by Noelle McElhatton,
marketingdirectmag.co.uk
18-Nov-09, 08:30
Data privacy watchdog the Information Commissioners Office has featured the scam in its proposal to government arguing for jail terms in cases of serious Data Protection Act breaches.
Christopher Graham, the Information Commissioner, said yesterday that a mobile phone company had contacted his office warning of the scam - but did not name the firm.
However T-Mobile has since revealed that it was one of its employees, no longer with the company, who sold thousands of records to brokers.
The middlemen would then attempt to sell the data to rivals in order to contact owners before their contracts expired and offer them a new deal.
T-Mobile, which has 16.6m UK customers, says it has "since put systems in place to minimise the risk of it happening again".
Details of the breach were contained in a submission by the ICO to the Ministry of Justice seeking jail terms for serious data protection infringements.
In its submission the ICO said that a prosecution case "is now being prepared".
It confirmed that the number of records involved "runs into the millions" and that "substantial amounts of money changed hands".
Graham, who took over the IC role in June advocating zero tolerance of data privacy breaches, is supporting government proposals for people who steal and sell on personal data to be jailed under Section 55 of the Data Protection Act.
The current maximum punishment is a fine.
"If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential," Graham said.
Comments
The recent news concerning the theft of mobile telephone renewal contract information by employees from German operator T-Mobile, which has subsequently been sold on to several brokers, highlights the fundamental requirement for robust data governance within any organisation storing personal information.
A comprehensive data governance strategy should have multiple objectives, but its primary focus must be on ensuring the security and proper use of customer information through good audit controls. These may include disabling USB Storage ports and CD/DVD writing on PC's, deploying full laptop encryption, securing data areas both logically and physically, controlling and auditing data movement. All such actions can mitigate against data loss and theft.
With endless data breeches reported in the press over the last year and a general mistrust by consumers of companies and brands who collect their personal information, demonstrating a clear compliance with data management best practice should be the very least such a strategy should deliver. Beyond this, data governance has the potential to become more than a safety net to help organisation's avoid breaking Data Protection, other legislation and best practice. A comprehensive governance strategy can be instrumental in supporting an organisation in more effectively managing and utilising customer insight; vital in the context of business today, where recognition of the central role customer understanding has to play in guiding and enriching every interaction between consumer and brand becomes ever clearer.
Well that explains all those hard-sell phone calls I used to get when I was with T-mobile. So glad I moved to O2.
T-Mobile has been unfortunate on this occasion, but companies such as these have to put their trust within the technical people that work within their organisation who have access to such information. The people that have this responsibility should be vetted thoroughly and not have full access to this kind of information on their own. Those people guilty of selling this data obviously have no regard for people's personal information and are oblivious to the impact this type of theft has on both the company and consumers in general; consequentially they should be punished for their actions.
The effect on the industry will be greater given the amount of publicity this story has attracted and further emphasis will be put onto those companies that hold such data to tighten up their security so that this doesn't happen again. The general public will react in the worst possible way, conscious that there are far more personal bits of information held on them, such as financial information which they would not want to fall into the wrong hands or be shared outside of where the information should be held. Identity fraud has been a big topic in the past and this is another large blow to the industry which we could all do without.
Comments
Paul Eveleigh, EHS Brann Discovery - 18/11/2009
The recent news concerning the theft of mobile telephone renewal contract information by employees from German operator T-Mobile, which has subsequently been sold on to several brokers, highlights the fundamental requirement for robust data governance within any organisation storing personal information. A comprehensive data governance strategy should have multiple objectives, but its primary focus must be on ensuring the security and proper use of customer information through good audit controls. These may include disabling USB Storage ports and CD/DVD writing on PC's, deploying full laptop encryption, securing data areas both logically and physically, controlling and auditing data movement. All such actions can mitigate against data loss and theft. With endless data breeches reported in the press over the last year and a general mistrust by consumers of companies and brands who collect their personal information, demonstrating a clear compliance with data management best practice should be the very least such a strategy should deliver. Beyond this, data governance has the potential to become more than a safety net to help organisation's avoid breaking Data Protection, other legislation and best practice. A comprehensive governance strategy can be instrumental in supporting an organisation in more effectively managing and utilising customer insight; vital in the context of business today, where recognition of the central role customer understanding has to play in guiding and enriching every interaction between consumer and brand becomes ever clearer.
David Miller - 18/11/2009
Well that explains all those hard-sell phone calls I used to get when I was with T-mobile. So glad I moved to O2.
John Pooley, The Data Partnership - 19/11/2009
T-Mobile has been unfortunate on this occasion, but companies such as these have to put their trust within the technical people that work within their organisation who have access to such information. The people that have this responsibility should be vetted thoroughly and not have full access to this kind of information on their own. Those people guilty of selling this data obviously have no regard for people's personal information and are oblivious to the impact this type of theft has on both the company and consumers in general; consequentially they should be punished for their actions. The effect on the industry will be greater given the amount of publicity this story has attracted and further emphasis will be put onto those companies that hold such data to tighten up their security so that this doesn't happen again. The general public will react in the worst possible way, conscious that there are far more personal bits of information held on them, such as financial information which they would not want to fall into the wrong hands or be shared outside of where the information should be held. Identity fraud has been a big topic in the past and this is another large blow to the industry which we could all do without.