Guarding Your Company’s Customer Records
Mid-November brought an embarrassing admission from a mobile phone company in the UK. T-Mobile had to inform Commissioner Christopher Graham, Britain’s watchdog responsible for safeguarding personal information that staff had passed on millions of records from thousands of customers to third party brokers. Graham, whose office is currently preparing a case for prosecution, said the data breach was the biggest of its kind. A T-Mobile spokesman admitted that the data was sold “without our knowledge”. If you want to ensure that this doesn’t happen to your firm, consider calling in a team of experienced professionals straightaway. They are skilled in using sophisticated methods of investigation – like computer forensics and transactional analysis – to identify and reinforce the weakest links in your operational chain.
The Commissioner has explained how the brokers involved sold the data on to other phone companies, which in turn cold-called the customers as their contracts neared their expiry date. He also said that the case highlighted why there should be a prison sentence to dissuade people from trafficking in private data in this way. Britain’s Minister for Justice supported him, recommending custodial sentences to prevent the illegal trade in data. Graham believes that the existing “paltry fines” – £5,000 following a successful prosecution – are simply insufficient to deter people from engaging in this lucrative criminal activity.
Moreover, he said that data theft wasn’t just about mobile phone companies. It’s also about blagging information from databases to use to “put the frighteners on witnesses, attempt to knobble juries, pursue ‘nasty neighbour’ disputes, interfere in family courts, and in difficult divorce settlements. Personal data has value and there are people out there exploiting it.” The Conservative Party in Britain wants to go even further. It’s calling for the Commissioner’s authority to be beefed up, with him being provided with “a full set of punitive strings to his bow, including the power to fine organisations.”
Initially, Commissioner Graham had refused to name the operating company involved in this case as it could prejudice a prosecution. Later, however, five phone companies – Orange, Virgin, 3, 02 and Vodafone – stated that they were not the subject of investigation. T-Mobile thereafter confirmed that it was the company in question. T-Mobile expressed its deep regret for the incident and stressed that it did take customer information seriously. It said that after having advised the Commissioner of the data theft, it had worked closely with him not only to identify the source of the breach but also to examine ways “to help stamp out what has become a problem for the whole industry”.
The message for companies in Graham’s words is that it’s not only major databases, like those that phone operators hold, that are at risk. You need to carefully examine the entire spectrum of customer and other information that your firm has in its possession. The best way to do this is to hand the task over to a team of professionals with a solid track record. They’ll not only identify danger spots for you and how to deal with them, but also point out other ways in which your staff might be using your firm as a platform on which to launch their own lucrative enterprises. Personal data has value and some people with access to it are quick to exploit that.
