Three employees of Mphasis, a business process outsourcing ("BPO") firm, which runs call center services for Citibank's U.S. customers in Bangalore, India, were arrested for allegedly siphoning $350,000 from the accounts of Citibank's U.S. customers. These employees used their positions, which provided them access to Citibank customers, to induce four customers into giving out the personal identification numbers to their accounts, allowing the employees to illegally siphon funds out of those accounts. Outsourcing is a growing trend among budgetconscious U.S. companies and institutions. Information being outsourced includes personal data and confidential proprietary information. For example, Unisys Corporation, a company that handles sensitive information such as police records and databases for the U.S. Department of Homeland Security, is among scores of large corporations that farm out technology-related work to economically efficient, low-wage countries such as India. In 2004, over 80% of U.S. companies considered outsourcing their infonnation technology services to destinations such as India. Companies in the United States outsourced approximately $3 billion in business processing work in 2005, reflecting a 65% increase from the previous year. The business processing work included the transfer of personal data for processing insurance claims, credit card transactions, and transcription of personal medical files. India's outsourcing and electronic technology industry generated revenues of$36 billion in 2005, reflecting a 28% increase from 2004.
As the wave of outsourcing swells, the issue of infonnation piracy and datasecurity in India has come under greater scrutiny. The absence of appropriate statutory measures in India is becoming of greater concern to investors, corporations, the legislature, and the public in other nations. India is being urged to enact an adequate data protection regime which dictates the appropriate parameters for the collection, storage and usc of personal data by private and government entities. Given the international focus on India's data protection scheme, it is merely a matter of time before India enacts data protection laws. However, since intellectual property rights that lack enforcement are worthless, the seminal issue that remains once the data protection laws are in place is whether the laws will be enforced in such a manner as to provide any meaningful protection to data. The existing enforcement regime in India's legal system is pitifully deficient, marred by interminable delays in moving matters through the existing court system. India will be unable to provide adequate protection to data unless asolution is found to address the court delays, and procedures established for expediently prosecuting data protection breaches and compensating those harmed.
This paper recommends a system of specialized courts that deal with data protection and other cyber infringement matters. After analyzing specialized courts in various other jurisdictions and assessing their viability in India, a proposal is made for specific features for a Cyber Infringement Court in India.
21 Temp. Int'l & Comp. L. J. 103 (2007)