Telco in Privacy Breach

The Age reports that Vodafone is investigating a security breach after it was revealed that login credentials to access customer information over the internet had not been kept secret and may have been shared with unauthorised third parties. Vodafone has also been criticised for reportedly giving all retailers and dealers such access, as this amounts to thousands of people, and there are no additional security measures to ensure that such access is always legitimate. The Sydney Morning Herald (SMH) reports that Privacy Commissioner Timothy Pilgrim has opened an own-motion investigation into Vodafone’s handling of customer information, focusing on the amount and types of information collected and retained.

Vodafone has reportedly sacked a number of staff in New South Wales for allegedly “breaking into databases to illegally access customer information”. The Age reports that the matter has been referred to the police, whilst Vodafone chief executive Nigel Dews advised that the company will “bring in independent security experts to review its systems”.

Vodafone customer service and experience director Cormac Hodgkinson explained that customer information is not “publicly available on the internet” and can only be accessed by staff via secure systems. Mr Hodgkinson also stated that the company takes “customer information and data security extremely seriously”, and uses encryption to protect credit card data.

The Age reports that University of New South Wales Professor Graham Greenleaf observed that companies are required by the Privacy Act 1988 No. 119 (Cth) to “take reasonable precautions to protect personal data”, and questioned whether remote access to customer information was compatible with this obligation. The Australian reports that Mr Pilgrim advised all companies to ensure compliance with the Act,  or risk “causing serious customer dissatisfaction and possible loss of business”. 
Vodafone’s media release (10 January 2011)
The Age: Vodafone mobile records leaked (9 January 2011)
The Age: Vodafone probes its security (10 January 2011)
The Australian: Vodafone denies client data on internet was open to all (10 January 2011)
ABC News: Dealer, employee likely behind Vodafone leak (10 January 2011)
SMH: Inquiry into Vodafone data breach (11 January 2011)
The Age: Vodafone staff sacked for infiltrating client database (14 January 2011)
(Source: The Age; SMH; Vodafone; The Australian; ABC News; Lawlex Legislative Alert & Premium Research)