November 18, 2009
Employees at T-Mobile’s UK operation have been identified as the culprits in the illegal sale of subscriber data affecting “many thousands of customers”.
UK privacy watchdog the Information Commissioner’s Office (ICO) launched a criminal investigation after a mobile telephone company – since revealed to be Deutsche Telekom owned T-Mobile – discovered that some its employees allegedly sold details relating to customers’ mobile phone contracts, including their expiry dates.
The information was allegedly sold on to T-Mobile’s competitors – which might be rival operators Vodafone, O2, Orange, or 3, or any number of third party brokers which were using the material to cold call customers prior to contract expiry dates to offer them an alternative contract – but at the moment the ICO is not saying how far its investigation will extend.
“The ICO has investigated and it appears that the information has been sold on to several brokers and that substantial amounts of money have changed hands. The ICO has obtained several search warrants and attended a number of premises, and is now preparing a prosecution file.”
According to our legal sources, this sort of thing is a legal grey area. If a company is buying this sort of data then it’s obliged to check that that the data was sourced legitimately. But if the data passed through quite a few hands, like it may have in this case, an operator’s data controller could have asked the broker they bought the data from if it was legitimately sourced by way of covering itself.
But Information Commissioner Christopher Graham is using the incident as a platform to highlight the “existing paltry fines” for such offences and call for a greater deterrent in the form of a “custodial sentence” to better stop the unlawful trade in personal information.
Graham is backing the government’s proposal to introduce a custodial sentence for so called breaches of Section 55 of the Data Protection Act from April 1, 2010.
“We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data. But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence,” Graham said.
“More and more personal information is being collected and held by government, public authorities and businesses. In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater. If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential.
“A custodial sentence will also have the added benefit of making the section 55 offence a recordable one and open up the possibility of extradition in appropriate cases,” he said.
About the Author(s)
You May Also Like