Feeds

Info guardian to investigate call centre data leaks

TV expose´ prompts ICO security probe

Intelligent flash storage arrays

The Information Commissioner is launching an investigation into outsourced data centres after a television programme exposed security breaches at Indian call centres.

Channel 4's Dispatches was offered individuals' banking details for as little as £8 by criminal networks in India.

The Information Commissioner's Office (ICO) will investigate the practices of the mobile phone companies whose call centres were allegedly the source of the information. The investigation starts immediately.

"It appears that some mobile phone companies' call centres in India are being targeted by criminals intent on unlawfully obtaining UK citizens' financial records and this will be the focus of our investigation," said David Smith, deputy information commissioner.

"We are concerned by any breaches of security particularly if they involve confidential banking details. We provide clear guidance to organisations that outsource overseas to help them ensure people's personal information is secure and is processed in line with data protection principles."

The ICO could prevent some companies sending their data outside the UK for processing, forcing them to carry out back office functions in the UK. "Depending on the outcome of our investigation we will consider whether we need to use our formal enforcement powers to prevent incidents like this happening again in the future," said Smith. "Ultimately, this could include ordering a company to stop processing personal information outside the UK."

The Dispatches programme showed one man who claimed to be prepared to sell the credit card details of 200,000 people to the programme's reporter. Another claimed to be able to sell the mobile phone details of 8,000 people to the programme. Some of the information was available for as little as £8 per person.

UK organisations are responsible for the security of their customer information. If they use an outsourced call centre, whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place.

Smith said companies which outsource their data processing or any back office functions are entirely responsible for that data and its security. It is not permissible, he said, for a company to simply pass blame on to a contractor.

"UK organisations are responsible for the security of their customer information. If they use an outsourced call centre whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place in the call centre," he said.

Employee fraud is increasingly a problem for all companies. Fraud consultancy BDO Stoy Hayward reported earlier this year that employee fraud levels had almost tripled between 2003 and 2005 to almost £1bn in the UK. Financial services companies were the hardest hit, the report said.

Smith said the problem was by no means solely an Indian one. "This issue – where people sell on personal information for a price – is not confined to India," he said. "As our report "What Price Privacy?" shows, it happens in the UK and it is a criminal offence. Where we find evidence of breaches of the Data Protection Act we do have powers to take formal action and we do bring prosecutions."

See: The Information Commissioner's Office

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.