The recent report that USPTO has sent a notice to US legal firms that they need to obtain “Export License” before outsourcing Patent drafting work to India has raised doubts whether this could be a deathknell for the fledgling LPO industry in India. The industry which is estimated to be worth around US $640 million  today employing around 7500 employees is expected to grow to US $ 2 billion and employment levels of 30000 by 2010. It would be sad if the anti outsourcing lobby of US is able to cut off outsourcing of legal work to India under this pretext. More than the loss of business to India, the greater losers would be US Inventors and Companies which will see that their patent expenses would increase four to five times immediately.

Though a leading Economic Daily in India has given out a dooms day predictions to LPO, Naavi does not believe that such a prediction is correct.

Firstly, it is necessary to recognize that USPTO is well within its rights and is perhaps under a duty to inform its clients that some of the technology information that may be subject matter of patent applications may have national security implications and its disclosure to other countries may need to be regulated.

Patent essentially being a legislation to promote publication of inventions, it is not possible to hold back the information from anybody including the terrorists once the specifications are published in a gazette. What USPTO may be trying to protect is not the ultimate dissemination of technology information but dissemination at a time when the information may leak out and create loss of patents to the US inventors.

A “Prohibition” of export of patent related information is not supported by the system of Patents which encourages global search of prior art and registration under PCT.

I therefore feel that there is a need to  interpret the USPTO move as only an expression of its concern on regulating the information security when it moves out of the shores of US. This concern is genuine and if Indian LPO industry has to justify its existence, it is necessary for them to respond positively to this concern.

Naavi who is also the founder of Cyber Law College, a pioneering venture in Cyber Law education in India and an architect of many pioneering services to the Cyber Law Compliance area in India has now a ready prescription for the Indian LPOs to ensure that USPTO cannot be manipulated as an instrument of the anti-outsourcing lobby.

Cyber Law College as a part of its CyLawCom initiatives (Initiatives for Cyber Law Compliance of IT operations in India) has developed for the first time in India as well as anywhere in the world an Information Security Standard for the processing of Legal Information. This “Legal Information Privacy Standard” or “LIPS” Standard in its version 1008, incorporates 21 information security principles drawn from the established principles of Privacy Protection and Information Security available in various other information security initiatives.

The principles are drafted with the idea of simultaneously meeting compliance standards in ITA 2000, HIPAA and ISO 27001.

 

All LPOs in India whether they are low end functionaries or high end functionaries, can adopt these standards through a process of audit.

The end objective of the LIPS is to ensure that the Privacy Interests of the customers whose legal information is processed in India is well protected. LIPS is a voluntary standard and non compliance of the standard is not directly  punishable under law.

However, for any data theft or confidentiality compromise, civil and criminal liabilities under ITA 2000 can be invoked. This includes civil liabilities upto RS 10 million and imprisonment upto 3 years. The Personal Data Protection Act which is in process in India may also impose imprisonment upto 3 years for privacy breach with fine of upto Rs 10 lakhs and also provide for Civil liabilities. This act is yet to become a law in India.

Implementing LIPS could be considered as “Due Diligence” for corporates to shield its executives from vicarious liabilities arising out of any breach of law by the use of its network.

LIPS implementation is a three step process where the audit team will first make a “Gap Analysis” and provide the requirements to be fulfilled by the organization. These have to be then implemented by the organization in the second phase. In the third phase the audit team will evaluate the implementation and provide a certificate of compliance with LIPS. This is subject to internal review once in three/six month and for external review once in a year. 

(This is the second part of the article, the first of which was posted earlier today)

 Naavi of Naavi.org 

Be Sociable, Share!