TalkTalk seems to have been compromised yet again (despite being warned) with an unspecified number of customer records being put at risk and all we get from the company is sorry, relayed by a CEO who seems completely out of her depth with even the basics of computing

Coupled with this is a fake concern whilst at the same time off-loading responsibility for TalkTalk’s abject failures back onto their customers – with phrases such as: just monitor your bank accounts against any unauthorised intrusion as a result of our mistakes

Quite frankly TalkTalk are currently in stall / cover-up mode because they really don’t have a clue how many customers have been affected or the long term implications of their negligence and there is really no way they can quantify the numbers involved in this breach. Therefore one must assume that their entire customer base is at risk!

Furthermore, to all accounts, we are being told that much of the data was not encrypted in the first place – which is a fundamental howler that should be severely penalised - and the best the CEO can come up with is that it is not a legal requirement. Oh well! that's ok then!

Make no mistake the ICO has a guilty part to play in all this as does the actual DPA – which is abused almost every day by any organisation one contacts. Even if you ask them the time the reply is generally we cannot tell you because of the DPA; an answer that is borne of complete ignorance of the law and perpetrated by just about every organisation one speaks to because it suites them to take this stance with their customers – for their own ends

This is all very well, but surely it is about time we put a proper price on failure so that companies take more care in the future. After all TalkTalk are now busy off-loading the responsibility for monitoring compromised information back onto their customers – with the inevitable hand wringing and statements about change your password, watch out for targeting by scams etc.

The full impact of this breach may not be known by individuals for months or even years and in the meantime companies like TalkTalk simply walk away from the situation unscathed

Why on earth does a Data Protection Act exist except to guard against this type of eventuality and in order to do this they need to have a proper method of penalising companies that do not handle customer personal details securely

Unfortunately the present position of a block fine seems to be the best sanction/penalty on offer

‘.. In April 2010, the ICO was granted the power to issue fines of up to £500,000 for serious DPA breaches ..’

Now to put this in context let us just assume that TalkTalk has compromised 4 million customers and receive the maximum fine of £500,000 – this means that your personal data as a customer is valued by the ICO at 12.5 pence when in fact your data could probably be sold to hackers for far more than that on the open market. Therefore a  fine of £500,000 is simply  ‘chicken feed’ in the overall scheme of things!

No wonder all these companies are so cavalier with your information because the ICO penalties are so weak that there is simply no incentive for a company such as TalkTalk to exercise a duty of care. After all, even the fine is probably tax deductible so just pay the fine, don’t change their ways and carry on as normal regarding the DPA fines as one of the prices of doing business – wholly wrong!

Well this is not good enough – especially as the maximum fine is per company breach and NOT PER COMPROMISED RECORD

The fines should be on the basis of each hacked record and if the company cannot quantify the extent of the breach then the default it should be on the basis of their entire customer base

One also needs to take account of the potential costs to the customer if compromised, and 12 pence nowhere near meets the expenses involved trying to mitigate the impact or worse still dealing with a raid on their bank account

With all this in mind I suggest one starts with a fine per customer record and not a block fine for the company

The level at which this fine should be levied must be set at an amount that the takes account of the costs incurred by a ‘normal’ customer in taking protective measures when informed their data has been compromised and in this respect a suggested starting figure of £10.00 per customer record for the first company offence rising to £100 per record for repeat offences

The figures now change to a far more respectable penalty for TalkTalk – 4 million customers @ £10.00 each = £40 million fine, which is a far more realistic consumer cost associated with their failure(s) and would undoubtedly be a wake-up call for them to take matters far more seriously

… and for goodness sake let’s stop having these so called X_Spurts (x = unknown quantity & spurt= a drip under pressure) in the media giving bindingly obvious comments because they need to say something and are just as much in the dark as everyone else

Alternatively repeal the DPA because laws without proper sanctions are worthless - over to the ICO to change their penalties – when can we expect these fines to become more realistic?

By the way - from what sparse information is available one would lay odds that the hack was probably via SQL Injection – perhaps TalkTalk should look this up because they are obviously totally in the dark about the whole area

Tags: | Categories: Computers

Apple is a totally shambolic company that woefully fails to meet reasonable expectations over product delivery.

Even speaking to Apple's customer services does not reveal anything and when they are asked difficult questions they simply give up and put the telephone down on you - thereby dodging the issue. Marvellous customer liaison!

Ordered (and paid for) an iPad Mini 5 weeks ago (10 November 2012) from one of Apple's retailers in the UK as a present in time for Christmas

No delivery so far and being given the run around by Apple Customer Services. Their response is, speak to the retailer, with all the ensuing claptrap about data protection, which only ever seems to prevent companies actually providing service or answering difficult questions; never actually benefitting the customer

It is very simple, Apple Computers have released a new iPad Mini range and seem to be incapable of honouring delivery in the UK for products ordered via a retailer and not the Apple web site. From memory this is not the first time Apple have done this and they persistently treat their customers as though they are of no value - well if Apple carry on like this then they will have no customers and their wish will come true

The problem seems to have arisen because Apple have dumped production capacity at a Samsung plant in the aftermath of their patent (IP) scrap with them and failed to ensure adequate capacity elsewhere (AU Optronics-AUO) - totally shambolic and now potential customers suffer because of their abject failures

Only those outside the USA seem to having problems because Apple have now (11 Dec 2012) '.. cut shipping times in half for US and Canadian customers and promising devices will ship in one week ..'

Apple goes on to say '.. other markets where they sell the iPad mini ... including the UK retained their 2-week status ..'

What 2-week status are they talking about, or are they incapable of performing arithmetic as well as delivery because my 2-week status is now running at 5 weeks and counting with no solution in sight?

So blatent discrimination against those outside the American continent, made even more acute if you ordered from a 3rd party retailer rather than Apples themselves - questionnable trading ethics

Yet another disasterous product release by Apple - how long can Apple get away with this sort of behaviour? Surely there will come a time when the customers will have had enough and give them a miss?

Tags: | Categories: Computers