Happy New Year to everyone.
Interesting that I get to kick off my first post of 2011 on what could be considered the largest privacy breach in Australian history.
In away, I think we need to be greatful that the Vodafone privacy scandal has drawn so much attention. We (Australia) never had our Heartland or TJX or anything like that. Our complacency and lack of strict privacy regulation means that we don't get to see the notifications of privacy breaches. Some companies, such as Telstra have "voluntary notification policy" concerning privacy breaches but perhaps I'm one of those skeptics who wonder just how much they would "volunteer" if they were put to the test.
Potentially, this incident has the chance to bring about change on the legal landscape. In reality, it is no doubt being lost in the deluge (no pun intended) of news concerning the Queensland floods.
There is a lot of blogging going on about the basic security controls that Vodafone could have/should have implemented but didn't. I'd love to wag my finger at them and say how naughty they are but the reality is that this is FAR MORE COMMON than most people are aware of and what security professionals can tell.
The best thing security conscious folk can recommend is that if consumers give a shred about their personal information in any respect (including SMS messages and call usage btw) then I suggest you push anyone and everyone you know who is using Vodafone to another carrier. I am already telling immediate friends and family who use them to make the switch. I urge you to do the same.
The only thing companies understand are dollars and cents. So make the message strong and clear - tell these businesses we will not accept poor security. Personal information does have a value and its high time companies recognise the cost of failing to protect it.