news Mobile telco Vodafone has confirmed it access the call records of an Australian journalist in an effort to determine the source of a negative story about privacy breaches in its operations.
In 2011, Fairfax journalist Natalie O’Brien — a Vodafone customer at the time — published a series of stories relating particularly to one of Vodafone’s customer records platforms — a Siebel-based system which the journalist had written was leaking data publicly.
In response to a story in The Australian newspaper on Saturday, over the weekend Vodafone issued a statement (PDF) confirming that at the time, one of its employees had accessed the phone and text records of a customer believed to be O’Brien, in what appears to be an attempt to ascertain O’Brien’s source.
“In around June 2012, [Vodafone Hutchison Australia] became aware that an employee had, in January 2011, accessed some recent text messages and call records of a customer,” the company said.
“VHA immediately commissioned an investigation by one of Australia’s top accounting firms. The investigation found there was no evidence VHA management had instructed the employee to access the messages and that VHA staff were fully aware of their legal obligations in relation to customer information.”
The company said that its investigation had taken place to determine if any of its staff had breached privacy laws or engaged in any criminal behaviour, “not to discover the source of damaging media stories”. “As a result of our investigation, several retail staff were dismissed for breaches of VHA security policies,” it added.
The company said in its statement that in general it strongly denied any allegations of improper behaviour.
“VHA takes its legal and corporate responsibilities very seriously,” the company said. “Over the past four years, VHA has invested heavily in the security of its IT systems. The company has very strict controls and processes around the privacy of customer information, and has appointed a dedicated privacy officer.”
“The privacy of our customers and protection of their information is our highest priority and we take this responsibility very seriously.”
The telco made a number of additional statements relating to the accuracy of the initial story as reported on Saturday by The Australian, as well as the historical context of the situation in 2011 and 2012.
I am not surprised by this story.
I’ve been a journalist reporting on Australia’s telecommunications sector for a long time. In that time, there have been many stories of great import reported about Australia’s major telcos. I would be extremely surprised if there have not been a number of occasions when a journalists’ data had been accessed. The data is there, after all — the temptation to access it would have been irresistible from a telco employee’s perspective.
Nor am I surprised by the instant reaction which Vodafone appears to have taken internally. The company’s move to bring in an external auditor to examine the situation exhaustively is a very solid one. The company’s management would have been aware that pulling the call and text records of a journalist is a highly controversial act.
None of this is a huge surprise, although obviously Vodafone’s action is outrageous.
However, I do hope there will be further legal follow-up on this issue. Former Communications Minister Stephen Conroy questioned the NBN company’s chief executive Bill Morrow — who was Vodafone chief executive from March 2012 — on the issue in the NBN Senate Select Committee this morning. The Senator made the point that it was illegal to access such data.
Will this matter be referred to police for investigation? I certainly hope so. The recently passed Data Retention legislation means that telcos such as Vodafone will be keeping vastly more data than they previously were. Accordingly, the penalties against companies who illegally access journalists’ data for the purpose of tracking down whistleblowers must be strictly enforced, to dissuade this kind of behaviour from happening again.