• Media Enquiries

    07505 448925(24hr)

Where is your data anyway?

At the weekend, the Sunday Times broke news of how Indian call centre staff had been caught offering stolen personal information for sale – stolen from UK companys and available for as little as 2p per person. They boasted credit card details, mortgage and loans and phone contracts.

The 1998 Data Protection Act prohibits the transfer of personal information outside the EEA unless there is an adequate level of protection for the information, and for individuals’ rights in relation to that information. If the data is lost, stolen or misused then the UK-based organisation is liable.

The law is clear and back in 2006 Deputy information commissioner David Smith warned “a UK-based business outsourcing a call centre or other aspect of its data processing abroad remains legally liable for any failings. It could face legal action by the Information Commissioner’s Office and by an individual even if a breach takes place outside the UK.”

However, the drive to reduce costs has seen call centres, services and some data hosting move to lower-cost countries, with the latest example being data from the Driver and Vehicle Licensing Agency, including addresses and registration plate numbers, along with credit card details, nowbeing available to staff outside the UK after ministers changed an earlier decision to allow IBM to reduce costs.

IBM runs the congestion charge zone for Transport for London (TfL) and the changes to allow staff abroad to access data is expected to be completed by 18 May.

The risks around off-shoring data are clearly substantial if it is not done in a tightly-controlled way. Whether allowing staff to access data, or physically moving the data abroad, it is essential that the rush to save money does not lead to irrepairable damage to privacy and data security.

Posted on by Big Brother Watch Posted in Data Protection, Information Commissioner, International, NHS, Technology

3 Responses to Where is your data anyway?

  1. protect our data

    This is outrageous and we should be able to safeguard our data.  The Information Commissioner needs to do much more to protect our data.  As individuals we can all do everything we can to keep our data as secure as we possibly can.  But what chance do we have when companies give our data to untrustworthy companies?   

  2. Dave

    When I worked for AVIVA they were using call centres in India, although it was not made public.  I wonder what information they have access to?

  3. Lenny Bruce

    You can be sure that the indian workers who were able to get this info worked in the telecoms business. Like “3″! or Virgin Media. It is companies like these who primarily have their customer service base in India, but are dealing primarily with foreign customers, who are in prime position to abuse the data at their disposal.

Add a Comment