-----Original Message-----
From: ICO Press Office [mailto:[log in to unmask]]
Sent: 09 October 2006 12:15
Subject: Mobile phone companies' call centres - new investigation
A statement from the privacy watchdog - the Information Commissioner's
Office
David Smith, Deputy Information Commissioner, said:
"Following evidence of illegal buying and selling of personal
information shown on Channel 4's Dispatches programme on 5 October 2006,
the Information Commissioner's Office has immediately launched an
investigation.
It appears that some mobile phone companies' call centres in India are
being targeted by criminals intent on unlawfully obtaining UK citizens'
financial records and this will be the focus of our investigation.
We are concerned by any breaches of security particularly if they
involve confidential banking details. UK organisations are responsible
for the security of their customer information. If they use an
outsourced call centre whether in the UK or India, the Data Protection
Act requires them to ensure that adequate security is in place in the
call centre. We provide clear guidance to organisations that outsource
overseas to help them ensure people's personal information is secure and
is processed in line with data protection principles.
This issue - where people sell on personal information for a price - is
not confined to India. As our report, What Price Privacy?, shows it
happens in the UK and it is a criminal offence. Where we find evidence
of breaches of the Data Protection Act we do have powers to take formal
action and we do bring prosecutions.
Depending on the outcome of our investigation we will consider whether
we need to use our formal enforcement powers to prevent incidents like
this happening again in the future. Ultimately this could include
ordering a company to stop processing personal information outside the
UK."
ICO Press Office
Direct: (0) 20 7025 7580
Fax: (0) 20 7025 7588
Email: [log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 09 October 2006 12:03
To: [log in to unmask]
Subject: Re: [data-protection] CH4 Dispatches
Clearly a problematic state of affairs but one as you intimate worth
some discussion.
For those who did not see the programme, from my perspective the stolen
data being misused appeared to consist of data collected from customers
(i.e. supposed credit check data) at call centres across many sectors,
with mobile telephone company accounts being reported as an initial and
primary vehicle. The problem appeared as one relating to misused
commercial banking data as much as being collected from any banks data.
The data did not seem to be collected only from one sector but more
broadly. As such it could be seen as a direct threat to any commercial
activity not involving the physical exchange of a form of currency, with
the programme itself having the potential to be perceived as a reaction
by a territorially protective market.
One impression (or supposition) gained here was that the mixture of some
imported personal data possibly controlled by a data processor agreement
mixed together with data directly collected from the data subject on the
direction of the data controller created a data set perceived as fairly
obtained by the call centre staff, and hence available for their own use
outside of the business itself; The only sometimes slight difficulty
being removing it from the call centre, something subsequently directly
relevant to the cost. Many of those factors are not uncommon especially
in some of the newer or more competitive business sectors.
On the surface the issues appeared to emanate from principle 2, 6 and 7
with the programme itself mainly focusing on principle 7 issues rather
than the softer and arguably more effective but potentially more
problematic principle 2 and 6 issues which provide some potential for a
longer term and more resilient fix. I swear that to me the focus all
round results from forms of short termism.
Ian W
Date: Sat, 7 Oct 2006 08:59:38 +0100
From: Nigel Roberts <[log in to unmask]>
Subject: CH4 Dispatches
I'm mildly surprised that there has been no discussion of the Ch4
'Dispatches' programme of the other night.
It has certainly made me want to consider my use of particular banks.
Does anyone know of any banks which do not export customer's personal
data to India?
--
Nigel Roberts BSc CEng FBCS DipEngLaw, Director
Island Networks, 4&5 St Anne's Walk, Alderney, GY9 3JZ (GG) Tel. 01481
822800 (office) or 0870 321 2282 (direct)
Mobile: 07010 7011 13 or +423 663 178 200
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.407 / Virus Database: 268.12.12/461 - Release Date: 10/2/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message has been scanned for viruses by MailControl -
www.mailcontrol.com
The contents of this e-mail and any attachments are confidential to the intended recipient. If you are not the intended recipient please do not use or publish its contents, contact Pinsent Masons immediately on +44 (0)20 7418 7000 then delete it. Contracts cannot be concluded with us nor service effected by email. Pinsent Masons may monitor traffic data. Further information about us is available at www.pinsentmasons.com.
This message has been scanned for viruses by MailControl, a service from BlackSpider Technologies.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|