Protecting cell phone users' privacy

(continued from previous page)

the account. They may, for example, call a customer service operator and ask for a copy of the last few months' bills. They then ask to have it sent to them via e-mail, fax or a mailing address not listed on the account. Called "pretexting," this practice is already illegal for people trying to fraudulently obtain financial records. The new laws that are being introduced further clarify the strictures against such behavior and will make it explicitly illegal to pretend to be someone else to obtain billing information for phone service.

"The kinds of information that is available in call centers, coupled with access to the Internet that people working in these centers have, is a perfect storm for data breaches," said Kit Robinson, the director of corporate communications for Vontu. "The key to protecting data in any company is having a policy about how to handle sensitive data and enforcing it from a personnel perspective, as well as from a technology perspective."

Experts say there are several things that the cell phone companies can do to mitigate these issues.

It seems to me that the most sensible action we can take quickly to thwart the buyers and sellers of personal phone records is to make pretexting illegal.

--U.S. Rep. Joe Barton, Texas Republican

• Do not send billing information to fax numbers or e-mail accounts that the mobile operator cannot verify are owned by the customer. This could be easily fixed by only sending records to the mailing address on the account.

• Require customers to have a password to access their call records or billing information. When someone calls for information on the bill, they must enter a secure personal-identification number to get data. Customers can request that this be added to their account, but most cell phone operators do not require it.

• Send short text messages to customers' cell phones every time there is a request for their personal information. They can respond to these messages to authorize the delivery of this information.

• Implement internal auditing tools in call centers. Several companies offer software that can look for anomalies in employee behavior to see if a particular worker may be mishandling data. For example, if an employee accesses dozens of files at the end of every shift, it may because that employee is copying files and selling them.

Policies and procedures
Despite the widespread availability of all kinds of billing information on the Internet, Cingular and Verizon claim they have already been implementing many of these safeguards. And, they say they are continually improving security.

"We are constantly looking at our policies and procedures as it relates to customers and their interaction with the company," said Jeffrey Nelson, a spokesman for Verizon. "I can't say what exactly we've been doing internally to protect customer information, but we are looking at best practices in other industries that deal with even more sensitive information than we do. We've already started taking steps toward improvement."

Cingular said that it has also been focusing on improving how it handles customer data and how it trains employees to deal with people seeking sensitive information.

"Some of the steps we're taking are more human in terms of training and ensuring that our employees follow strict guidelines," said Mark Siegel, a Cingular spokesman. "We're using this situation as an opportunity to tighten our security and improve the good work that our employees are already doing."

But some people, including lawmakers, say it's clear that more needs to be done to safeguard customer information.

"The protection of an individual's personal information is a high priority with me," U.S. Rep. Joe Barton, a Texas Republican and the chairman of the House Energy and Commerce Committee, said in a statement. "While businesses have legitimate reasons to compile and keep the data that define our lives, they have a responsibility to safeguard it as if it were their own."

Barton is introducing a bill in the House of Representatives that will make pretexting for obtaining phone records illegal. And he is also calling for penalties for cell phone operators that do not properly protect personal information.

"It seems to me that the most sensible action we can take quickly to thwart the buyers and sellers of personal phone records is to make pretexting illegal," he said. "I will introduce legislation to accomplish that, and my bill will substantially increase the penalties if telephone companies release consumer telephone records without the permission of the consumer."

[Rita McKee]

Selling of personal data from ANY source

If the Supreme Court would make a clear blanket ruling confirming the right to privacy, laws covering each and every infraction would not be necessary.

Lawmakers could also separately pass legislation stating that every American has sole and exclusive property of their personal information, and setting the punishment bar high for those who infringe upon that property.

[DougDbug]

Supreme court????

With the recent and upcoming changes to the court, I wouldn't expect the court to be "making up" any more new privacy laws.

Your second comment is more on target. It's the legislatures job to enact laws, and they can respond more quickly to the will of the people. And, its much easier for the legislative branch to reverse a mistake than it is to reverse a bad supreme court precedent.

[zaznet]

Information has too much value

There is too much value in the information, and some is used for legitimate purposes. It is the fraudulent use that needs to be stopped, not all use of personal information.

[Seaspray0]

Rules are never followed

If you think that the rules would be followed, think again. Your social security number was originally designated that the only people who have the right to aquire it were government agencies, financial institutions that dealt with providing you income (interest), and your employer. Any request for your number is supposed to be accompanied by a written document stating the purpose and intended use of your number. Nobody else has the right to ask you for your social security number as a means of identification.

Today, just about everyone wants your social security number. Just about every bank will refuse to open a checking account without it even though no interest is involved. Almost every hospital form requests your social security number. Try and get a credit card without disclosing your social security number, it won't happen. Many businesses these days will refuse to do business with you unless you provide your social security number even though they have no legal right to even ask for it. The rules ARE NOT being followed as it is.

[CharlesRovira]

If I get a cold call on my cell phone,

I intend to sue my provider.

I pay for every call. I don't want to have to pay for some idiot trying to sell me hemmorhoid cream.

I'd rather avoid getting reamed in the first place. The people who have my cell phone number are the people I WANT to have my cell phone number.

The others can leave me alone.

[zaznet]

Not what this is about...

They would need information about you already. Name, cell #, maybe even the carrier you use.

[MasqueNumber]

get a Masque Number...

I so totally agree with you I created that service, to get rid of nuisance calls.
Check it out, I'm sure you'll like it!

[DougDbug]

How about a "sting operation"

It would be really easy for the phone companies to set-up a sting operation to find out whos leaking the information& if they really want to. Fire a few employees, terminate a few contracts / contractors, make some security fixes, and these abuses would drop way off.

[zaznet]

Too costly.

It would be too costly for most operators to do such an operation though. This won't happen until cell phone owners sue their carriers for breach of contract. They have to see that not doing something costs more than doing something.

If you doubt that is how the business world works, look at the recent mine explosion in WV. The company didn't do anything to fix problems because it cost more to comply than to just leave it alone. Now they are going to be hurting with some law suites as well as fines from the government. The sad part is those miners who were not killed will likely end up out of work.

[ballssalty]

IT ALREADY IS A CRIME - You don't need new legislation!

They obtained the information through fraud. That is a crime. What new legislation is needed? They should easily be able to shut them down and prosecute.

[MasqueNumber]

You should get a Masque Number...

That way your calls are protected away from your operator.
And since you can identify who calls you by "calling-id" (the number used to call you), you are able to trace back to the people you gave your Masque Number to, in case it gets compromised by nuisance calls or identity theft.
You can check the call records of your Masque Number online with your password, and that's all.

<a class="jive-link-external" href="http://www.masquenumber.com" target="_newWindow">http://www.masquenumber.com</a>

[Zak70smith]

One of the best file searchers and download centers is here <a class="jive-link-external" href="http://megaupload.name/" target="_newWindow">http://megaupload.name/</a>
Find al the necessary information there!