Compliance in various forms is almost here, and it will significantly affect Indian medium sized businesses over the next couple of years. As is usually the case, this trend will be primarily driven by regulations, followed by standards. One of the forerunners of this impending wave is the Information Technology (Amendment) Act, 2008.
With its immense potential for misuse (by the authorities, who else?), the Information Technology (Amendment) Act, 2008 presents a simple message for any Indian medium sized business that relies on IT — shape up or ship out (No wonder that the information security vendors, consultants and system integrators are already drooling in anticipation). Yet another compliance, but of significantly lesser impact to many Indian medium sized businesses, is the Payment Card Industry Data Security Standard (PCI DSS) if your organization works with credit or debit card payments. And these are just the tip of the iceberg.
The larger organizations have already mastered the art of compliance to a great extent, so it’s the medium sized business which is likely to be targeted by over enthusiastic IT Act enforcers. Don’t get me wrong, the Information Technology (Amendment) Act, 2008 does have its salient points. But the real danger lies in the Act’s enforcement, which is where your medium sized business needs to have its part clear. If nothing else, it will help you keep your side of affairs manageable.
At the risk of sounding alarmist, I feel that the need for compliance is real for medium sized businesses — especially organizations which have had absolutely no control over inhouse IT systems over the years. Before you break off into a tizzy over this callous statement, just consider the term “objectionable material” as defined by the Indian law. This subjective term can undergo mutilation as per the whims and fancies of the enforcer. For example, the accountant forwarding naughty pictures is sufficient to land your entire organization in hot water with non IT-savvy Police authorities. Or worse, imagine what might happen if the “moral upkeepers” of Indian society decide that they don’t like your organization for some reason or the other. We don’t want to give them more fodder in our hard disks, do we?
I might be going over the top, but many Indian medium businesses have enough skeletons when it comes to their cable closets. Just to drop a hint, software licensing issues itself should ring enough alarm bells. The sooner we give these ghosts a peaceful burial, the better it will be for all of us.