BT: Whew, we've been cleared of major privacy breach. Oh SNAP, another webmail blunder
Complaint dismissed. Prepare for different complaints
Exclusive BT has been cleared of a serious data protection violation by the UK's privacy watchdog, The Register has learned.
A probe into the one-time national telco's webmail system was carried out by the Information Commissioner's Office after a whistleblower exposed evidence that appeared to show BT's customer email accounts were being compromised by spammers. The probe has now been concluded, with the complaints being dismissed by the regulator.
"After considering the evidence supplied by the complainant and making follow up enquiries with BT, we are satisfied that BT did comply with the Data Protection Act in relation to its BT Mail email platform," an ICO spokesman told El Reg.
"We also scrutinised the security testing undertaken by BT and verified the information security certification it required of its contractors. Following these enquiries, we are satisfied that BT took appropriate steps to keep customer email accounts secure.”
The conclusion of the case arguably couldn't have come at a worse time for BT, after the company suffered yet another webmail cockup over the weekend.
BT is in the process of slowly migrating its subscribers over from Yahoo! webmail to a white label product supplied by US outfit Openwave Messaging, which bought San Mateo, California-based messaging firm Critical Path Inc late last year.
Late on Friday, service disruption struck thousands of email accounts for several days, BT admitted.
It was forced to issue an apology on Monday:
We’d like to apologise for a technical problem that meant a minority of BT Mail customers weren’t able to access their email accounts in the past few days.
We’re in the process of restoring access to the affected email accounts and expect to have the service working again later today, so if you’re still unable to access your email account, please wait and try again later ...
Once again, we’re very sorry for any inconvenience this has caused, and we appreciate your patience as we work to resolve the problem.
BT told us that Openwave Messaging confessed it was having a problem with the migration over the weekend. Some subscribers were greeted with an error message when trying to access their email accounts, BT added. Worse still, some emails were lost during the outage, the telecoms giant said. It claimed access had "now been restored for all customers."
The Reg heard separate complaints from BT customers last week, with some saying that they were struggling with an ID change as part of the migration away from Yahoo!
BT largely shrugged off that particular gripe, however.
"For customers who log in to BT.com to check their email, we ask them to create a BT ID or link their email to an existing BT ID. This enables the customer to access all their BT services (e.g. BT Sport, BT Wi-Fi) through one username and password," a spokeswoman at the company said.
"We have had some customers contact us who are having problems completing this journey. The majority of these are because the customer doesn’t know the password or security question answer for their existing BT.com profile."
She added: "There are a small number of customers with very complex account setups and they are being dealt with by our UK-based specialist migration team."
In March, El Reg exclusively revealed that the ICO was investigating BT, after a Critical Path insider blew the whistle on alleged issues at BT's new messaging partner, with the claim that Britain's privacy law may have been flouted.
At the time, the regulator concluded in an exchange seen by the Reg that - based on the evidence provided by the whistleblower - it was "unlikely that BT had complied with the requirements of the DPA."
BT may feel vindicated today by the ICO's decision to close the case and confirm that the company had in fact respected the UK's data rules. It's a pity, then, that webmail woes continue for its customers. ®
Sponsored: Benefits from the lessons learned in HPC