LEGAL STRATEGIES FOR

INDIAN BPOs –
POST KKARAN BAHREE CASE

1
 A
PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF
INDIA
HEAD, PAVAN DUGGAL ASSOCIATES
PRESIDENT, CYBERLAWS.NET

ASSOCHAM
20th JULY 2005
2
 KKARAN BAHREE CASE
• THE BIGGEST, THE BOLDEST AND
THE ONE THAT HAS THE
POTENTIAL FOR THE BIGGEST
LONG TERM IMPACT.
• TREMENDOUS NEGATIVE
INTERNATIONAL COVERAGE FOR
INDIAN BPO INDUSTRY.

3
 THE GROKSTER
JUDGMENT
• MAKES SERVICE PROVIDERS
LIABLE FOR CONTRIBUTORY
INFRINGEMENT OF COPYRIGHT
ON P2P NETWORK SERVICE

4
THE GROKSTER LEARING
• BE PREPARED FOR THE
LIABILITY
• GROKSTER JUDGEMENT
• PARALLELS FOR THE INDIAN
BPO INDUSTRY
• OPENING UP OF THE
PANDORA’S BOX FOR
LIABILITY 5
PLAY OF JURISDISTIONS
AND THEIR LAWS
• APPLICATION OF MUTI-
NATIONAL LAWS AND
REGULATIONS BEING CALLED
INTO QUESTION
• IT WILL NOT BE LONG BEFORE
THE CLIENTS START
ENFORCING REMEDIES
AGAINST THE SERVICE
PROVIDERS
6
 LEGAL STRATEGIES
AHEAD
• IN THIS STATE OF CONFUSION,
WHAT ARE THE BEST LEGAL
STRATEGIES FOR INDIAN BPO
COMPANIES TO ADOPT?
• THE MAIN AIM BEHIND SUCH
ADOPTION SHOULD BE TO
INCREASE BUSINESS AND LIMIT
LIABILITY
7
 NEED FOR PROACTIVE
ACTION BY THE
INDUSTRY
• TILL SUCH TIME AS THE NEW
LEGAL REGIME DOES NOT
COME INTO FORCE, THE BPO
SECTOR HAS ADEQUATELY
COMPLY WITH THE EXISTING
LAWS, BOTH IN THE TARGET
JURISDICTION(S) BUT ALSO
LAWS APPLICABLE WITHIN
INDIA 8
 LAST FEW YEARS
• VARIOUS CASES HAVE EMERGED
• ARIF AZIM- INDIA’S FIRST
CYBERCRIME AND BPO
CONVICTION
• BAAZEE.COM CASE
• RECENT MPHASIS CASE-16
EMPLOYEES ARRESTED,
INVESTIGATIONS IN FULL FORCE
9
 LEGAL ISSUES
• BAAZEE.COM CEO AVNISH BAJAJ
ARREST HAS OPENED UP A
PANDORA’S BOX
• LIABILITY OF NETWORK SERVICE
PROVIDERS UNDER THE INDIAN
CYBERLAW
• ALL BPO COMPANIES ARE
NETWORK SERVICE PROVIDERS

10
 NETWORK SERVICE
PROVIDERS
• Section 79 in Chapter XII of the IT Act,
2000 details the liability of network service
providers.
• Section 79 gives a definition of
“network service provider” to mean an
intermediary

11
 INTERMEDIARY

• Any intermediary concerned with the

relevant business of providing network
service would come within the definition
of “network service provider”. The
liability has gone much further as the
words used are “network service
provider” rather than a narrower version
“Internet Service Provider or ISP”. 12
 ITES PROVIDERS ARE
INTERMEDIARIES
• “Network service provider” shall not only
include Internet Service Providers but
also, all other intermediaries who are in
the business of network service providing.
• Includes within its ambit the vendors in
the Indian outsourcing industry. 13
 LIABILITY –SEC 79
• No person providing any service as a
network service provider shall be liable under
this Act, rules or regulations made thereunder
for any third party information or data made
available by him if he proves that the offence
or contravention was committed without his
knowledge or that he had exercised all due
diligence to prevent the commission of such
offence or contravention.
14
 THIRD PARTY
INFORMATION
• “third party information” means any
information dealt with by a network
service provider in his capacity as an
intermediary.

15
 LEGAL ISSUES
• A large number of legal issues confront the
Indian Outsourcing Industry

• These issues need to be properly heeded to,

otherwise can have detrimental effects
upon the BPO sector and its future growth
in India.

16
NEED TO DO HOMEWORK

• The Indian Industry must do its

homework properly.
• Need to appraise about the legal challenges
in this sector.

17
 COMPLAINCE
• Need to ensure voluntary self-compliance
with existing international legal trends
relating to outsourcing.
• Industry must be in a position to convince
potential client that it has all necessary
means to comply with the legal
requirements of the client and of the
jurisdiction in which the client is based.

18
 COMPLIANCE (contd.)

• An Indian BPO service provider, since

located in India, is duty bound to comply
with the various provisions of Indian
laws which impact the outsourcing
industry.

