Subscribe:
16 May 2013
By Peter Jamieson
May
16
2013

Customer information and the importance of privacy

Filed under:

telstra-logo-blog-header

Like any customer of any company I have the expectation that my personal details are securely stored and not publicly accessible.

No doubt you all have the same expectations.

So when we learnt some of our customers’ details were publicly available we immediately convened a team to have access to the data removed and commence an investigation.

It is not acceptable, under any circumstances, for this to happen.

Telstra takes seriously the confidentiality of all its customers’ data – our customers trust us and we recognise the responsibility this trust means to get this right.

We have to do everything possible not to breach that trust.

We are still investigating what happened and the team worked round the clock last night looking through the data and trying to pinpoint how this actually happened.

While some of the information is generally available, such as names, addresses and telephone numbers and up to six years old, we are acutely aware of the possibility that some of the information may be sensitive to some.

We will take all steps to identify these customers and work with them on an individual basis.  Additionally we will be contacting all customers whose information was inadvertently made available.

We take our customers’ privacy seriously; we have sophisticated tools and techniques and skilled people working on risks and privacy-related projects protecting the security of our customers’ information.

What has happened is unacceptable, I apologise and assure everybody that we’ll find out exactly what has happened here and do everything we can to make sure this does not happen again.

Peter.

By

Posts: 11

37 Comments

  1. Mark Newton says:

    Your assurances that privacy breaches are “not acceptable” would be more believable if you didn’t keep doing them.

    Telstra shows a pattern of behaviour around lack of respect for customer privacy, which includes this latest episode, prior examples of confidential information showing up on public websites, shipping customer clickstreams offshore without telling them during product trials, inspecting their communications content with Deep Packet Inspection equipment.

    We all know that despite fulminations about how this kind of thing mustn’t happen again, it actually will. It’ll keep happening until Telstra implements cultural change to prevent it.

    There has been an attitude shift that has slowly advanced over the last 10 or 15 years, where Telstra has increasingly viewed confidential data in its care as its own property which can be exploited for its own advantage up to (and occasionally past) the limits of the Privacy Act.

    For example: I totally get that the breach occurred due to the act or omission of a third party. Well, great. But why did the third party have the data in the first place? None of your customers knew you’d be sending their private information to someone who was manifestly unqualified to protect it, so why did you do it?

    Telstra never used to behave like that. Until your corporate culture changes to emphasise “custodianship” over “ownership,” these things will keep happening, and you’ll be back here next year writing yet another blog post about how unacceptable the newest and latest catastrophic privacy bungle is.

    -- mark

  2. Jeff says:

    Yes I have to agree with Mark, Please explain what was this 3rd party doing with the details and who are they.
    I think we all have a right to know to whom Telstra is giving our details to.

    • Gigi [Telstra Staff] says:

      Hi Jeff,

      Thanks for the feedback. Investigations are still continuing into the matter.

    • David Newling says:

      I agree with both Jeff and Mark. Until your corporate culture changes to emphasise “custodianship” over “ownership,” these things will keep happening. Who was the this ‘third party/person’ and what we’re they doing with our information with ‘limited’ or ‘no ability’ to protect it? As either customers or shareholders -- Telstra should make us all aware of this information. This is not the first case and it wont be the last. TO ALL TELSTRA CUSTOMERS -- TELSTRA WORKS FOR YOU. YOU ARE THE ONLY REASON THEY ARE IN BUSINESS AND IF YOU CONSIDER THIS AS AN ACCEPTABLE LEVEL OF PERFORMANCE FROM THOSE WHOM YOU EMPLOY’ -- HOW’S YOUR OTHER BUSINESS DOING?? DAVID.

  3. Colin says:

    One would assume Telstra and it’s affliates will now advise all those customers who’s information was available of the fact?

    • Nick says:

      The blog does say

      >Additionally we will be contacting all customers whose information was inadvertently made available.

  4. Richard says:

    Thank you Mark, that outlines it very well.

