T-Mobile employees 'sold personal data'Thousands of mobile customers' details sold

18 November 2009

A close-up of someone holding a mobile phone.

Mobile contract information for thousands of mobile phone customers was unlawfully collected and sold to third-party mobile retailers by T-Mobile staff, it has been revealed.

The breach of the Data Protection Act, which bans the selling on of data without prior permission from the customer, was disclosed following an investigation by the Information Commissioner's Office (ICO). The ICO is responsible for promoting openness by public bodies and data privacy for individuals and for enforcing and overseeing the Data Protection Act.

It's virtually impossible for consumers to prevent this type of unlawful use of their personal details, but you can find out how to protect yourself from other attacks on your privacy using Which? advice on how to beat identity fraud and protect your online ID.

Why is mobile contract information valuable?

The ICO investigated after mobile operator T-Mobile alerted it to possible unlawful activity by its staff, suggesting that employees had allegedly sold details relating to customers’ mobile phone contracts, including their contract expiry dates.

Your mobile phone contract renewal details are valuable to third party mobile phone retailers since it enables them to contact you as your mobile contract nears its end, when you are more likely to be open to marketing calls offering you a new mobile deal. 

Protection from mobile misselling

Many mobile sales calls are lawful, and there are rules in place to prevent the misselling of mobile services, however mobile misselling still happens.

If you receive a cold call from a mobile retailer as your mobile phone contract nears its end, Which? mobile services expert Ceri Stanaway advises: 'If you're not interested, firmly make that clear to the mobile salesperson and ask to be removed from calling lists.

'If you'd like to hear what mobile tariffs they have to offer go ahead, but don't be swayed by pressure-selling or one-day-only "bargain" mobile deals - you may get a better deal shopping around using buying guidance from the Which? reviews of mobile phones and the best mobile provider.

'Many people don't realise that you can commit to a contract verbally - you don't have to sign anything to be tied in - so be careful not to imply agreement and never give out your bank details unless you're sure the mobile tariff on offer is right for you.'

You can reduce the number of legal cold calls you receive by signing up to the Telephone Preference Service and taking care to opt out of receiving marketing calls when filling in forms that include personal details such as your phone number.

Data protection breaches 'a problem for the whole industry'

T-Mobile says it takes the protection of customer information seriously. It told Which?: 'When it became apparent that contract renewal information was being passed on by an employee to third parties without our knowledge, we alerted the Information Commissioner’s Office. Working together, we identified the source of the breach which led to the ICO conducting an extensive investigation which we believe will lead to a prosecution. 

'While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry.'

T-Mobile has stated that records sold were historical information on customers whose contracts were coming up for renewal in a 15-month period up to December 2008 and that information passed on to third parties was restricted to the customer name, address and contractual renewal information and did not include any financial or security-related details.

Information Commissioner Christopher Graham has used this breach of the Data Protection Act to highlight the need for custodial sentences as a deterrent for such unlawful activities, rather than the current penalty of a fine. 

He says: 'Many people will have wondered why and how they are being contacted by someone they do not know just before their existing phone contract is about to expire. 

'We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data. But, we will only be able to do this if blaggers and others who trade in personal data face the threat of a prison sentence.

'The existing paltry fines for Section 55 offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent.'

Read more about the Data Protection Act in the Which? guide to protecting personal details.

How to follow the latest Which? Tech news

Are you a Twitter user? Follow WhichTech on Twitter for regular tech tweets.

Prefer RSS? Don't miss a thing with the Which? tech RSS feed

For just the main headlines in newsletter form, sign-up to our weekly Which? tech email.

Apple iPad 2 3G data plans compared - find the best 3G plan for your iPad
Best Android tablets round-up - we look at the best iPad alternatives around
Best cheap laptops for under £500 - find the best laptop deals