Speaking of notifying consumers about a breach, the House of Commons – Home Affairs Committee report, “Unauthorised tapping into or hacking of mobile communications,” was released yesterday and notes how mobile operators failed their customers by not notifying them that their privacy and records had been breached:
However, the companies cannot escape criticism completely. Neither Vodafone nor Orange UK/T-Mobile UK showed the initiative of O2 in asking the police whether such contact would interfere with investigations (and O2 told us that they were given clearance to contact their customers only ten days or so after being informed of the existence of the investigation). Nor did either company check whether the investigation had been completed later. They handed over data to the police, Vodafone at least sent out generalised reminders about security (Orange UK/T- Mobile UK may not even have done that), they tightened their procedures, but they made no effort to contact the customers affected.
We find this failure of care to their customers astonishing, not least because all the companies told us that they had good working relationships with the police on the many occasions on which the police have to seek information from them to help in their inquiries.
— Paragraphs 26 and 27 in Conclusions
Via Inforrm’s Blog
Although not in force when the phone hacking occurred, there is a new UK data breach notification requirement in force now, for Telcos and ISPs: http://www.pcpro.co.uk/news/security/366943/isps-forced-to-come-clean-on-data-breaches
Emma.