Telstra’s Slap On Wrists After Privacy Leak
Telstra has been ordered to comply with the privacy clause in the Telecommunications Consumer Protections Code after a privacy breach of 734,000 Big Pond customers personal details in 2011.
The Australian Communications and Media Authority’s (AMCA) direction, handed down today, is the first given to a telco under the new Telco Code, after the watchdog found Telstra failed to protect the privacy of thousands customers’ personal details after a database was accidently leaked online.
The Australian Privacy Commissioner, Timothy Pilgrim, found that Telstra failed to protect the personal information of users in his damning report, published in June last.
Telstra “failed to protect the privacy of its customers’ personal information” by leaking usernames, passwords, and in some cases, addresses, drivers licence numbers and dates of birth online, the Privacy Commissioner’s reports found.
The telco also breached the Privacy Act 1988 and “did not take reasonable steps to protect customers’ personal information from unauthorised access and disclosure.”
Big Pond users personal info was stored on Telstra’s web-based database Visibility Tool, which tracks orders for bundled products, and was publically available for almost 9 months from 29 March to 9 December 2011.
The link to the database was first discovered by a Whirlpool forum user in December last.
|“Given Telstra has pro-actively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure,” said ACMA Chairman, Chris Chapman.
Telstra must now comply with clause 4.6.3 of the Telco Code, and failure to do so may result in the ACMA taking Federal Court action and a hefty fine.
Under 4.3.3 of the Telco Consumer Protections Code, a service provider must protect the privacy and storage of Customer’s personal information from unauthorised use or disclosure.