T-Mobile selling customer details: Enough grounds to end your contract?

Nikita_st

I believe that i was one of the customers who had their details sold. My reason behind this is that i had MANY phone calls from a company called Communications Direct and another called Whisper. I kept telling them to leave me alone yet they kept calling me. I registered my number with TPS prior to this happening so i shouldnt have received the calls at all!

They knew my name in full, obviously my mobile phone number, knew what contract i was currently on and that it was due for re-newal. They wouldnt leave me alone and i even contacted t-mobile at the time and claimed that someone was selling on my details (they should have a note of this on my account).

Now im wondering whether i have a case to claim compensation or not. As others have stated, even if t-mobile as a company didnt sell the details, one of their employees did therefore they didnt have enough security measures in place to protect my data.

Does anyone here have a legal background to be able to comment on this?

Jakg

How can they protect your data? At the end of the day they are going to NEED your name.

At (wherever you) work, do you have access to a customers name?

Nikita_st

No you dont get what im saying. Yes T-mobile need my details and im not disputing that, these other companies that T-mobile sold my details to are the ones that have ALL my details like name, number, contract info etc. Theyre the ones that dont NEED it as i never gave it to them, they obtained them unlawfully.

To answer your question, no, wherever ive worked ive only had access to information on a need to know basis, thats called protecting data which is obviously what T-mobile havent done in this case.

Jakg

What I mean is that they provided the information to their employees because they needed it - it was then the employees who broke DPA, not the comapny.

OneADay

Jakg wrote: »

What I mean is that they provided the information to their employees because they needed it - it was then the employees who broke DPA, not the comapny.

The question for T-mobile to answer is about whether they have enough security systems in place to stop an employee doing that. That much they are obliged to do. And the basic answer is their systems were not secure enough (there are so many things that can be done to secure data if you wanted to and had the money to do so - and then train employees to cope with new system).

So I think T-mobile do have to carry the can regardless if it was a rogue employee or not. Has anything changed in their systems after this act of data being stolen?

Saying all of that - we could say the same for virtually all companies.

Nikita_st

Well based on you saying that, employees needed access to that information all the time which isnt the case. How and why were they allowed access to all details at all times? Really it should be a case of they have to either type in customer names etc to see full details or type in a customers phone number to bring said details up.

It seems like whats happend in this case is that the employees were able to obtain access willy-nilly instead of on an as and when basis.

At the end of it all it was a T-mobile employee who did this whilst under employment with T-mobile so ultimately the company should be held accountable for not ensuring that their staff were not abusing their position.

Jakg

Who says they didn't skim this when a customer called CS? If you are a CS operator you must see hundreds of customer files daily - more than enough data to skim...

patman99

There are many ways to prevent data-theft.
The easiest being to set CS & TS user-profile policies to block USB Drives, floppy drives & CDR-WR's. and to prevent access to a printer through profile management.

Where I work, the terminal I use has no access to internet, emails or printers (it doesn't need them as all it does is transfer data from a shared folder on a server to a cnc turret punch).

Human_Writes

Nikita_st wrote: »

Now im wondering whether i have a case to claim compensation or not. As others have stated, even if t-mobile as a company didnt sell the details, one of their employees did therefore they didnt have enough security measures in place to protect my data.

Does anyone here have a legal background to be able to comment on this?

Firstly you'd need confirmation from T-Mobile that your data was disclosed as a result of their breach, they've already stated that this breach did not affect all of their customers. Your belief that you've been affected by this breach is insufficent evidence from a legal standpoint, if it ever came down to a court case the burden of proof would lie with you - you'd have to prove your details were disclosed to a third party without your consent.

If you were affected then you'd also have to prove you'd suffered damages as a result of T-Mob's breach to be eligible for compensation in court, you can't claim for psychiatric injury i.e. stress etc if you can't prove quantifiable damages.

So what damage has T-Mobile's breach caused to you? If the extent of your damages is that you've received some telephone calls from one or more dealers, your claim for damages would be fairly weak , it is unlikely that receipt of some sales calls has caused you anything other than a token nuisance.

I've attached a copy of the ICO's guide to claiming compensation for consumers to you:

http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/claiming_compensation_2.0.pdf

Nikita_st

Thank you for your constructive help and advice, very useful. I fully understand what you mean on the damages front but the angle i was hoping to go from was the breach of data protection act on principle 1 and 7, principle 7 being "appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data"

The next hurdle is how do i get T-mobile to admit my data was one of those sold.