0370 270 6000

T-Mobile staff sold personal data

20 November 2009

On Wednesday it was reported that staff working at T-Mobile had passed on details of thousands of their customers to third party brokers. The brokers sold data about customer’s renewal dates to other phone firms, so that they could cold call the customers prior to the expiry of their existing contracts with T-Mobile.

T-Mobile said that data had been sold without their knowledge, and they had worked with the Information Commissioner to identify the source of the breach. The Information Commissioner is preparing a prosecution against those responsible.

The story is the latest in a line of high profile cases involving the illegitimate sale of personal information, and public concern about the use of the large amount of personal data kept by organisations is running high.

However the value of selling personal data would seem to outweigh the risk of being caught and punished at present. The current maximum penalty under the Data Protection Act is a fine of £5,000.

How highly should this type of information be valued? Would the threat of a higher fine or a prison sentence deter such activity?

Related opinions

80% hours for 100% pay? That’ll do nicely

As has been widely reported this week, some 3,000 UK workers are taking part in a six month trial to assess the viability of a four-day working week without any reduction in their normal pay.

View blog

Right to Work Checks: Changes from 6 April 2022

From 6 April 2022, right to work checks on all migrant or settled prospective employees must be online and checks on British or Irish nationals will be manual (free) or digital (charged for).

View blog

Are whistleblowers entitled to keep their employer’s confidential documents?

In Nissan v Passi, the High Court recently considered the issue of an employee retaining confidential documents belonging to his former employer in the context of the employer’s application for an injunction seeking the return of such documents from the employee.

View blog

Do you collect personal data from children, whether deliberately or by accident? If so you’d better read this…

If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.

View blog

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up