As blogged about here last week, a reporter for MacLean's Magazine recently purchased the phone records of the Canadian Privacy Commissioner to prove the point that huge amounts of personal information are available for sale online (The Canadian Privacy Law Blog: MacLean's cover story on privacy and information brokers). It was a pretty effective illustration.
Now, the CRTC wants to know how it happened:
Halifax Live - CRTC Directs Three Phone Companies Investigate Privacy Breach Exposed by A National Magazine:
The Canadian Radio-television and Telecommunications Commission (CRTC) is calling the country's phone companies onto the carpet over revelations in Maclean's magazine that U.S. databrokers are selling the home and cellphone records of Canadian consumers.
In a terse letter dated Nov. 18, the telecommunications regulator demands that three phone companies immediately launch internal investigations into how the magazine was able to obtain the phone records of Canada's privacy commissioner, and another customer, via a Tennessee-based online service.
The companies have been given a strict 10-day deadline to report back to the commission with a host of information, including descriptions of the safeguards that were in place when the breaches occurred, explanations of how the companies verify customer identity and new measures being taken to improve security.
The phone carriers have had little to say publicly about what steps are being taken to tighten internal security. But, in response to the Maclean's cover story, Bell Canada did issue a press release in which the company provided assurances that its customers' privacy was considered a priority and in the case of the Maclean's magazine ability to breach security, the information was obtained through "subterfuge and misrepresentation" acording to Bell's press release.
The Bell press releases continues, "This problem has affected others in our industry, both in Canada and the U.S. The Company is continuing to investigate whether there are any legal actions, either criminal or civil, that Bell or others in the industry, or government agencies can take to stop these fraudulent practices and protect consumers."