Yesterday’s announcement that a T-mobile employee sold data, including phone numbers, names and addresses, raises some important issues for the sector.
The fact that it has been so widely reported shows that privacy is a major issue for people, especially when it comes to their mobile phones. Marketers need to understand the issue of privacy.
The response from the Information Commissioner’s Office (ICO) is interesting. The commissioner, Christopher Graham said:
“If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained effective sanctions are essential.” In saying that he was pushing for greater penalties, suggesting that the individual should be jailed.
Fair enough. But there are greater issues than simply the bad behaviour of one individual.
Firstly, where is the corporate responsibility? T-mobile state that the employee was sacked and that systems have been put in place to prevent it happening again. But why did it happen in the first place? And why should the blame go solely on one person? I believe that the operators have a responsibility to protect their data better. That isn’t just my view, you’ll also find that the Data Protection Act also agrees with me!
The fact is that data leakages have been commonplace from the mobile operators for years. I know of one contractor who was working short term for an operator. He could see all of the data and SMS content from the operator’s users. His girlfriend was on the particular network, so for a bit of fun he decided to see if he could see her text messages. He could. And it turned out she was having an affair with someone else!
On a further issue of corporate responsibility for data, who was buying it? Again, the telco’s or service providers who were intending to market to the T-Mobile customers should be carrying out the necessary due diligence to ensure the numbers were ligitimately obtained.
The second issue is that of the ICO, and their response. Christopher Graham was asking for tougher penalties. Looking at the $5m plus fines raised against spammers in Australia, I would agree, however, as I have already said, it should also apply at a corporate level, not simply ‘rogue’ individuals. However, in my experience the problem with the ICO is not simply the penalties, but actually enforcing the regulations in the first place. I blogged about tracking some spammers a few months ago. However, the net result is that it seems the ICO are not sufficiently resourced to trace them in the first place. When they are given information on spammers, they do not seem to be sufficiently resourced to make a prosecution.
So, perhaps the lessons to be learnt from this are:
The operators should do more to prevent data losses in the first place
The ICO should be given more resources to investigate and make prosecutions