assuming the statement is referring to a situation when individual A shares private information with US firm B who outsources the processing of this information to Indian outsourcing vendor C. Whether or not firm B outsources the processing of this information, it would be almost impossible for individual A “to trace back to the source of the data breach” as they would violate information security and industrial espionage laws if they tried to do so independently. More likely, they would compel firm B to divulge the source of the data breach as part of a legal action. In any such legal action, they would merely sue firm B and gain compensation from them; why does it matter whether or not firm B outsourced to a vendor C? Remember, the only real remedy for the victim of identity theft is to sue for compensation. You would usually go after the US firm as that has the deeper pockets and was directly responsible for protecting your information.

How would California's law requiring that individuals be notified of security breaches involving sensitive personal information be promulgated and enforced if the illegitimate access to computer files were to occur in an offshore company? (California Civil Code section 1798.82-1798.84)

Outsourcing vendors have to comply with a raft of US laws such as GLB, HIPAA, etc. They are enforced via contractual agreements between the customer and the vendor.

How will U.S. companies be able to prevent overseas firms from subcontracting the work to other companies who then subcontract it to yet others? In a widely reported incident, a subcontractor in Pakistan threatened to expose the personal information contained in the medical records she was transcribing if she were not paid what she was due. (David Lazarus, "A tough lesson on medical privacy: Pakistani transcriber threatens UCSF over back pay," San Francisco Chronicle, October 22, 2003.)

Once again, subcontracting is preventable with proper contract design. Moreover, as discussed earlier, local authorities would prosecute such a person exactly the same way as US authorities.

Why globalization does not mean your job will get outsourced to India

We live in a “flat world” where physical location does not matter and where jobs will migrate to the least expensive locations. An Indian worker may cost 60% less than an equivalent American worker. Does this mean your white collar job will necessarily move to India and that you might as well give up the fight and reconcile yourself to Ross Perot’s “giant sucking sound”? Not necessarily.

Labor costs are not a perfect indicator of overall costs. To make an apples-to-apples comparison between an American worker and an Indian worker we have to consider the total costs of their performing equivalent tasks. The three major additional components of total cost are: productivity, quality, and management overhead. Let’s tackle these in order:

• Productivity: First, some basic math: If one person costs $10 / hr and takes two hours to do a task, while a second person costs $15 / hr and takes just one hour to do the same task, which would you rather employ? If you didn’t sleep through math, you realized that the first person costs $20 per task, which is more than the $15 per task that the second person costs. Thus, you would select the second person even though her hourly rate is higher. So, the question is: who is more productive, an American worker or an Indian worker? It is tough to say. What we can say for certain is that our productivity is under our control and can be improved by orders of magnitude through process innovation. My favorite example of this was described by Dr. Michael Hammer in his “Reengineering Work: Don't Automate, Obliterate,” article in the Harvard Business Review. He described how Mutual Benefit Life, an insurance company, transformed a customer application process from a typical turnaround of 5-25 days and a best effort time of 24 hours to a typical turnaround of 2-5 days and a best effort time of just 4 hours. Mutual achieved this by creating a new position called a case manager and empowering these workers to process entire applications instead of having applications “go through as many as 30 discrete steps, spanning 5 departments and involving 19 people.” “Case managers have total responsibility for an application from the time it is received to the time a policy is issued. Unlike clerks, who performed a fixed task repeatedly under the watchful gaze of a supervisor, case managers work autonomously. No more handoffs of files and responsibility, no more shuffling of customer inquiries.” The productivity gain achieved by this company would be more than sufficient to offset the 60% difference in labor costs between Indian and American workers. Moreover, the job of the case manager is far more complex and “high-touch” than the tasks performed by the original clerks and is far less likely to be outsourced in the future. Dr. Hammer concludes his article with “We must have the boldness to imagine taking 78 days out of an 80-day turnaround time, cutting 75% of overhead, and eliminating 80% of errors.” Such boldness and innovation are far greater assets than 60% labor cost differentials.
  