  5. Outraged of Kensignton says:

    I am outraged at yet another publication of Australian citizen’s information. I suppose Telstra are going to lob a big book of it on my front door again this year, willy nilly without even checking if I’m home to secure this data. Harumph etc.

  6. Anton says:

    Mark

    The reality is in an online world the risk is there that personal information might be exposed.

    When this happens the best we can hope for is that the company responsible takes action to identify how this has happened and takes steps to remedy it. Clearly an action taken by Telstra.

    Lets let common sense prevail before we burn the house down

  7. Jarrod says:

    Perhaps if you stopped outsourcing all of your jobs to India and kept them in Australia you wouldn’t have this issue. They don’t care about our privacy at all. Seems you guys don’t much either.

  8. So Loa says:

    Let’s face it -- Telstra is a behemoth organisation with integration to lots of third party companies. The problem here is that Telstra holds a significant amount of personal information on its clients and appears to have such lax protocols in place that it constantly trips up and exposes subsets of private data.

    While this could be deemed purely a mistake every now and then, the fact is that Telstra has also deliberately exposed what customers would see as personal information (browsing history for e.g) leading to a lack of trust in the organisation. What’s needed is a cultural change and a deeper appreciation of its responsibilities on customer data.

    Being big is no excuse. Then again it is Telstra we are talking about and general treatment of customers is way down on the priority list…

  9. Adam says:

    Another breach, not surprising. Another TSA stuff up -- another reason to stop outsourcing.

  10. Nick says:

    Can I suggest updating the original blog to explain what actually occurred.

    I had to do a google search to see what had actually happened.
    The news story is here for anyone else who has no idea what the story is http://www.theage.com.au/it-pro/security-it/oops-google-search-reveals-private-telstra-customer-data-20130516-2jnmw.html

  11. Michael Maher says:

    I believe that a Telstra consultant breached my privacy a few weeks ago. I contacted Telstra & was told by the operator Jackie that it would be investigated & I would be contacted, this did not happen. I then sent a fax explaining my concern to the complaintes department 1800 fax number about 10 days ago, no one has contacted me. I am away on leave. I will be emailing this the origonal document & my fax receipt to Telstra complaints & if I do not hear anything back I will go to the TIO. My letter explains the situation in detail. So unfortunately I think this post is a farce.

    • Gigi [Telstra Staff] says:

      Hi Michael,

      Could I please get you to fill out this webform http://www.telstra.com/24x7help so I can get some contact details off you and we can investigate this fully?

    • Nick says:

      Just because your question / complaint has not been responded to does not mean that your privacy has been breached.

    • Michael Maher says:

      Gigi, i have already reported this over breach twice over the last 3 weeks, I am away at present so I will look into this when I get home, however I think lodging 2 compaints already and no response would indicate I am being ignored for some reason. In worked for Telstra for 28 years so I am aware ot=f Telstra processes.

    • Michael Maher says:

      Gee it seems that there is an awful lot of damage control going on here by Telstra. The fact is I believe that my privacy was breached with regard to details given to a 3rd party about my silent home number by a Telstra consultant on May 7. I have lodged 2 complaints & asked to be contacted on my mobile because I was going to be away, but no they call the home number & leave messages, the last one was that they would call me last Friday 24th, but guess what no call. I have now sent a letter off AGAIN. Really poor performance from Telstra. Did I mention I am ex staff so I do fortunately know the processes.

      • Gigi [Telstra Staff] says:

        Hi Michael,

        Thanks for following up with us again now that you’re back from holiday. Do you have your complaint reference number so that I can follow this up with the team?

  12. Keith says:

    Attention:
    Telstra Spin Doctor in overdrive due to yet ANOTHER privacy breach

    “our customers trust us and we recognise the responsibility this trust means to get this right.”

    Oh please spare us Mr Jamieson, your organisation is a repeat offender with dragging customers private details into the wide open Internet & which do you realise will open them up to being defrauded of their phone services, possible monetary loss and at worst identity fraud!

