In my opinion, there is no fair reason for preventing any company (even
a large one like BT) from retaining data on former customers for ANY
reasonable length of time.
It is historical commercial data of relevance.
Your argument seems to be based on more on competition considerations
than Data Protection. In that regard, bear in mind that until extremely
recently BT was prevented (by the price cap) from offering lower prices
than its competitors . .
Nigel Roberts FBCS
(ex-BT software developer)
Simon Howarth (RGC) Interim Information Governance Manager wrote:
> In the main I agree with Tim here, it's the context of the information that
> is important. I had a chat about this with a colleague who immediately
> thought about checking the phone bill of her friends estranged husband who
> says he never has any money for child support and can't afford to pay his
> bills. You have to rememember that potentially any piece of information is
> personal information if it can be match with other data to identify an
> individual, the fact that I can find out when the bills have been paid for
> all the phone numbers I know, makes that personal information.
>
> It's this ability that could lead those with the time/energy/lack of ethics,
> to garner more information and use it.
>
> Martin is wrong in saying that the enquiry appears to relate to a phone
> bill, yes it does, but a phone bill is paid by someone. Utility companies
> have spent a lot of time and money moving their information management from
> a "household" to a person for this very reason. IN the same vane as the
> anecdote above, one company I worked for, often got calls from one of a
> seperated couple trying to find out this very fact - how much was owed.
> Whilst BT haven't gone this far (you need an account number to do that - and
> that has implications all of its own) it's still not right or ethical.
>
>
> On the subject of BT keeping old customer's (not customer's who are
> old)information, I do not see the problem in that so long as there is a
> strict retention policy. For example I helped to put in place a mechanism
> for a mobile phone company that allowed (with a nod from the ICO) contract
> data for two years. The argument being that a customer will have left more
> than likely for another contract to which they will be tied into for 12 to
> 18 months. The company would then contact them after 10 months to ask them
> to come back, then again at 16 months and finally at about 22 months. If
> they have not come back after that, then the main details are removed and
> only basic account data is kept for legal and management reasons. I believe
> it has served them well.
>
> As for new market players I don't think that is relevant. As a new player
> you buy your contacts (legally), or generate them yourself. If a company
> already has this information through their own endeavours and have the
> permission of the individuals to use it and they use it legally then fine.
> The new player will get there eventually....
>
> Simon.
>
> -----Original Message-----
> From: Tim Trent [mailto:[log in to unmask]]
> Sent: 03 February 2006 07:31
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
>
> Now that gets more interesting.
>
> Let us assume that the data is "debatably personal" but definitely
> confidential.
>
> Data must be processed fairly and lawfully.
>
> My private phone number (foolishly) appears on my private web site (OK, it
> doesn't, but it could), and my private web domain is registered correctly so
> a "whois" search can find who I am. I live alone with my 27 cats. It says
> so in my web site. (Please keep real, here, I only have two cats, my
> neighbour's greyhound killed the third while he watched).
>
> We now have the conditions where breaching confidentiality is unlawful
> (surely?) and my phone number is capable of identifying me as a living
> individual together with the other information which is easy for anyone to
> posses. There will be a short survey about how anally retentive I am
> shortly, plus the colour of the anorak I wear while spotting trains at
> Clapham Junction. That makes both unlawful processing and not keeping my
> data safe and secure.
>
> Add to this transfer of data to arbitrary third party, and also to arbitrary
> third country (coz they have phones in darkest Swynthia, and it is not a
> safe haven
>
> So, civil issue for tort over confidentiality. DPA complaint re lack of
> security, unlawful processing, transfer to third party and transfer to third
> country.
>
> I fully expect the UKIC to take precisely no action, because BT will, by
> then, have ceased processing in this manner, and, as we know, he does
> nothing about offences after you stop committing them. {I am so glad you
> have stopped killing your patients, Dr Shipman. Please carry on, you are an
> excellent GP; you have such youthful and fit patients, too; it's a pleasure
> to visit your surgery.]
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Martin Hoskins
> Sent: 03 February 2006 00:26
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> I'm playing the Devil's advocate this Friday morning! In a post-Durant world
> are we really certain that the information that BT is sending by SMS really
> is "personal data"?
