A joint investigation by the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) has fined Telstra after the personal details of 15,775 customers leaked on to the internet.
The investigation found that between February 2012 and May 2013, the personal information from more than 15,775 Telstra customers, including 1257 active silent line customers, was accessible on the internet.
The investigation was launched following a complaint that the names, phone numbers and addresses had been accidentally made available to be viewed on the internet.
During the investigation, Telstra confirmed the records were downloaded by at least 166 unique users.
In a report published today, Privacy Commissioner Timothy Pilgrim found Telstra breached privacy laws by failing to take reasonable steps to ensure the security of the personal information it held and didnโt reasonable steps to destroy or permanently de-identify the personal information it held.
The incident was also found to be a disclosure of personal information other than for a permitted purpose, while a separate ACMA report also found the carrier breached clause 4.6.3 Telecommunications Consumer Protections Code.
Aside from receiving a $10,200 fine from ACMA, the telecommunications giant has agreed to stop using the software responsible for the error, implement a clear policy for central software management, and review contracts with third parties relating to personal information-handling.
In a statement, Pilgrim says businesses need to be careful to fulfil their privacy obligations.
โThis incident is a timely reminder to all organisations that they should prioritise privacy. All entities bound by the Privacy Act must have in place security measures to protect personal information.
โThis incident provides lessons for all organisationsโthere is no โset and forgetโ solution to information security and privacy in the digital environment. Organisations need to regularly review and improve security systems to avoid data breaches.โ
Meanwhile, ACMA chairman Chris Chapman says the case is a reminder of the privacy obligations of telecommunications carriers.
โThe ACMA welcomes Telstraโs agreement to the Privacy Commissionerโs recommendations.
โTelco providers are in a position of trust with respect to their customersโ details and with it comes a weighty responsibilityโa fact reflected in the outcomes mandated by the TCP Code.โ
The latest case is the latest in a string of investigations by OAIC into the carrier.
In December 2011, the personal details of approximately 734,000 Telstra customers were accidentally made available online in December 2011, while a mailing list error resulted in 220,000 letters being sent
As SmartCompany reported yesterday, the findings come just one day before new privacy legislation comes into force.
Under the new legislation, businesses could be fined up to $1.7 million per breach of the new regulations, which aim to bring Australiaโs privacy laws up-to-date with technology trends.
Comments