Feeds

Info guardian to investigate call centre data leaks

TV expose´ prompts ICO security probe

Top three mobile application threats

The Information Commissioner is launching an investigation into outsourced data centres after a television programme exposed security breaches at Indian call centres.

Channel 4's Dispatches was offered individuals' banking details for as little as £8 by criminal networks in India.

The Information Commissioner's Office (ICO) will investigate the practices of the mobile phone companies whose call centres were allegedly the source of the information. The investigation starts immediately.

"It appears that some mobile phone companies' call centres in India are being targeted by criminals intent on unlawfully obtaining UK citizens' financial records and this will be the focus of our investigation," said David Smith, deputy information commissioner.

"We are concerned by any breaches of security particularly if they involve confidential banking details. We provide clear guidance to organisations that outsource overseas to help them ensure people's personal information is secure and is processed in line with data protection principles."

The ICO could prevent some companies sending their data outside the UK for processing, forcing them to carry out back office functions in the UK. "Depending on the outcome of our investigation we will consider whether we need to use our formal enforcement powers to prevent incidents like this happening again in the future," said Smith. "Ultimately, this could include ordering a company to stop processing personal information outside the UK."

The Dispatches programme showed one man who claimed to be prepared to sell the credit card details of 200,000 people to the programme's reporter. Another claimed to be able to sell the mobile phone details of 8,000 people to the programme. Some of the information was available for as little as £8 per person.

UK organisations are responsible for the security of their customer information. If they use an outsourced call centre, whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place.

Smith said companies which outsource their data processing or any back office functions are entirely responsible for that data and its security. It is not permissible, he said, for a company to simply pass blame on to a contractor.

"UK organisations are responsible for the security of their customer information. If they use an outsourced call centre whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place in the call centre," he said.

Employee fraud is increasingly a problem for all companies. Fraud consultancy BDO Stoy Hayward reported earlier this year that employee fraud levels had almost tripled between 2003 and 2005 to almost £1bn in the UK. Financial services companies were the hardest hit, the report said.

Smith said the problem was by no means solely an Indian one. "This issue – where people sell on personal information for a price – is not confined to India," he said. "As our report "What Price Privacy?" shows, it happens in the UK and it is a criminal offence. Where we find evidence of breaches of the Data Protection Act we do have powers to take formal action and we do bring prosecutions."

See: The Information Commissioner's Office

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.