19
 LAWS IMPACTING BPO
• These laws include the following:-
Foreign Exchange Management Act, 2000
DOT (Department of Telecommunication)
Regulations
The Information Technology Act, 2000
The Income Tax Act, 1961
The Trade Mark Act, 1999
 Ensure compliance with labor laws.
20
LAWS IMPACTING BPO
(contd.)
The Copyright Act, 1957
The Patent Act, 1970
The Arbitration and Conciliation Act, 1996
The Code of Civil Procedure, 1908
The Indian Contract Act, 1872
The Information Technology Rules
Other Notification/laws relating to or
impacting the BPO sector.

21
STARTING POINT- INDIAN
CYBERLAW

• Indian Outsourcing Industry must

comply with requirements stipulated by

the Indian Cyberlaw namely the

Information Technology Act 2000.

22
 ELECTRONIC FORMAT

• Legal requirements of any information

or any other matter being in writing or
in the typewritten or printed form, shall
be deemed to have been satisfied if such
information or matter is—

23
 ELECTRONIC FORMAT
(contd.)

(a) rendered or made available in an

electronic form; and
(b) accessible so as to be usable for a
subsequent reference.

24
 DIGITAL SIGNATURES
• Section 5 provides that wherever any law
provides any particular information to be
authenticated by affixing the signature of
any person, then that requirement shall
also be deemed to be satisfied if such
information or matter is authenticated by
means of affixing digital signatures
prescribed by the Government.

25
 DIGITAL
SIGNATURES(contd)

• Further, if any law requires any document

to be signed or bearing the signature of
any person, then such requirement of law
shall be deemed to have been met if the
document is affixed with the digital
signatures of the subscriber.

26
 RETENTION OF
INFORMATION IN
ELECTRONIC FORMAT
• Companies can legally retain the said
information in the electronic form, if-
• (a) the information contained therein
remains accessible so as to be usable for a
subsequent reference;

27
 RETENTION OF
INFORMATION IN
ELECTRONIC FORMAT (contd)

• (b) the electronic record is retained in the

format in which it was originally
generated, sent or received or in a format
which can be demonstrated to represent
accurately the information originally
generated, sent or received;
28
RETENTION OF INFORMATION
IN ELECTRONIC FORMAT
(contd)

• (c) the details which will facilitate the

identification of the origin, destination,
date and time of dispatch or receipt of
such electronic record are available in the
electronic record.

29
 DAMAGES BY WAY OF
COMPENSATION
• Section 43 provides penalty for damage
to computer, computer system, etc.
• This provision penalises access without
permission to a computer, computer
system or computer network.
• Penalty of damages by way of
compensation to the tune of INR 10
Million.

30
 DAMAGES BY WAY OF
COMPENSATION (cont.)
• Also penalised is a person who
without permission
– downloads, copies or extracts any
data or information,
– introduces or causes to be
introduced any computer
contaminant or computer virus,
– damages any computer etc.,
31
 DAMAGES BY WAY OF
COMPENSATION (cont.)
– disrupts any computer etc.,
– denies access to any person duly
authorized to access
– charges the services availed of by a
person to the account of another
person by tampering with or
manipulating any computer
– All grounds for seeking damages
32
 DAMAGE TO COMPUTER
SOURCE CODE &
DOCUMENTS
• Section 65 makes tampering with
computer source, documents an offence
which shall be punishable with
imprisonment up to three years, or with
fine which may extend up to INR Two
hundred thousand ( Rs 200,000/- ), or
with both
33
 HACKING

• Section 66 deals with the offence of Hacking

with computer system 
• Whoever…destroys or deletes or alters any
information residing in a computer resource or
diminishes its value or utility or affects it
injuriously by any means, commits hacking
• Punishable with imprisonment up to three
years, or with fine which may extend upto INR
two hundred thousand ( Rs 200,000/- ), or with
both
34
 OFFENCES
• Publishing or transmission of information,
which is obscene in the electronic form- a
penal offence
• Section 67 of the IT ACT, 2000
• ‘any electronic information which is lascivious,
or which appeals to the prurient interests”

35
 PRIVACY IN INDIA
• There is no comprehensive legislation on
privacy in India
• Left to the judiciary to interpret privacy
within the realm of existing legislations
• Right to privacy has been upheld by the
Supreme Court of India as an integral part
of the fundamental right to life under
Article 21 of the Constitution of India –
available only against State
• SC issues notice to telemarketers in PIL 36
 IT ACT & PRIVACY
• Does not deal with Privacy
• Section 72 talks about Privacy - refers to statutorily
authorized persons who, after having secured access
to any electronic record, book, register,
correspondence, information, document or other
material, without the consent of the person
concerned, disclose such electronic record, book,
register, correspondence, information, document or
other material to any other person
• Section 72 – has no bearing on violation of an
individual’s privacy in cyberspace
37
 NO DATA PROTECTION
LAW IN INDIA
• INDIA DOES NOT HAVE A
DEDICATED DATA PROTECTION
LAW IN PLACE
• DATA PROTECTION IS COVERED IN
SOME MEASURE BY THE INDIAN
CYBERLAW NAMELY THE
INFORMATION TECHNOLOGY ACT,
2000
38
 NEED FOR COMPLIANCE

• Indian Outsourcing Industry needs to be

complying with requirements of data
protection in the American and EU
jurisdictions.
• Necessary to give potential client the
confidence in the services provided by the
Indian Outsourcing Industry.

