O2 suffers data leak – but do they care?

Mobile giant 02 have suffered a couple of embarrassing gaffs this week. Firstly it was revealed that they had been inadvertently been passing their customers phone numbers on to any site that they visited when using O2’s 3G network on smartphones. With almost half of O2’s customers using smartphones, the data leakage could possibly have affected up to 15 million people.

O2 blamed a ‘technical’ glitch and has since stated the problem has been resolved and apologised to its customers. However a leading consultant at Sophos, Graham Cluley, commented that such issues had “been known about for almost two years at least”.

The Guardian reported yesterday that O2 also ‘regularly hands over subscribers’ phone numbers to sites that offer age-restricted material and premium-rate billing, whether the users realise it or not.’

What?! I hear you cry. The Information Commissioners Office’s is considering investigating the incident however it seems unlikely that that any action will be taken as a mobile phone number, in the eyes of the ICO, on its own, is not considered as a ‘personally identifying information’.

Even though, with your number being passed onto potentially anyone under the sun, you could be the subject of phishing attacks, reverse charge texts and unsolicited marketing.

These incidents further highlight what companies do with our data when we’re surfing the internet; and how little we actually know as consumers. And what can you do as a consumer? Where is the avenue for reproach? We’ll all be politely told that the issue was a ‘technical problem’ and has now been resolved. But when did we sign up for this in the first place? I mean if, when you bought your latest phone, there were questions like: “Would you like us to share your information with every single website you visited?” Or, “Would you like us to pass your details on to sex chat services?” You would tick yes to these?!

Often terms and conditions are deliberately confusing, long winded and impenetrable for consumers; allowing the service provider you’re signing with the legal ambiguity to do with your information as they wish. But in the instances referenced in this article, this wasn’t the case. One was an error and the other – passing customer details onto premium and age-restricted sites – well, no one seems to know. O2 have thus far refused to comment. Are they allowed to do this?

One thing is for sure. Such instances cause huge brand damage and loss of custom. Retaining customer loyalty and brand image is of huge importance to all businesses and organisations. I dare say that if an SME suffered an instance like this that they would have a far more difficult time of it. Protection of customer data is important. The data protection act says so.

But I often wonder, when the brand is so big and they have so much money, as in the instance of Playstation last year, and now someone like O2, are they beyond the pale?

You can read more about data protection and the Data Protection Act here >>>