blog We couldn’t help but be amused by this media release which Australian Privacy Commissioner Timothy Pilgrim issued this morning noting how Telstra had been reined in for a privacy breach which saw the information of 15,775 customers, including some 1,257 with silent numbers, made available publicly on the Internet between February 2012 and May 2013 (that’s right, that’s more than a year). Pilgrim made a strong statement regarding the issue, saying:
“This incident is a timely reminder to all organisations that they should prioritise privacy. All entities bound by the Privacy Act must have in place security measures to protect personal information.”
And Telstra has agreed to undertake a number of actions, including exiting the software platform on which the incident occurred, establishing a clear policy for central software management, and reviewing contracts with third parties relating to personal information-handling.
However, we can’t help but suspect that the telco considers itself to have gotten off relatively scot-free from the debacle, paying an infringement notice of only $10,200 in relation to its contravention of an earlier direction on the issue by the Australian Communications and Media Authority. Just to remind people: Telstra made headline sales revenue of $25.5 billion in 2013, with net profit of $3.9 billion. A measly $10k should not even be counted as pocket change compared to that sum; it’s not even what, in journalistic parlance, we usually refer to as a “parking fine”. No, in the context of Telstra’s finances, it’s basically nothing.
Of course, as the media release points out, from 12 March this year (that’s tomorrow), new privacy laws will be introduced. The Privacy Commissioner will be able to make a determination, accept written undertakings that will be enforceable through the courts, or apply for civil penalty orders which can range from $340,000 for individuals and up to $1.7 million for companies. That’s certainly a lot more than $10k. But we still think it adds up to not much when we’re talking about companies as large as Telstra.
For more information on what happened, read the Privacy Commissioner’s report here.