Tuesday 17 November 2009

The T-Mobile “Defense”

An old English proverb tells us that “There are none so blind as those who choose not to see.” Today T-Mobile are in the news for insiders selling-on customer personal data against U.K. Data Protection Legislation. T-Mobile claim the data was sold "without our knowledge".
The key word in this excuse is "knowledge".
  • What did they know about their data and the way it is/was used?
  • What did they know about the data leak?
  • What do they know that they are not telling us?
  • Did they, in fact, have any actual knowledge or did they simply choose not to look?
This is another case of a global organization simply choosing not to invest in processes or technologies to control data and database access. Having such security systems and publicizing them amongst staff are a powerful deterrent and are effective in cutting insider data breaches.
The UK information commissioner Christopher Graham is advocating custodial sentences for this type of abuse of personal data. Until there is sustained public understanding resulting in political pressure I doubt this will ever become a reality in the near term.

Perhaps it is not just T-Mobile who choose not to see – maybe it is us, the people, who let our personal information float freely, without truly understanding how it is used.