I hate spam. I get lots of it. Some of the spam I get is obviously the result of poor control over corporate data. For example, some dishonest T-Mobile UK employee must have thought it would be a good idea to profit from the email addresses of everybody working there. As a result, I used to get lots of spam at firstname.lastname@example.org back in the days when I worked there. Two years after I left I went back again to work on a project. When I went back I found that the same spammers were still spamming my old email address (somebody needs to take a look at those spam filters…) But at least spam is visible. We can see what is happening with our data. If data can be given to spammers, it can also be given to people prepared to do far worse.
They say that information is power and time is money. But you can combine those phrases in many ways. Information is money. At the moment, telco and media businesses are trying desperately to gather as much information about us as possible. Take a look at recent announcements relating to Google. Whilst Google is keen to get as much data as possible to boost revenues from targetted advertising, the EU is concerned that Google’s policy of retaining search data for 2 years is excessive and hence illegal. But how much of the money made from information is being spent on security? The problem here is that people with the right access might find it very easy to steal data and sell it on to a criminal enterprise.
Whenever I am looking for an example of a telco that got things spectacularly wrong, I think first of Bulldog. Bulldog is the now partly defunct broadband ISP purchased by Cable & Wireless. And right on queue, here is a news story of how a Bulldog executive stole the customer database. One source of comfort to Bulldog will be that the potential for illegality will be limited because, according to former customers, most of their data was wrong to begin with ;) Another source of comfort to Cable & Wireless is that the reputation damage will be next to nothing. When Cable & Wireless bought Bulldog, it had a great reputation with retail consumers, but comprehensive mismanagement caused C&W to pull the plug on Bulldog long before this example of wrong-doing and poor governance came to light. But the underlying question remains for telcos that intend to do better than Bulldog did. The question for telcos and media companies is: have you balanced the value triangle for information, security and reputation? Some of the money made from gathering and holding information has to go back into security. And if not enough goes into security, the cost will be paid elsewhere – in terms of reputation.