Feeds

Info guardian to investigate call centre data leaks

TV expose´ prompts ICO security probe

Intelligent flash storage arrays

The Information Commissioner is launching an investigation into outsourced data centres after a television programme exposed security breaches at Indian call centres.

Channel 4's Dispatches was offered individuals' banking details for as little as £8 by criminal networks in India.

The Information Commissioner's Office (ICO) will investigate the practices of the mobile phone companies whose call centres were allegedly the source of the information. The investigation starts immediately.

"It appears that some mobile phone companies' call centres in India are being targeted by criminals intent on unlawfully obtaining UK citizens' financial records and this will be the focus of our investigation," said David Smith, deputy information commissioner.

"We are concerned by any breaches of security particularly if they involve confidential banking details. We provide clear guidance to organisations that outsource overseas to help them ensure people's personal information is secure and is processed in line with data protection principles."

The ICO could prevent some companies sending their data outside the UK for processing, forcing them to carry out back office functions in the UK. "Depending on the outcome of our investigation we will consider whether we need to use our formal enforcement powers to prevent incidents like this happening again in the future," said Smith. "Ultimately, this could include ordering a company to stop processing personal information outside the UK."

The Dispatches programme showed one man who claimed to be prepared to sell the credit card details of 200,000 people to the programme's reporter. Another claimed to be able to sell the mobile phone details of 8,000 people to the programme. Some of the information was available for as little as £8 per person.

UK organisations are responsible for the security of their customer information. If they use an outsourced call centre, whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place.

Smith said companies which outsource their data processing or any back office functions are entirely responsible for that data and its security. It is not permissible, he said, for a company to simply pass blame on to a contractor.

"UK organisations are responsible for the security of their customer information. If they use an outsourced call centre whether in the UK or India, the Data Protection Act requires them to ensure that adequate security is in place in the call centre," he said.

Employee fraud is increasingly a problem for all companies. Fraud consultancy BDO Stoy Hayward reported earlier this year that employee fraud levels had almost tripled between 2003 and 2005 to almost £1bn in the UK. Financial services companies were the hardest hit, the report said.

Smith said the problem was by no means solely an Indian one. "This issue – where people sell on personal information for a price – is not confined to India," he said. "As our report "What Price Privacy?" shows, it happens in the UK and it is a criminal offence. Where we find evidence of breaches of the Data Protection Act we do have powers to take formal action and we do bring prosecutions."

See: The Information Commissioner's Office

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.