TheStar.com – News – Rogers pins data dump on sales firm
Privacy has become more and more important in terms of preventing identity theft in this day in age. Companies like Rogers, CIBC, Winners and others claim they take the privacy of their customers to the utmost importance.
However, CIBC and Winners have recently been busted in terms of not protecting their client’s privacy. A Winners’ electronic database containing credit card information had been infiltrated by hackers. This meant that some credit card information was at risk of being stolen by the hackers.
CIBC was caught in violating the privacy of customers when a computer hard drive went missing. The hard drive contained 470,000 records of CIBC customers.
Recently, Rogers got involved in the game of ‘privacy follies’ when a senior found boxes of old work order records that contained the names, addresses, phone numbers, driver liscense numbers and credit card numbers. Rogers VP of Communictions, though, denies that credit card numbers were on the work order. Although, the Toronto Star did obtain some of the records when they visited the senior and they noted the numbers might be on the Rogers records in question. These records were found behind a coffee shop near a parking lot. In other words a very public place. The fact Rogers would let their customers’ personal information be poorly disposed in this way is astounding!
Even worse is the response by Rogers’ Vice President of Communications, Taanta Gupta, to the his company’s lack of respect for their clients personal information: “Clearly something went wrong….This is not information that should have ended up where it did.” One question to Mr. Gupta that every one of their current and past clients should be asking: “YA THINK?”
Rogers needs to re-look at their policies in terms of protecting their client’s personal information. In a further article, Rogers blames one of it’s contractors for not following Rogers’ policies in protecting customers’ personal information. The real question is in this day and age of the computer, why is Rogers releasing credit card information and Social Insurance Information to a third party in order to handle the ordering and installation? Last time I checked, that particular information is not required. So why does Rogers not use its technological superiority to remove this information from the customer’s records before forwarding it on to their contractors? Contractors should only be given private information on a need to know basis. For example, in order for a contractor to install Rogers high speed internet and cable services the only information the contractor would require is the name, address and phone number of the place these services would be installed. Thus, the credit card information and Social Insurance Number required for billing would not need to be released to the person installing the services. This information could be retained by Rogers themselves.
The idea of not allowing contractors to have too much information means that Rogers can ensure that their client’s personal information is retained by Rogers and not released to a non diligent contractor. Obviously a non diligent contractor was used in this case considering that personal information was easily available in near a parking lot behind your average coffee shop.
Corporations should not be releasing unneccessary information to subcontractors or unnecessarily within their own organization. Companies like Rogers, Winners and CIBC should be examining who and what type of information is accessible to their contractors and their own employees. This information (e.g. credit card information, social insurance number, address, phone number, etc.) should only be provided to employees and contractors on a need to know basis. There is database technology on the market that allows different levels of accessibility to this type of information. Thus a contractor installing services would only be allowed to access information that would be necessary to complete this task. However, someone in the billing department would be allowed to see the customer’s billing address and credit card information for billing purposes. In other words, there would be different levels of availability of customer’s information depending on what is needed to be known.
Corporations that are caught accidently releasing information should lose customer’s basis. This is because obviously these corporations do not care about their customers. If these corporations did, then obviously this information would be properly protected.
Recently there have been accusations that corporations have been trying to cover up their own messups in terms of releasing customers’ personal information. For example, Winners was accused of hiding the fact their electronic database had been compromised for months from their customers. This only further shows how much corporations care about their customers. Again, if these corporations had of cared about their customers, they would have properly protected their information. But then to even hide the fact this information may have been compromised only inflames the situation even more.
Corporations should be protecting personal information in order to prevent the theft of this information. Otherwise these types of corporations might find themselves with problems of theft, customers “thefting” their own money and moving their business someplace else.