The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, June 23, 2005
An undercover reporter, working for the Sun, managed to buy extremely sensitive personal information from an Indian call centre employee. The story is all over the media and the police are investigating.
Looking into my crystal ball, I think this story will have significant repurcussions, at least in the United Kingdom. I am sure that there are corruptible employees all over the world, but this story has additional interest because of the increasing concern about offshoring personal information processing.
Companies are increasingly looking closer to home for places to economically outsource this sort of data processing, particularly places with low costs and robust privacy law enforcement. Nova Scotia has become a centre of oursourcing and companies are moving operations from India to Nova Scotia.
But back to the original story. From the Sun:
The Sun Online - News: Your life for sale:
"Harvey, who paid a total of 5,000 US dollars (£2,750) for the information and was asked for another £275 to be sent later, was told details usually cost £4.25 but he was getting a special deal.
Kkaran Bahree, who said he got the details from a network of call centre workers in Delhi, also boasted that he could get up to 2,000 account details a month.
The information received included account holders’ addresses, secret passwords, credit card details, passports and driving licence information.
In some cases there were also the issue and expiry dates of bank cards, as well as the three digit security number from the back of the card.
A spokeswoman for the City of London Police said: "All the financial institutions identified have been fully informed of the situation.
"An investigation is now under way. Therefore it would be inappropriate for us to provide further details at this stage."
The spokeswoman said The Sun handed police the names of banks that might have been compromised following an investigation into the security of financial information held at foreign call centres.
"At this stage we are not fully aware of the breadth of what we are going to be investigating."
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.