Privacy commissioner Timothy Pilgrim will be calling Optus, Vodafone and Telstra to discuss revelations customer information can be bought on the black market from offshore call centres. Photo: Jeremy Piper Former director-general of ASIO David Irvine said Australian companies ”lose control” of their information when it goes overseas. Photo: Jeremy Piper
Chief executive of the Australian Communications Consumer Action Network, Teresa Corbin, said consumers were “very concerned” about private information being accessed offshore. Photo: Supplied
Call centre staff have access to a lot of personal information. Photo: Robert Rough
The Australian Information and Privacy Commissioner is investigating allegations personal information held by telcos can be bought on the black market from overseas call centres.
“I am concerned about allegations that personal information of Australian telecommunication customers is being offered for sale online. My office is making enquiries with Optus, Telstra and Vodafone to determine what further action I may take in this matter,” Timothy Pilgrim said on Thursday.
Meanwhile, the former head of both ASIO and ASIS, David Irvine, warned the industry that once information left Australia, it was no longer protected by Australian sovereign law.
Fairfax Media reported on Thursday it was possible to buy a person’s home address for as little as $350 from off-shore call centres.
For $1000 customers could buy the home address, multiple phone numbers, a year’s phone statements and a call history, sourced through call centre workers in India and elsewhere and offered for sale by AI Solutions, a Mumbai security firm. Loss of control
Mr Irvine said it was a case of “buyer beware”, with companies needing to realise savings from offshore storage could be dwarfed by the liabilities that would follow a major security breach.
”If you lose control of your data, that sort of thing is entirely possible,” he said at the Association of Corporate Counsel National Conference in Canberra on Thursday.
“It relates to your ability to have suitable arrangements and controls in place with your external suppliers.”
Mr Irvine now heads the Australian Cyber Security Research Institute. Telstra responds
Telstra said on Thursday it had “no relationship with A1 Solutions, and we haven’t seen any evidence to indicate they have access to our systems”.
But even if telcos have no direct contact with A1 Solutions, it is still possible their call centre employees do. This means data is potentially sold to third parties and then on to criminal groups, spies or investigators without telcos’ knowledge.
“We do everything we can to protect our customers’ data and take these claims very seriously. As always, we encourage our customers to notify us if they believe their privacy has been compromised so we can investigate fully,” Telstra CEO Andy Penn said at the company’s investor day.
Director of information security firm Linus Consulting, Mike Thompson, said staff might be selling private information no matter where a call centre was located. However, close supervision and monitoring could reduce breaches. Australian companies could not monitor overseas staff as closely as they did here, he added.
“There is a lot of anecdotal evidence in the market that these overseas relationships are difficult to manage,” Mr Thompson told Fairfax Media.
However, given it took just one person to be corrupted, it would be “naive” for telcos to think their data couldn’t be compromised. Potential breaches were more likely in countries with higher rates of corruption, he said. Suspect jurisdictions
Common locations for call centres include India and the Philippines, which have global corruption rankings of 76 and 95 respectively out of 168 countries monitored by Transparency International. Australia has a corruption ranking of 13, while Denmark is the least corrupt worldwide.
Politicians and consumer groups are urging parliament to pass legislation that would oblige companies to inform consumers of data breaches.
Senator Nick Xenophon said there was broad commitment to the bill, however, he was concerned the legislation “sets the bar way too high” for reporting a breach and penalties were too soft.
“The current system does not protect consumers, it protects companies,” he said. He is calling for a “complete overhaul of data breaches” and wants directors to be held personally liable.
“There must be consequences. Your data should not be sent overseas unless you have given written consent for it to go overseas,” Senator Xenophon said.
Chief executive of the Australian Communications Consumer Action Network, Teresa Corbin, said consumers were “very concerned” about private information being accessed offshore and encouraged the Australian Federal Police to investigate.
“It is actually the telcos’ responsibility to make sure that the data is not disclosed to anybody. Ultimately they are the one who will be held accountable for that under Australian law,” she said.
This story Administrator ready to work first appeared on 苏州美甲美睫培训学校.