• Quality: Well, you guessed it, time for some more math. Let’s say processing an insurance claim correctly costs $1. How much do you think correcting an error in an insurance claim costs? Well, once you add up the cost of quality control, the call center costs for fielding customer complaints, and the cost of reissuing a corrected claim, the costs climb quite high. Let’s say the cost is $100. If the error rate is 3%, then this company would be spending three times as much on the downstream cost of errors as on the original claim processing costs. Thus a 1% change in error rates would have the same total cost impact as a 3% difference in labor costs. The specific ratio of the cost of errors to original processing costs varies from case to case; however, the cost of errors is almost always greater than the processing costs. Thus, output quality is almost always more important than labor cost. In other words, if outsourcing increases your error rate even slightly, it can wipe out the benefits of lower labor costs. In one case, an US insurance company outsourced its claims processing to a BPO vendor that delivered 30% lower claims processing costs. Unfortunately, the vendor’s error rate was also slightly higher than the customer’s: just 1.1% instead of the original 1.0% error rate. Such a small 10% difference in error rates seems trivial, but it is sufficient to wipe out the benefits of the 30% cost difference from outsourcing. [For details, see the Case Study at www.totalcostoferrors.com/atcecasestudy]
  
• Management and training overhead: It is not easy to manage a task from across the world. You need proper oversight mechanisms which often require expensive international travel, managers who are trained in cross-cultural interactions, information security safeguards, etc. Other factors such as the high employee churn rate in India and the resultant training costs contribute to management overhead as well. In general, due to relatively high management overhead the overall cost benefits of outsourcing to India are often reduced to just 10 to 20%.

Once we consider the total cost differences between an American worker and an Indian worker, we find that the 60% labor cost differential is much less important than all the other factors that are included in the total cost. Thus, if American workers focus on their productivity and quality while leveraging their inherent management overhead advantages, they can effectively compete against Indian workers notwithstanding the labor cost difference. The unfortunate reality is that instead of focusing on these goals Americans are focusing on protectionism. In the meantime, Indians are focusing on improving these exact same factors. Let’s revisit them again:

• Productivity: If you visit a major Indian Business Process Outsourcing vendor you will be amazed by the way it manages its productivity. In many ways the major Indian firms have replicated the assembly line in a business process environment. While Indian firms aggressively adopt methodologies often invented in America, US firms are beginning to lag behind the Indians in process improvement in the service industry.
  
• Quality: The quality of Indian providers varies widely. I have evaluated vendors who had critical errors in more than 17% of processed documents, and I have evaluated others that demonstrated less than 0.5% errors. What is uniformly true is that most major Indian firms are investing heavily on quality improvement methodologies and software.
  
• Management and training overhead: While employee churn remains a significant problem, Indian firms have come a long way in tackling this problem through improved training systems. They are also beginning to invest in business service operations management software and some of the leading firms have even created home-grown management software. The most obvious change is in the corporate cultures of the larger firms. In 1999, I remember being surprised by the lack of sophistication of many Indian outsourcers. Today when I deal with the larger Indian vendors, it is easy to imagine that the meeting is taking place in New York or London and the vendor’s managers are invariably steeped in western corporate culture.

When the Japanese motorcycle manufacturers first entered the US market, the dominant British manufacturers laughed at them. The larger Japanese motorcycles leaked oil, “looked ridiculous,” and broke down regularly. The smaller Honda Cubs were considered “toys” by serious motorcycle enthusiasts. Their only advantage was that they were cheaper than British motorcycles. While the British laughed, the Japanese improved their motorcycles until they essentially drove the British out of the motorcycle business. It is true that Indian BPO vendors still have many problems with employee churn, security, infrastructure, quality; and today I truly believe Americans could give Indians a serious run for their money based on the overall cost of business processes. However, if Americans remain distracted by protectionism they will lose the chance to improve themselves and compete fairly for their slice of the global business process market.

