An undercover investigation by The Sunday Times recently
reported data is being sold by "corrupt Indian call centre
workers" to cyber criminals and marketing firms. The report
said that two Indians, claiming to be information technology
workers at call centres, met undercover reporters and boasted of
having 45 different sets of personal information. The data included
names, addresses and telephone numbers of credit-card holders, as
well as the cards' start and expiry dates and three-digit
security verification codes. Other information being offered
related to mortgages, loans, insurance, mobile phone contracts and
Satellite Television subscriptions.
The most alarming aspect of this case is the ease with which it
would appear call centre staff were able to misuse confidential
information. While no organisation can completely safeguard against
insider threats, measures can be taken to reduce the possibility of
data misuse by insiders and mitigate access risk.
In this instance the selling of personal data could have been
prevented or detected at an early stage had the call centres'
IT staff had effective systems in place to control and monitor user
access to confidential information. Such access risk management
systems should be capable of controlling who is accessing customer
data, how it is being used, where and when. Specific restrictions
for copying confidential data onto memory sticks or other external
devices or disabling access to such information from specific
locations or at certain times could have been implemented.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time.
Sam Allardyce recounted a humorous tale which re-enforced how important it is to have the right facts and figures at your disposal, and the importance of controls in establishing a trustworthy dataset.
The Court of Appeal has concurred with the High Court that the publication of private information relevant to an individual's character was justified where the public was entitled to consider his fitness for high public office.
When an organisation collects personal data about an individual, that individual has certain expectations about the purposes for which the data will be used.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”