    It does NOT matter one minuscule amount that the information may have been dated. Do you get it that some customers may still be at that very same address and have kept on those same plans! Obviously Not!

    “We have to do everything possible not to breach that trust.”

    Again, seems like you and your organisation ARE in breach of that trust, time and again. Recall you were caught red handed sending sites visited by your Next G mobile customers to an overseas third party appointed by you, WITHOUT informed consent.

    Fortunately my family & I have placed all of our telecommunication spend with your competitors who seem to have formed a more complete understanding of the important issue of customer data privacy.

    You (Telstra) make huge profits from your customer base but you do not have smart enough systems to protect the core database, perhaps you should share with the public what it is you plan to do AND have that analysed by an independent Data security expert and be HELD to account by Legislative means.

    At the moment, at least on the score of Customer Data privacy concerns, Telstra are clueless and answer to no one

    Keith -- Concerned Citizen

  13. Gigi [Telstra Staff] says:

    Hi guys,

    Thanks for all your comments. My apologies for the delay in responding, as you can imagine the team investigating the problem have been very busy and it has taken some time to confirm that they have all read your feedback.
    I would like to reiterate Peter’s sentiment that privacy is something that we take very seriously at Telstra. This situation was completely unacceptable and is being fully investigated so that it does not happen again.

  14. Stephen says:

    How utterly disappointing that the government cannot take action against Telstra and fine them. March 2014 cannot come soon enough. If I find my details have been breached by Telstra, I will be seeking legal advice and would be looking to make this company financially responsible for their actions.

    • Az [Telstra Community Manager] says:

      Hi Stephen,
      Thanks for the comment, I appreciate your feedback. We are contacting all customers affected by the issue.
      Az

  15. Michael Maher says:

    Hi Gigi I do not have a complaint number. I did ask that I be contacted on my mobile in my letter however calls were made to my home number on 2 occasions while I was away. The last call on 23/5 message said that I would get a call again on Friday 24/5 but so far no other calls from Telstra. I have written again to the complaints department. I thank you for your interest at least someone at Telstra is showing interest.

  16. Paul Anderson says:

    Given the recent media reports I am concerned that telstra is storing my data including online banking details and handling it to a foreign country. Is this normal practice?

    • Jamie [Editor] says:

      Hi Paul -- We take the privacy and confidentiality of our customers’ data very seriously and we meet all our legal obligations to our customers. It is worth noting the coverage is about an Agreement relating to a Telstra joint venture company’s operating obligations in the United States under their domestic law. When operating in any jurisdiction, here or overseas, all carriers are legally required to provide various forms of assistance to Government agencies. Let me assure you that we place the highest priority on protecting our customers’ privacy. Thanks, Jamie.

  17. I am in the process of gathering Telstra clients whose information has been breached to form a class action. and publicly. protest Telstra breaches of privacy. Individual complaints are not enough.We have to wake Australians up to their rights and be alerted to firms of actions as a large group.Its time we stand up to Telstra and make them liable for their disregard for their customers private details.I’ve had enough and its time we make a stand.

    • Kellie says:

      Another customer who’s privacy and therefore security has been breached by Telstra this month — I am beyond furious and am looking at taking this further. Please let me know if an action is taken further.

      • Jamie [Editor] says:

        Hi Kellie, we take these claims extremely seriously and would like to know more details so we can follow up. Can you please email me the details and I will forward them to the security team. Thanks!

  18. Kerry says:

    Telstra respects customers privacy and is concerned about breaches……I dont think so .They discussed my account with an unauthorised person abd when I sent a fax to complaints I received a reply they had tried unsucessfully to contact me with a number on my file….Tad hard as my phobe service is disconnected by my chouce as I no longer wish ti have Telstra as my carrier. If this is Telstra calibre of integrity I urge other discontent privacy abused Telstra customers to join me in inl lobbying against a corporation who are blatantly incompetent and totally disrespectful for the law and Australian citizens right to have their privacy kept private. Will be on the Media soon .I urge persons affected by privacy breaches on behalf of Telstra to register their complaints with a private committee to be set up for justice and watchdog advocate for our simple right to have our personal details kept private.