I have a fierce belief in the inherent abilities of Indians and Americans. Americans today believe that the game is unfairly stacked against them due to the low Indian labor costs and they are essentially refusing to play the game. You can’t win a game that you don’t show up for! Of course Americans can’t beat the Indians on labor costs, but these costs are only a small portion of overall costs. Americans need to rejoin the game and figure out how their inherent strengths in innovation, management / training overhead and possibly quality can counter the core strengths of the Indians in productivity and costs. That would be a fair match worth competing in, and may the one with the lowest overall cost win.

The outsourcing bogeyman is the real threat to the US economy

It seems I managed to confuse some of my readers with my "Why a US ban on offshore outsourcing is the best possible thing for India!" post. I was using sarcasm to make a point, and am not really suggesting that the US ban outsourcing. Any ban on outsourcing would harm both countries overall, but would be especially harmful to the US. Let me make the same point using economic data rather than humor:

Right now the focus is on Business Process Outsourcing (BPO), however, during 1998 to 2002 everyone was convinced that IT outsourcing (ITO) to India would gut the American IT services industry. Let us consider the IT services most directly affected by offshore outsourcing, namely: “computer and data processing services” and “data base and other information services.” According to the “Digital Economy 2003” report published by the U.S. Department of Commerce, US imports of these services rose from $0.3 billion in 1995 to $1.2 billion in 2002 (with a peak of $1.6 billion in 2000). This seems to be clear proof of Ross Perot’s “giant sucking sound” and any number of Lou Dobbs’ tirades. However, in the same time period, US exports of these services rose from $2.4 billion in 1995 to $5.4 billion in 2002 (with a peak of $5.7 billion in 2000). Thus, the U.S. trade surplus in these services expanded from $2.1 billion to $4.2 billion over the same years when the US faced the greatest threat from Indian outsourcing firms due to the Y2K contracts and the Internet boom.

If the US had magically managed to “ban IT offshoring” and other countries had done the same, the US economy would have lost $26.2 billion over these 8 years. How many US jobs do you think that $26.2 billion translates to? I realize data provides cold comfort to people who have lost their jobs due to outsourcing. However, the above analysis highlights how overall global trade creates far more jobs in America than it destroys. If you don’t believe the analysis above, you should at least learn from US history. The following excerpt from the US Department of State website highlights how US protectionism contributed to and exacerbated the Great Depression.

The Smoot-Hawley Tariff Act of June 1930 raised U.S. tariffs to historically high levels. The original intention behind the legislation was to increase the protection afforded domestic farmers against foreign agricultural imports. … But once the tariff schedule revision process got started, it proved impossible to stop. Calls for increased protection flooded in from industrial sector special interest groups and soon a bill meant to provide relief for farmers became a means to raise tariffs in all sectors of the economy. When the dust had settled, Congress had agreed to tariff levels that exceeded the already high rates established by the 1922 Fordney-McCumber Act and represented among the most protectionist tariffs in U.S. history.

The Smoot-Hawley Tariff was more a consequence of the onset of the Great Depression than an initial cause. But while the tariff might not have caused the Depression, it certainly did not make it any better. It provoked a storm of foreign retaliatory measures and came to stand as a symbol of the ‘beggar-thy-neighbor’ policies (policies designed to improve one’s own lot at the expense of that of others) of the 1930s. Such policies contributed to a drastic decline in international trade. For example, U.S. imports from Europe declined from a 1929 high of $1,334 million to just $390 million in 1932, while U.S. exports to Europe fell from $2,341 million in 1929 to $784 million in 1932. Overall, world trade declined by some 66% between 1929 and 1934.

Thus, between 1929 and 1934, US imports were reduced by just $944 million while exports were reduced by $1,557 million and so the US economy lost hundreds of millions of dollars and more importantly tens of thousands of jobs due to US protectionism. Moreover, today due to the high growth rate of countries like India and China, the rest of the world counts for a significantly greater proportion of global economic growth than they did in the 1930s. As such, US protectionism would probably harm the US even more in the current environment because American companies would be locked out of the rapidly growing Asian economies while Asian and European companies would probably benefit from the vacuum created by the absence of American companies.

