Sarah Gee - partner

Data for Sale?

Posted by Sarah Gee - partner on 10th March 2010

The news breaking this afternoon that T-Mobile staff sold customer information on the open market doesn’t surprise me in the least. It’s a sad fact of human nature that someone will exploit a security loophole for personal gain if it exists, particularly as the ‘going rate’ for selling such data is very high. In this case the data was purchased and used by a rival mobile phone firm in an attempt to secure new customers as their existing contracts came to an end, rather than the more usual situation of it being used to buy holidays, music or even Christmas presents, but nevertheless the potential for exploitation of personal data on every level is enormous.

Having spent the last few years working with arts venues all over the UK, I know that the same would be true of theatres up and down the country. Think about it: they have credit card details for most of their customers, plus name and address details – in other words, everything a criminal would need to make fraudulent online purchases. When I’ve asked venues about their data policies, most of the answers have been woolly, with some organisations giving every single employee open access to your data. No encryption, no privacy, no safeguards.

Christopher Graham, the Information Commissioner, would like to see custodial sentences for those who trade in personal data, saying “The existing paltry fines… are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent.”

Let’s hope that these strong words will convince the arts sector that the potential for their staff to trade customer information is a real and present danger, and compel them to act now before we face such a scandal.

Leave a comment