A New York IT contractor "swelled its profits" by outsourcing government work offshore that should not have left the state. A major part of the work was sent to India in violation of state security rules, New York investigators said.
The contractor, Focused Technologies Imaging Services in Albany County, was working under a $3.45 million contract to scan and index 22 million fingerprint cards maintained by the New York State Division of Criminal Justice Services.
Focused Technologies, in turn, hired an India-based company that performed about 37% of the work and was paid $82,000.
The fingerprint cards are associated with arrests and incarcerations, and with applications for jobs or licenses where a criminal history background check is required. The cards, which were all dated before 2009, contained sensitive data including signatures, Social Security numbers, physical characteristics and dates of birth. Focused Technologies employees were required to pass criminal background checks to work on it.
The work also was supposed to be completed in a secure state facility, and employees were required to "surrender their cell phones at the commencement of each shift," according to a report released Friday by the New York state Inspector General Catherine Leahy Scott.
The contractor, under the agreement with the state, was also required to hire people with disabilities for the work.
Focused Technologies was fined more than $3 million for violating state contract security protocols by outsourcing millions of records to a Mumbai, India-contractor, state officials said.
The Indian firm had no knowledge of the outsourcing restrictions and cooperated with investigators. The company is not identified in the report.
The computers used for the project were not connected to the Internet. However, several contractor employees copied images onto portable hard drives and then hand-carried the drives to their offices where the data was transmitted to India. This went on for a year.
The contractor "circumvented virtually all contract provisions governing the handling of sensitive records to which they were entrusted," Scott said in a statement.
Focused Technologies apologized for its actions.
"Eight years ago the company took on a state contract and made a major mistake with its administration. Today, we acknowledge this error in judgment and sincerely apologize," said the company, in a statement. "None of our current customers or contracts have ever been impacted by this incident. We are firmly committed to our mission of providing job opportunities to individuals with disabilities, and maintaining a positive work culture," the firm said.
Focused Technologies said the agreement allows it to remain as part of the state preferred source program. The company said it has also hired an independent monitor approved by the attorney general's office.
Sign up for CIO Asia eNewsletters.