Daniel W. Drezner in his thought-provoking article titled “The Outsourcing Bogeyman” (Foreign Affairs, May/June 2004) provides two excellent examples on how US protectionism has already caused US job losses.

Consider the example of candy-cane manufacturers: despite the fact that 90 percent of the world's candy canes are consumed in the United States, manufacturers have sent much of their production south of the border in the past five years. The attraction of moving abroad, however, has little to do with low wages and much to do with protectionism. U.S. quotas on sugar imports have, in recent years, caused the domestic price of sugar to become 350 percent higher than world market prices. As candy makers have relocated production to countries where sugar is cheaper, between 7,500 and 10,000 workers in the Midwest have lost their jobs -- victims not of outsourcing but of the kind of protectionism called for by outsourcing's critics.

A similar story can be told of the steel tariffs that the Bush administration foolishly imposed from March 2002 until December 2003 (when a ruling by the World Trade Organization prompted their cancellation). The tariffs were allegedly meant to protect steelworkers. But in the United States, steel users employ roughly 40 times more people than do steel producers. Thus, according to estimates by the Institute for International Economics, between 45,000 and 75,000 jobs were lost because higher steel prices made U.S. steel-using industries less competitive.

Proponents of American protectionism should keep such recent misadventures in mind while pushing for higher tariffs.

US protectionism impacts more than just the economy. The previously quoted US Department of State article goes on to say: “More generally, Smoot-Hawley did nothing to foster trust and cooperation among nations in either the political or economic realm during a perilous era in international relations.” Does this sound eerily applicable in the current international relations context? George Santayana wrote: 'Those who cannot remember the past are condemned to repeat it.' Unfortunately, the cost of repeating this past mistake could be greater than the anti-globalization brigade can even imagine.

Nasscom’s new Data Security Watchdog: it has bark, will it have bite?

It seems Nasscom is trying to address the information security perception problem in India by creating a new Data Security Watchdog (as reported in CIO India).

The National Association of Software and Services Companies (Nasscom) is setting up a watchdog organization that will focus on the introduction and monitoring of best data security and privacy practices in the country's IT services, call center and business process outsourcing industries. The move is one of several measures by Nasscom and the IT industry to strengthen data security and privacy in the Indian call center and BPO industries.

"We are planning a self-regulatory organization (SRO) that will be initially set up by Nasscom, but will operate independently with an independent chief executive officer and board," said Sunil Mehta, vice president of Nasscom in Delhi.

"Being a member of the SRO will in effect be a certification, as member companies will have to follow the best practices specified by the SRO," he said.

Besides setting benchmarks and training companies on the best data protection and data privacy practices, the new organization will also have the authority to punish and expel erring member companies

The SRO will be funded for one year by Nasscom, which has budgeted Rs 1.35 crore for the purpose. After the first year, the SRO is expected to finance itself from membership, training, and audit fees.

This sounds like a great idea, especially as this organization can become a forum for sharing information security best practices. I have been impressed by the information security and fraud detection methodologies used by some Indian vendors and if they start helping each other they can improve even more rapidly. I am a firm believer in incentives, and here I think the outsourcing vendors’ incentives are properly aligned: When one Indian outsourcer has an information security or fraud problem, every Indian outsourcing vendor suffers from the negative press. Japanese manufacturers helped each other build the “made in Japan = quality” perception, Indian outsourcing firms have to do likewise.

I am however not sanguine about the incentives for the enforcement component of this watchdog. After the first year, the watchdog will be funded by the dues paid by its membership and the only way for it to punish a member would be to “expel” the “erring member” and thus lose their “membership, training, and audit fees.” This sounds like classic incentive misalignment. I hope that the Nasscom leadership will address this problem before the organization goes live. Perhaps the organization could be funded by the outsourcing customers instead? Rs 1.35 crore (approximately $300,000) split among even thirty large outsourcing customers sounds like a very good investment. If that $10,000 a year helps them avoid a single information security breach, or more likely a PR headache, it would be money well-spent.