    Yes it will be interesting to see whether Telstra posts ny comments. I very had this entry witnessed .

    • Jamie [Editor] says:

      Hi Kerry, I’m sorry to hear that you’ve had a bad experience. Are you please able to email me some more details, including a contact number, so that we can assign a case manager to look into this as soon as possible? Thanks, Jamie.

  19. Peter Jamieson; Recovering from serious operation with flow on Issues I moved to an apartment to effect access to Medical services. November last I asked Telstra would I have land line connections. Assured I would I signed agreement with “landlord”. You guessed it No connection. I phoned Telstra to be told “there is no email available at that address you must purchase a white G4 wireless unit. Unpacked hooked to computer I only had 1-2 signal bars. I called Telstra and as all know they transfer me from case manager to case manage (I gained the operators D— — number for future reference. Oh’ you really need to buy a Black G4 wireless. So hooking such up I had 2 bars early morning late evening and zero during the day if I did not walk 300m to top of hill. Now to get this far I spent much valued time trying to resolve issue (telstra charge are totally incompetent by do not cover customers cost trying to resolve their incompetent operation). Now the signal totally dropped out. Oh you should have an aerial so 10 days later a small aerial to sit on top of the computer. You guessed it 1 bar sometimes. So now running up some 26 hours on the phone re phoning as they promise to call back with a resolution. So I spent 6 hours on one day ultimately speaking with Telstra Philippines. Oh’ you need an external aerial. So 10 days later an external aerial. You guessed it again 1-2 bars sometimes. Another few hours speaking with many Telstra people Oh’ you need a serious long external aerial. Another week an aerial (like on a bush vehicle. A cable from computer across the room out via window and mounted on a long pole 1-2 bars. I sent via email to Telstra a visual showing their relay stations are on building lower than high rise all around such. So by now I have close to 40 hours on or hanging on to Telstra. By now they have broken contract many times by “no service”. An engineer in Telstra called said my drawing summarised the outdated Telstra installations. The engineer advised “you need a signal translator unit converting old wire lines back to computer signal. So I have since November last spent more than 56 hours calling telstra. Now they want back payment for using their system trying to get service. One appreciated why so many abandon Telstra. Some Telstra folk tell me the management of Telstra have no knowledge of the communication industry. They are now threatening switch off. It has reached the level where I must communicate with the incoming Minister ( I know both sides). It is my strong recommendation anyone reading this find another supplier and get a written “service supply agreement”.
    Mr Jamieson is un-contactable. Hence he does not know what is happening. Telstra likely has broken contract with you also
    Without prejudice Robert Vincin

  20. Congrats Telstra, always a most responsible corporate with a strong social conscience. I am a customer of some 18 years and have worked as a stakeholder in Telstra’s charity work. I am proud to be associated with a Corporate that has a social conscience and promotes it among its staff. I was involved in helping set up Telstra’s Social Services CEO forum with Gerard Vamadevan Executive Director CP&S in his previous role heading up the Social Services & Welfare in Telstra Enterprise & Government. These articles warms my heart.

    Tatum Bradley

  21. julie says:

    Re privacy breaches.

    I have had my account privacy breached. my details have been attached to another address and mobile phone number -- this prevented my cable service from being connected for 60 days and it took me to say that was the issue before my service could be fixed. For 60 days Telstra had no idea why my service hadn’t been activated. My complaints about privacy being breached are largely being ignored, no apology or explanation is forthcoming. And Telstra staff do not call -- they say they have -- highly likely they are still ringing the other customer -- not me -- still breaching privacy.

    • Jamie (Editor) says:

      Hi Julie,

      Thanks for getting in touch with us regarding a privacy breach. We take these very seriously and I would like to follow up. Are you please able to email me more detail?

      Thanks,
      Jamie

Leave a Comment


+ five = 7

Heads up! You are attempting to upload an invalid image. If saved, this image will not display with your comment.