Sara Blackwell, a Florida attorney who is representing Disney workers in a lawsuit lawsuits filed over their layoff, is fighting the use of H-1B visa workers, but believes security concerns can be used to fight layoffs.
U.S. firms argue that vendors are bound to contacts to protect data, but "it really doesn't protect the actual American people if it's just a contract between two companies," says Blackwell.
Allowing offshore access to data is not only a risk to data privacy and security, says Blackwell, "it's also the reason why a lot of our jobs can be offshored." She is trying to interest lawmakers to draft legislation protecting personal information from overseas access.
In the letter to Feinstein, the IT employee wrote in part: "The HCL workers who will be stationed in India have FULL access to not only UCSF medical and financial information, at the system and database level, but file shares that contain research and study data. Good luck to UC if the research for a cure for a major disease is stolen. If we are doing this in the interest of security, why are we allowing access to our systems from one of the least secure countries? Furthermore there has been little communication to the UCSF population that access to systems that contain their personal information is going to be accessed by workers in India.
"Staff, students and patients probably have no recourse, but certainly the researchers who UC holds in great esteem should at least be given the courtesy to be notified and the opportunity to move their data to an onshore location where intellectual property laws exist and are upheld." A separate UCSF IT employee interviewed raised very similar concerns. They asked that their names not be used because they are still employed.
This was the second note sent to Feinstein. The senator's staff initially responded to the IT employee concerns with a form letter, but subsequently sought more information from the employee after Computerworld asked questions about the initial response. A Feinstein aide described their initial response as a mistake.
Told of employee concerns about IT security, UCSF officials responded with this email statement:
"Security and privacy have been integral to UCSF's outsourcing from the beginning. All UCSF data will remain in the United States in this delivery model. HCL staff assigned to the UCSF account will only have access to data via a virtual desktop over a private encrypted network. This will ensure that all UCSF data stays in the United States. HCL has a secure, modern facility and employs technical, procedural and audit controls to prevent its workers from saving, copying or recording data. This delivery model will provide increased security for administration of UCSF information systems."
Sign up for CIO Asia eNewsletters.