A former T-Mobile employee has admitted his role in the illegal sale of massive volumes of customer data to marketers. David Turley, of Birmingham, 39, pleaded guilty to 18 charges under section 55 of the Data Protection Act at Chester Crown Court on Thursday. He is yet to be sentenced. A second former T-Mobile employee, Darren …
it should be illegal to buy or use stolen data with the penalty of twice the value of what the company made from the data and ten times the cost of buying the data.
Those fuckers should get a loooong stay at Her Majesty's pleasure for illegally selling on those records. I was (and still am) a TMUK customer, and I was disgusted to see such a flagrant breach of customer information - potentially including mine (which might explain why I had such a surge of companies calling me at the end of my last contract, around the time this happened).
They may be being made the scapegoats in all of this as everybody else managed to slither away quietly, but these chaps enabled the sale and are at the very least knowing accessories to the crime. I don't stand for these kinds of breaches in UK law so why should the CPS?
I wish these kinds of penalties were applied to people who lost UK.gov, military or confidential information - only today, yet another announcement was made by the MoD detailing the loss of a disc - in Bicester of all places! - back in APRIL:
"The disc was lost from the Defence Storage & Distribution Agency (DSDA) in Bicester, Oxfordshire, in April but staff were told this month.
Details lost included names, dates of birth, national insurance numbers and possible redundancy payouts.
The MoD said there was no evidence the information was being used for crime and an investigation had been launched.
The disc contained two-year-old information of civil servants who had applied for redundancy and how much they would receive."
When the law is adjusted so civil servants and Government contractors face the same penalties, then I'll finally be satisfied...
String 'em up...
... the bastards!
OK, perhaps that's a little severe. However so far this month I have had e-mails to addresses which I set up to receive e-mails from particular companies (one being a now defunct electronics retailers - I wonder who earned a bit of extra cash flogging those mailing lists?).
It's pretty clear they were originally from those organisations: like many techies I have a domain with specific mailboxes which I use to track how they got my e-mail in the first place (i.e.: The.Register@acme.com).
What's also needed is deterrent for the marketers themselves. Common-or-garden Russian spammers are one thing, but homegrown organisations should be clear on where they source their data from, and how it was harvested.
gmail now allow this feature as standard on their accounts
If your email address was JoeBloggs@gmail.com and you register with a new website, you can tell them your email address is JoeBloggsfirstname.lastname@example.org (of you register here) or JoeBloggsemail@example.com (for your amazon account) , you will receive all email sent to this address without having to set it up specially.
This can clearly be editted by naughty people selling on your email addresses, butif they are dealing in the thousands, perhaps they cant be bothered. You can then see who sold on your email address.
I have a better solution..
Maybe it's a better idea to fully remove their right to privacy. Make it obligatory to have cams in his house, have a website where every single purchase is made visible (not my problem if he gets mugged every time he buys something new), put his medical records online, his salary and whatever he owes. Everything from mortgage to how many sheets he uses to wipe his rear end - everything.
Make that the default reward for screwing up with private data - the bigger the violation, the longer the perpetrator has to live virtually naked (which reminds me, no curtains either).
First off is that a profound learning experience, and it is likely to prevent more data loss cock-ups than any punishment - especially larger companies see those fines simply as the cost of doing business. Fine people, not companies.
I don't live in the UK, maybe someone else wants to propose this to No 10 and get it voted on?
If anyone is willing to make this law in the US I can promise you daytime TV will never be the same. It will also kill Big Brother, so that's two benefits in one.. :)
This is a well known insurance scam
o2 numbers run in order and are sent out in blocks to each dealer, know one, and you know the next/previous 10,000*. Just pop into carphone warehouse, get a new line, and you then have access to 20,000* numbers, which you know to be on o2, and from carphone warehouse. Put these number on an autodialer, and away you go. "hi, im from the insurance centre (almost always based in swansea) you recently purchased a phone fro mcarphone warehouse, for security reasons, i can confirm that this was on o2 and purchased within the last couple of weeks. WE've detected a problem with the insurance system, and i think we're charging you too much, it should be £69.95 for the whole year, is that what you are paying?.... " etc etc
*for example, i dont know the actual numbers
The answer is to limit the data they are allowedto hold
The idea that private companies are allowed to store personal information of any kind is the problem here.
This data is be the property of the individual and the collection of personal information by non-government agencies should be illegal.
If private companies do not have your information they cannot sell it, end of problem
If this were the case when you received unsolicited mail for instance it would be addressed to customer 123456 and this reference would be traceable to the company that leaked it
And here I thought "massive T-mobile data scam" was an article about the international data roaming tariffs.
The answer is to limit the data they are allowed to hold.
I thought the EU had strict data privacy laws which prevented them from holding more information than they need NOW to do what they need to do NOW.
Of course, a company does need your phone number and your name so they can refer to you by name (Hello, "Mr. Smith," as opposed to "Yo, dude!"). So, whatever they have they will sell... that seems human nature.
Of course, we always have tools to make our own data private. I'm thinking email encryption and the like. Oops, that also would not work in this case.
I guess we are back to laws requiring HOW companies do business (you must encrypt and control access to all data) and fine those violating the law. Those include both the business and the individuals involved.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Thought your Android phone was locked? THINK AGAIN