On Wednesday it was reported that staff working at T-Mobile had passed on details of thousands of their customers to third party brokers. The brokers sold data about customer’s renewal dates to other phone firms, so that they could cold call the customers prior to the expiry of their existing contracts with T-Mobile.
T-Mobile said that data had been sold without their knowledge, and they had worked with the Information Commissioner to identify the source of the breach. The Information Commissioner is preparing a prosecution against those responsible.
The story is the latest in a line of high profile cases involving the illegitimate sale of personal information, and public concern about the use of the large amount of personal data kept by organisations is running high.
However the value of selling personal data would seem to outweigh the risk of being caught and punished at present. The current maximum penalty under the Data Protection Act is a fine of £5,000.
How highly should this type of information be valued? Would the threat of a higher fine or a prison sentence deter such activity?