Scrap
the National Skills Registry
Historically, data security and right to
privacy had always been one of the least discussed and cared about topics in
our country. However, the AADHAR card project changed this landscape
significantly. It was the AADHAR that triggered one of the biggest discussions in
the recent times in our country on data security and constitutional rights to citizen’s
privacy. The widely publicized data collection project prompted extensive
scrutiny of the legal rights of the government to intrude the privacy of its citizens.
Highest court of the land even directed the centre government to immediately
withdraw instructions that made the cards mandatory for availing government
schemes and subsidies. The court also directed the UIDAI not to share biometric
or other personal information with anyone without the permission of the
cardholder. Thus, it should be surprising to know that a similar initiative is
being allowed to continue since last a decade unabated and unquestioned. The
initiative in question here is nothing but the National Skill Registry (NSR), a
centralized database of all the employees in the IT services and BPO companies
in India, built and maintained by NASSCOM. It is high time that the NSR initiative is
subjected to the public scrutiny and its legal backing, rather lack of it, be
examined. NSR should stop its operation till its legal validity is verified.
One of the petitions moved in the court
against the AADHAR argued that building a system that can search fingerprints
is not within the constitutional and legal mandate and scope of UIDAI and
fundamentally is against the core reason residents have provided their data
voluntarily to UIDAI. However, NSR does the same thing by collecting the finger
prints and biometric data of the registrants apart from storing their other
identity records. NSR has completed more than 1 million biometric registrations
till date. The site has 1.6 million registrations and 148 companies are
subscribers to the NSR data today. The prospective employers who are part of
the system can view the profiles of the registered professionals along with
verification results. As per the NSR’s own admission, ‘companies can always
demand access to the employee data in the NSR for processing the CV like how it
is asking for references currently’. NSR not only stores the biometric records
of the individual but also stores all the details about his/her qualifications
and career history, including remarks and reviews from the past employers,
which makes it quite vulnerable to misuse and a potential threat to the IT employees.
The National Skills Registry (NSR) is conceived
as a centralized database of all employees of the IT services and BPO companies
in India. The NSR database that contains third-party verified personal,
biometric, qualification and career information of IT professionals was
launched in 2006 and is setup and managed on behalf of NASSCOM, the National
Association of Software and Services Companies. As per NASSCOM web site, NSR is
an initiative to have a robust and credible information repository about all
persons working in the Information industry. The NSR site describes the
National Skills Registry as a web based system hosting a fact sheet of
information about existing and prospective employees of Indian IT and ITeS /
BPO industry which can be used by the IT & ITeS / BPO industry and its
clients as a credible source of information about registered professionals who
are being employed or put on client assignments. NSR site claims that it
develops trusted and permanent fact sheet of information about each
professional along with background check reports and it is a security best
practice for the industry and assures identity security and industry acceptance
to honest professionals.
An important question was recently posted
in one of the leading HR forums by an IT employee that should open everyone’s
eyes to the potential misuse of NSR. The question was this; “I am an IT
employee with 10 years of service in the industry. Recently I got an offer from
a multinational Indian IT Company in Bangalore. However, I had to decline the
offer as I got a better offer from another company in the meanwhile. Couple of
days back the HR head of the first company called me and threatened me saying
if I don’t join them they would report me to the NSR and put a ‘black-mark’
against my profile and I would not be able to get a job in the future in any of
the IT Companies. Is this legal and can a company do this?”. It is possible
that the HR Manager might have been misusing the name of NSR in this case.
However, the possibility of an IT professional facing such a threat is very
real. An initiative likes NSR which
lacks transparency and privacy and is heavily in favor of the powerful
corporate certainly invokes insecurity and scare among the IT employees. The IT workforce is skeptical about the data
security and access management of the data collected by NSR. They are skeptical
on how secure their profile data is with NSR and who all get to see their personal
and professional information. An industry that shows scant regard to the labor
laws of the land will hardly think of employee’s right and privileges and the
employees can’t be blamed for being afraid of the misuse of the information at
NSR. Most importantly, an initiative that was started as ‘purely voluntary’ has
now become ‘mandatory’, obviously because of the huge imbalance in the power
and influence enjoyed by the two parties involved, namely the corporate and the
IT professionals.
Most of the companies now-a-days insist that
their employees be registered in NSR. They also insist on vendors that their
employees should also be registered with NSR if they are to be empanelled or
awarded with projects. Though the NSR website says the information is
‘voluntary’, the employees are left with no option but to register with the
site as the companies insist the employees should register themselves with NSR.
The smaller service providers who rely on their bigger counter parts to get
projects are even arm twisted by the biggies through the mandatory NSR
registration clause in the contracts. NSR thus becomes one of the most potent
tools in the hands of the employers for blackmail and other misuses against the
helpless professionals in the IT industry. It also amounts to practicing
unconstitutional surveillance on the individual employees and intrusion of
their privacies.
In the case of AADHAR, many quarters,
including citizen forums, NGOs and the courts raised concerns that the data cannot
be secure at the authority’s hands. The possibility of data collected by the
UIDAI being used for commercial purposes without the knowledge or permission of
the individual concerned, the inherent vulnerability of a huge national
database built up through external contractors and the overall lack of
transparency in financing and running the project were all questioned. All those questions are very much relevant to the
NSR initiative as well. The NSR should be scrapped immediately as it is fast
becoming another tool for the unfair exploitation of the IT professionals and
further makes the employees’ position in the industry weaker.
Suresh Kodoor
sureshkodoor@gmail.com
