0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

T-Mobile staff sold personal data

20 November 2009

On Wednesday it was reported that staff working at T-Mobile had passed on details of thousands of their customers to third party brokers. The brokers sold data about customer’s renewal dates to other phone firms, so that they could cold call the customers prior to the expiry of their existing contracts with T-Mobile.

T-Mobile said that data had been sold without their knowledge, and they had worked with the Information Commissioner to identify the source of the breach. The Information Commissioner is preparing a prosecution against those responsible.

The story is the latest in a line of high profile cases involving the illegitimate sale of personal information, and public concern about the use of the large amount of personal data kept by organisations is running high.

However the value of selling personal data would seem to outweigh the risk of being caught and punished at present. The current maximum penalty under the Data Protection Act is a fine of £5,000.

How highly should this type of information be valued? Would the threat of a higher fine or a prison sentence deter such activity?

related opinions

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

Cyber risks – are businesses really ready?

The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.

View blog

Landlord and tenant inspections - getting the evidence right

In Rogerson v Bolsover District Council (2019) the Court of Appeal found against a local authority landlord pursuant to the Defective Premises Act 1972 following a finding of an inadequate inspection regime.

View blog

As Japan becomes 'adequate' for data protection laws...will the UK soon become 'inadequate'?

On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.

View blog

mailing list sign up



Select which mailings you would like to receive from us.

Sign up