Enforcement Key to Prevent Data Scandals, says Brill

Mark Brill, Chair of the Direct Marketing Associations Mobile Council, and CEO of mobile marketing firm txt4ever, says that in the fuss over the T-Mobile customer data sale scandal, two major issues have been overlooked. The first concerns corporate responsibility, the second, enforcement.
While applauding T-Mobiles management team for contacting the authorities as soon as the company realised what was happening, Brill believes the operator could and should have done more to prevent the scandal from happening in the first place.
It is possible to obfuscate data so that a simple export would not be possible without authorisation from someone at a senior level, says Brill. He notes also that tying names and addresses up to contract information is bad data practice.
There are enough technology solutions available to enable the information about any one customer to be available to someone making calls in a call centre, without making the whole database available to export, he says.
On the enforcement side, Brill feels the Privacy in Electronic Communications (PECA) regulations need to be more explicit about what type of due diligence needs to be carried out by those acquiring data.
Data is often sold and resold many times, but the regulations require little more than asking the company that is selling the data if it has been properly obtained, says Brill. Its fine for the Information Commissioner to say he wants tougher sentences, but first of all, there needs to be more clarity about the kind of due diligence companies need to carry out when acquiring data. It doesnt matter that the penalties are, if you cant enforce them, its utterly pointless.