Thousands of personal record details of British T-Mobile customers were stolen and sold by an employee for “substantial sums” to rival carriers putting a spotlight on the unlawful trade in personal data in the UK.
According to an article in the Guardian, the employee allegedly sold the account information to a number of “brokers”, who then resold the data to competing mobile services so they could target T-Mobile customers.
“The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” according to Christopher Graham, the UK’s Information Commissioner. “We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data.”
Pressing for change, Graham said “More and more personal information is being collected and held by government, public authorities and businesses. In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater. If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained, effective sanctions are essential.”
Why this matters
It is not just Social Security numbers, account numbers, and driver’s license numbers that have value to criminals and legitimate corporations alike. In the data age, you are a commodity. Every piece of your personal information, your preferences, your relationships to others, your financial value, information about services you currently use, your location, even your emotions has significant economic value.
Given the value of the data the temptation to steal and sell it is huge – there’s a reason that over 340 million personal data records have been breached in the US alone since Jan. 2005.
Companies and criminals purchase this information to help in the design products (including malware), shape and target advertising (and fake ads), even help build socially engineered scams tailored to you.
The Information commissioner is right. Slapping small fines on those who steal and sell consumers private information offers little deterrent when the data sellers can collect premium prices. When the only consequence is a fine, it’s nothing more than another cost of doing business.
In the T-Mobile case, not only should the T-Mobile employee who stole the information receive a strong punishment, the competitors bought the data to poach customers should be charged with purchasing stolen goods.
Without punishing every piece of the “entire unlawful industry in personal data” it will be difficult to make headway against the crimes and protect consumers.