39
 GOVERNMENT IN
ACTION
• Government of India soon to come up with
effective legal regime on data protection.
• Prime Minister Manmohan Singh’s
Intervention in the aftermath of the Kkaran
Bahree case

40
 CONFIDENTIALITY
• Confidentiality matter of immense concern.
• Need to ensure preservation and protection of the
confidentiality of potential client and his business.
• Vendors need to take utmost care to ensure that their
employees do not breach the confidentiality of the
client’s data during business processing, while in
India.

41
 INFORMATION SECURITY
COMPLIANCES
• VARIOUS PARAMETERS RELATING TO
INFORMATION SECURITY ALREADY
STIPULTED BY THE INDIAN INFORMATION
TECHNOLOGY RULES, 2000
• LACK OF ORIENTATION AND AWARENESS
ABOUT THE SAME
• COMPLIANCES WITH IT SECURITY
STANDARDS eg.BS7799
42
 COMPLAINCE WITH
FOREIGN LAW
• Service Providers in India must comply with
foreign laws and industry specific rules,
regulations, byelaws and guidelines of the
specific country in which the customer operates.
• Normally service providers insists on the
customer providing them with the list of foreign
laws, specific rules, regulations, byelaws and
guidelines which would be applicable to the
services being outsourced along with actual text
of the same.
43
 FOREIGN LEGISLATIONS
COMPLIED WITH
• Gramm-Leach Bliley Act
• Sarbanes Oxley Act
• CAN SPAM Act, 2003
• Homeland Security Act
• USA Patriot Act
• Children’s Online Privacy Protection Act

44
 UK DATA PROTECTION
• UK DATA PROTECTION ACT, 1998
• “WE WOULD INSIST ON
COMPLIANCE WITH THE
REQUIREMENTS OF THE DATA
PROTECTION ACT, 1998 FOR ALL
ENTITIES INVOLVED IN
OUTSOURCING”- UK DATA
COMMISSIONER

45
 LIMITING OF LEGAL
LIABILITY

• Legal liability of the client needs to be appropriately

limited.

• There is a need for limiting the liability of the vendor

in the contract.

46
 BPO CONTRACT
• The crux of any BPO transaction is
negotiation of the contract.
• BPO contract document of extreme
significance.
• Details the contractual obligations and term
and conditions, which govern the outsourcing
relationship between the client and the
vendor.
47
 NEED FOR CAREFUL
NEGOTIATION
• Need to ensure careful negotiation of the
BPO contract keeping into consideration
various risks, operational and legal.
• Necessary to ensure the long-term success of
any outsourcing transaction.
• Some essential provisions in such
outsourcing contracts need to be
appropriately examined
48
 EXIT CLAUSE
• The contract should be able to be terminated in case
there is a material default or breach of the terms of
the contract by any of the parties.
• Need for stipulating for termination after the giving
of appropriate reasonable notice.
• Exit Clause needs to appropriately address issues
emerging after the termination of the contract
relating to various issues.
• These may include payment of outstanding fees,
completion of current work, return of delicate and
confidential information, restoration of intellectual
property rights from the vendor back to the
customer.
49
 PROTECTING
INTELLECTUAL
PROPERTY RIGHTS
• Need to ensure protection of intellectual
property rights of the customer, which
are transmitted to the vendor for the
purposes of performance of
outsourcing services.

50
 DUE DILIGENCE
• Indian Cyberlaw mandates the Exercise of “All Due

Diligence” by the Outsourced Services Providers.

• The Indian Information Technology Act, 2000

provides a robust framework governing electronic

data or information

51
 CYBER LEGAL DUE
DILIGENCE
• CYBER LEGAL DUE DILIGENCE
• DOCUMENTED, SAFE AND SECURE
• ADDS COMFORT LEVEL TO THE
CLIENTS
• ENABLES YOU TO DEMONSTRATE
EXERCISE OF “ ALL DUE
DILIGENCE” UNDER THE INDIAN
CYBERLAW
52
 CONCLUSION
• An exciting time ahead for Outsourcing to
India
• Rapid, robust rise of the Outsourcing sector
has to be supplemented with further legal
provisions relating to data protection ,
confidentiality and other related laws.
• In this direction alone lies the key for the
future growth of outsourcing to India.
53
 THAT WAS A PRESENTATION
BY
PAVAN DUGGAL,
ADVOCATE, SUPREME COURT OF
INDIA
HEAD-PAVAN DUGGAL ASSOCIATES
PRESIDENT, CYBERLAWS.NET.
EMAIL : [email protected]
[email protected]
54