Feeds

Vodafone Aus off the hook, kind of

A 50-50 verdict from Privacy Commissioner

Secure remote control for conventional and virtual desktops

The Australian Privacy Commissioner has delivered a 50-50 verdict in his report on breaches of customer privacy in Vodafone’s computer system.

On the one hand, the allegation that data on “four million Vodafone customers including their billing and call records were uploaded onto a publicly accessible website” has been found to be unsubstantiated.

That allegation appears, in part, to have arisen from stories such as this, in which a dealer (with legitimate access to the system) showed a journalist what information was held in the company’s Siebel CRM system.

As Privacy Commissioner Tim Pilgrim states in his report, since “an organisation will not be disclosing information, where they are giving an individual access to information the organisation holds about them”, there was no breach of privacy according to National Privacy Principle (NPP) 2.1 (which covers the disclosure of personal information).

More seriously, however, the commissioner has decided that Vodafone’s security was not adequate to protect customer data according to another NPP. NPP 4.1 requires companies to protect personal information against misuse.

The commissioner singled out the use of shared logins for branded retailers’ stores as in breach of this principle. A single login for a store, instead of individual logins for each staff member, reduced the effectiveness of audit trails, the commissioner said, and exposed customer information to misuses such as identity fraud.

Vodafone has also undertaken to improve its security, reassess the level of access required by users, and end the use of shared logins.

As for login IDs, passwords and customer data – all of which, at some point in the story, were reported as being available “on the internet” – the Privacy Commissioner has said there was “no evidence that this information was available on the internet or Vodafone’s website”. ®

Website security in corporate America

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.