Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Australian Privacy Commissioner has cleared Telstra’s security measures from blame following a botched mail campaign involving 60,300 incorrectly addressed letters last October.
Telstra had sent a total of 220,000 letters to customers in a mail campaign about its fixed-line phone service, containing names and telephone details – including ‘silent numbers’ – of customers.
Of the incorrectly addressed letters, 15,400 were returned to Telstra unopened. However, unintended recipients still learned customer names and the fact that they had an association with Telstra.
The telco proactively referred the incident to the Office of the Information Commissioner, which commenced an own motion investigation on 28 October, 2010.
Privacy Commissioner Timothy Pilgrim today concluded that Telstra had breached National Privacy Principle 2 (NPP 2) by disclosing customer information to unauthorised third parties.
However, he said Telstra was not in breach of NPP 4, having fulfilled its obligation to “take reasonable steps to protect the personal information of its customers”.
Pilgrim highlighted Telstra’s inclusion of privacy obligations in its outsourced mailing agreements, privacy impact assessments at the outset of mail out initiatives, and procedures to ensure staff handle data appropriately during mail campaigns.
“Our investigation has confirmed that while Telstra breached the Privacy Act when the personal information of a number of its customers was disclosed to third parties, this incident was caused by a one-off human error,” Pilgrim stated.
“It was not a result of Telstra failing to have reasonable steps in place to protect the personal information of its customers, as required by the Privacy Act.”
The Privacy Commissioner noted that Telstra “acted immediately” to notify customers and commence a review of its data security practices on becoming aware of the mail merger problem.
Telstra immediately stopped the mail out, commenced an investigation, and identified and alerted customers to the incident, prioritising those with silent lines (pdf).
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.