Wanted: 3,000 eager weathermen

Can I get some privacy over here?

JONATHON GATEHOUSE July 23 2007
Wanted: 3,000 eager weathermen

Can I get some privacy over here?

JONATHON GATEHOUSE July 23 2007

Can I get some privacy over here?

JONATHON GATEHOUSE

A 21-month investigation by the office of Canada’s privacy commissioner has concluded that human error and lax controls were to blame for the embarrassing disclosure of her personal phone records to Maclean’s. In findings released Tuesday, Jennifer Stoddart’s office pointed the finger at three of the country’s biggest telecoms—Bell Canada, Telus Mobility and Fido—saying the companies failed to follow their own policies when they handed over her home, cottage and office call records, as well as the cellphone bill of one of the magazine’s editors, in the fall of 2005. “In each case, we found that customer service representatives had not followed the companies’ established authentication procedures,” Raymond D’Aoust, the assistant federal privacy commissioner, said in a statement. “We also found that training of customer service representatives was not comprehensive enough to protect customers’ personal information from illegal access by pretexters.”

As part of a special investigation into the protection of personal information, Maclean’s hired the services of a U.S.-based databroker, Locatecell.co??i, which boasted it could obtain anyone’s phone records for just $200. (The company has since been driven out of business by phone company lawsuits and state and federal enforcement actions. But the problem persists with dozens of other websites offering similar services.) The privacy commissioner’s investigation concluded that Locatecell used a variety of tactics to try to access Stoddart’s call records, eventually posing as her on the phone and convincing telecom workers to read out the billing information.

The report chides the phone companies for not being better prepared to deal with data-fishing since the phenomenon was wellknown in industry circles. But it concludes that all of the telecoms have since taken steps to tighten their controls over private information and improve employee training. The privacy commissioner does not have the power to levy fines for misconduct. M