Australia's Department of Defence has terminated the contract of a supplier after it became apparent it was processing the claims of up to 80,000 ADF personnel using servers hosted overseas.
Defence’s healthcare provider, Medibank Health Solutions (MHS) has cut ties with Italian-based eye-wear company Luxottica – which operates the OPSM brand in Australia – after it found out the provider was processing and hosting the personal details of serving officers offshore, contravening the conditions of the Defence deal.
Luxottica has held the contract with MHS since 2012 and Defence has advised that any staff using the optometry service since then are likely to have been affected. When it signed the deal, Luxottica forecast it would offer eye services to as many as 80,000 defence personnel a year.
Medibank has apologised for the breach.
Defence Vice Admiral Ray Griggs said “both the Chief of the Defence Force, Air Chief Marshal Mark Binskin, and I are treating this issue very seriously,” and that interim optometry arrangements were being put in place.
“Our priority is to understand the extent of the data transferred overseas while ensuring ADF members can continue to access optical services,” he added.
The revelations come just days after Telstra was forced to confirm that no services or data related to its terrestrial communications contract with the department would be sent to India as part of the offshoring of nearly 700 roles by the telco.
“No government contract with Telstra can be sent offshore,” stressed a Telstra spokesperson.
Luxottica has not been available to comment on the location of the data nor any IT partners involved in the offshore processing.
Update 29 July 2014: A spokesperson for the Department of Defence has confirmed that the offshore hosting of private details of ADF personnel is only permitted with the sign off of the Defence Minister and Attorney-General, under current whole-of-government information security policy.