San Francisco Chronicle columnist David Lazarus was greatly concerned over the news that a Pakistani sub-sub-subcontractor for UCSF Medical Center threatened to reveal confidential patient data if she was not paid by the man who had hired her. The woman sent an email, with doctors’ dictation files attached, directly to UCSF, demanding restitution. Her employer’s employer ended up paying her and she withdrew her threat, but UCSF has no guarantee that the data is safe, and no one there was aware that patient data had been sent overseas. This week Lazarus calls our attention to Bank of America’s decision to open a subsidiary in India which would potentially be handling “sensitive customer information.” His point is not that offshore employees are less trustworthy than American ones, but that we can’t depend on the enforcement of privacy and extortion laws overseas. If the Pakistani woman had been a U.S. worker, U.S. law enforcement would have been on her case immediately. As customers we are not aware of, nor do we have control over, the transfer of our personal data to locations with lessened protection.