>
> BT might argue that the information was confidential, but that it was not
> sufficiently "pesonal" to fall within the ambit of the DPA. After all, the
> account could be a corporate account, or it could be used by someone (or the
> bill paid by someone) other than the individual to whom the account may have
> been registered. The information being released by BT appears to relate to
> the phone bill, which seems to be some way from the Durant test of personal
> data, which is that the material needs to be biographical or about someone,
> rather than about something that has a less precise link with an individual.
>
> I agree that BT appear to have acted foolishly in allowing "anyone" to learn
> of the date that a particular phone account was paid. But I would suggest
> that BT is closer to breaching the tort of confidence than it is of the DPA.
>
> Just a few thoughts to stimulate the debate!
>
>
> --------------------------
> Sent from my BlackBerry Wireless Handheld
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> To: [log in to unmask]
> Sent: Thu Feb 02 20:34:07 2006
> Subject: Re: BT SMS service
>
> Remember the friend whose bill I checked? Well he called 150 and then
> pressed 9 to get straight through to the customer service team.
>
> After telling him that this was a matter for his mobile provider, O2 and
> hanging up on him he called O2 and found that the short number belongs to
> "SSSN" a subsidiary of BT. He called back and suggested he might be about
> to unleash the hounds of hell upon them. He has a sense of the absurd.
>
> This crew had heard of the problem. Apparently they'd had another call
> about it this evening. I wonder who that was?
>
> They are referring it to the Data Protection team and senior management in
> the morning. My friend is referring it to the UKIC and Ofcom.
>
> And he is passing the baton to a few friends of his.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 02 February 2006 20:05
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> Given that BT consider the service of such importance it apparently
> warranted a SMS message to all its SMS subscribers (with perhaps other
> marketing material yet to come) I wonder if they will consider the security
> issues created sufficiently problematic to report any breaches that occur to
> the data subjects affected thereby allowing the data subject to decide if
> they constitute a serious enough offence against them to take action?
>
> Or maybe subscribers will be left in the dark and reliant upon subject
> access to try and find details of how any experienced compromise was caused.
>
>
> Ian W
>
>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of Tim Trent
>>Sent: 02 February 2006 17:31
>>To: [log in to unmask]
>>Subject: Re: BT SMS service
>>
>>
>>I am in the middle of "150" at present and listening to "elevator
>>music" between talking to a very pleasant lady who has a colleague
>>with her who "knows about the service"
>>
>>She has asked me if I had my friend's permission to enquire about his
>>bill payment. I explained that I did not, but that I would tell him
>>this evening, and that he would be angry and would doubtless make a
>>formal complaint as well. She did suggest that my enquiry may be
>>fraudulent! I was very polite and did not laugh at all.
>>
>>This is an odd one. I believe that it is Data which, "with other data
>>in the possession of..." is capable of identifying a living
>>individual. Others may disagree
>>
>>Terms and conditions are at
>>http://www2.bt.com/static/i/btretail/panretail/sms/Terms_condi
>>tions.htm
>>
>>Been on the call 20 minutes so far. I am glad I am not in the smelly
>>call box in the village!
>>
>>We do have BT's data protection guru on this list by the way!
>> She's a very nice practical person. I bet no-one asked her about
>>this service though.
>>
>>More when I get the call concluded
>>
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of Tony Bowden
>>Sent: 02 February 2006 17:13
>>To: [log in to unmask]
>>Subject: Re: [data-protection] BT SMS service
>>
>>On Thu, Feb 02, 2006 at 05:00:33PM -0000, Tim Trent wrote:
>>
>>>>I phoned BT to complain, but neither of the two people I talked to
>>>>seemed to even be aware of the service, and certainly
>>
>>didn't know how
>>
>>>>to handle enquiries about the privacy implications of it. I'm
>>>>currently waiting for someone more senior to call me back.
>>
>>>How on earth did you find a number to call?
>>
>>On the www.bt.com/sms page there's a "terms and conditions" link.
>>
>>Buried in that page (para 10) there's mention of their "Customer Care
>>line on 0800 800947"
>>
>>That doesn't really seem to be a Customer Care line though, as the
>>first person I spoke to said he'd have to pass the enquiry onto
>>Customer Care.
>>
>>And of course, 45 minutes later, I still haven't received my
>>"15 to 20 minutes" response ...
>>
>>Tony
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.0/248 - Release Date: 2/1/06
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|