Privacy Commissioner: Vodafone breach customers privacy
Vodafone has been cleared by the Privacy Commissioner of accusations that the company had permitted the data leakage of its four million subscribers but it was ruled that the telco failed to institute appropriate safeguards that would shield its clients' information from the public eye.
Commissioner Timothy Pilgrim said on Wednesday that Vodafone was guilty of breaching the Privacy Act when it failed to protect its customers' data though any hint of deliberate efforts from the firm to allow access of subscribers' information was not established during the inquiry.
The allegations stemmed from claims aired on January that Vodafone's billing and call records were made available to the public and can be accessed through a password-protected website.
In his ensuing probe, Pilgrim found that a specific number of Vodafone employees may have violated the telco's policy on log-in and identification procedure but he noted that no passwords were made leaked on the internet and the company's customer database has remained secured.
In his statement, Pilgrim pointed out that "we found that the claim that customer information was available on the web wasn't substantiated."
The ruling, however, stated that it was established that "we found that Vodafone did not have the appropriate level of security measures in place to adequately protect their customers' personal information."
Pilgrim noted though that despite the security slip on the part of the telco, he "did welcome the fact that Vodafone did deal with this promptly."
In his ruling, the commissioner said that the case should serve as a reminder for companies employing customer management systems to be extra careful in observing Australia's Privacy Act and maintain vigilance in discouraging identity fraud.
In a statement sent out following the release of the Privacy Commissioner ruling, Vodafone chief executive Nigel Dews said that the company has accepted the outcome of the investigation and necessary adjustments would be implemented to ensure data security for its customers.
Dews added that the staffs who were adjudged guilty of leaking company password have been dealt with appropriately.