Vodafone is more than a little embarrassed this morning when
a customer was contacted by a complete stranger saying she had her email and personal data. The stranger had bought a
“new” iPhone and yet it was a refurbished model and Vodafone had failed to securely
remove the old customer’s data.
As this is a clear data breach of personal data and I am sure
the Information Commissioner's Office (ICO) would be interested. Vodafone don’t do this work
in-house but are still responsible. They use one of many “professional”
refurbishment businesses which have grown up very quickly to support our insatiable appetite
for smart phones and the need to recycle them when we chose to change.
The speed of change is a challenge for the market. People, just like those in this story
wish to change frequently and without hassle, in this case from Apple to
Samsung. However the manufactures,
networks and the whole supply chain who support them have been slow. Slow to understand the importance of personal
data.
A director of one refurbishment company once said to me; “I
don’t get all this fuss about data. It’s the same data when it’s in their hand
or pocket”. He’s right to a limited extent however he’s missed the real
issue. When the data is in our hand it’s
in our control and we are responsible for it - a sort of micro-controlled environment. If we lose it or it’s stolen we can take remedial
action. We can contact our bank, the
network to block the phone or even remotely wipe the device with some providers.
When we trust responsible others including networks and “take
back” service businesses we expect them to adopt a “duty of care”. We TRUST them with our data. In my view this is a wholly misguided trust. If the directors of these businesses “don’t
get it” they can’t be trusted. If
networks the size of Vodafone don’t have sufficient fail-safes in their procedures
we clearly can’t trust them either.
It’s our data and we should either ensure it is safe
ourselves or seek guarantees and evidence that it has been destroyed. As the CEO of Blancco (a Finnish company who
provide secure erasure software for PC’s and Phones) once said; “It’s not about
the data erasure. It’s about the data
about the data erasure”. What he was
saying is that we must prove the data has been destroyed and have evidence.
We simply can’t trust people sitting in factories doing repetitive
tasks to get it right 100% of the time.
At best it’s perhaps 98%. With
over 60m phones in the UK alone changing every, say three years that could mean
400,000 phones with data on all out there somewhere!! I think,
however this is a huge underestimation. In
my view most phones never make it to the desk of the poor person whose job it
is to wipe them. Most are shipped abroad,
mainly to China, India and Africa. In
these areas your data has a VERY sinister value. "EH from London" was VERY lucky. Her data didn’t find its way in to the wrong
hands.
For close to 20 years now I have been trying to make people aware
of the data they throw away. We have
found Sir Paul McCartney’s bank details and missile launch codes on thrown away
hard drives. Phone and hard drives
contain a snapshot of our lives and we carelessly throw that data away on the trust and hope it will be managed correctly.
We live in a blind faith that big companies and recycling centres will
look after our data.
Jon Godfrey is a Director of Intelligent Lifecycle Solutions who provide services including the refurbishment and recycling of Hard Disk Drives, Mobile Devices and technology equipment.
http://www.lifecyclesolutions.net
http://www.lifecyclesolutions.net
Vodafone rings up complaints selling my old iPhone and data as new
A stranger phoned to say that she had bought my iPhone from Vodafone – and it still had all my data on it
Email
I signed a two-year contract with Vodafone and got a new iPhone, before deciding to switch to a Samsung. I was assured by the store that all my personal data would be removed from the iPhone before it was sold on as used.
A few weeks later I got an email from a stranger saying she had my iPhone with all my data, including my email account. Vodafone had repackaged my old phone and sold it as new!
Vodafone customer service insisted this data breach was "impossible" and refused to apologise. Three months on I have still received no explanation. To make matters worse, the new Samsung phone does not work. Vodafone will not provide a replacement, nor "courtesy phone" while it's sent off for three to four weeks for repair. EH, London
Almost as worrying as the data breach is the fact that a used phone was sold as new. Vodafone explains that its returns policy allows customers to change their mind within seven days and, if the seal of the handset is unbroken or there is less than five minutes' activity on it, it is wiped and resold as new.
Interestingly, once your complaint is forwarded under The Observer banner, Vodafone realises it has a case to answer after all. "For the process to fail in this way is extremely rare and our corporate security team is investigating," says a spokeswoman, who has also started an inquiry as to why customer services was so hopeless. The company has offered you a new phone and a reduced rental deal but, unsurprisingly, you prefer to seek another provider and so, in a magnificent gesture of contrition, it has released you from your contract without a termination fee.
No comments:
Post a Comment