A series of outsourcing agreements has led to the private data of Florida state workers being passed from one company to the next before a leak finally occurred at a firm in India. Now all those companies in the outsourcing chain face losing multi-million dollar contracts.
State workers in the U.S. state of Florida were recently informed that their personal details have been compromised. The People First payroll and human resource systems were improperly subcontracted out to an Indian outsourcing firm where the data was leaked.
The list of those affected includes people who worked for state organizations between Jan. 1, 2003 and June 30, 2004. They received the corresponding notification on March 16 by e-mail. According to the Department of Management Services, the private details of approximately 108,000 people were compromised, though that figure could change as the investigation continues.
The leak occurred after the outsourcing contractor Convergys Corp. improperly allowed subcontractors in India to index state personnel files. The offshoring was done as part of Convergys's nine-year, $350 million contract to manage the state's personnel work.
Convergys had subcontracted the indexing work to GDXdata Inc., in Denver, which itself turned to a subcontractor in India, a violation of the GDXdata contract with Convergys. A Convergys spokesman stated that nobody had informed them that the work was sent to an Indian outsourcing firm. The company has since cancelled its contract with GDXdata.
The details of the offshore work were made public in late December during a "whistle-blower" lawsuit brought against GDXdata by two former employees. As yet, however, there have been no reported cases of fraud or other illegal use of the compromised data. In any case, the victims have been offered a credit-protection plan to monitor their personal finances.
But this is not enough for trade union leaders. They have called for an end to the Convergys contract. "This is a joke, and the sad thing is, we're paying for it," one union representative said.
“Outsourcing is a widespread and effective practice, but in this case it was not the right option due to security issues. Almost every outsourcing subcontractor works with private and confidential information. For outsourcing to work normally, the client company has to demand some IT security guarantees from their outsourcing partners. The most effective way of doing that is for the outsourcing firm to meet generally accepted and certified norms and implement a solution to prevent leakage," says Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld