The BBC and their TV Licensing revenue collection arm are often very keen to highlight the efficiency of their massive database of invasive personal information.
If you believe everything TV Licensing say, not that we do, then their database holds information about the licensable status of 31 million addresses. It also contains the names, contact details and payment information of those 25 million individuals and organisations that choose to have a TV licence. That's a massive amount of confidential personal information that TV Licensing holds on behalf of the BBC.
Earlier today the BBC released information about the number of times TV Licensing has failed in its statutory duties to protect that confidential personal information in accordance with the Data Protection Act 1998. A massive hat-tip to Dr Jackson, the requestor, who has kindly forwarded us the BBC's eventual response and asked us to write about it.
The initial request was for the following information:
1. The number occasions that TV Licensing has lost or unintentionally released customer personal data. Please provide this as an annual breakdown from 2005 to the present time.
2. For each occasion given in response to question 1:
- The number of customers whose data was involved;
- The nature of the data compromised (e.g. addresses, phone numbers, payment details).
3. The number of times TV Licensing has reported data breaches to the Information Commissioner's Office. Please provide this as an annual breakdown from 2005 to the present time.
The figures, published on WhatDoTheyKnow.com earlier today, make very interesting reading.
Between 2007-09:
There were 9 incidents involving the loss or unintentional disclosure of more than 3500 customers' personal information. The BBC admits that in one case it has not recorded the number of individuals involved. Most of the data compromised were names, addresses and licence details. The bank account details of approximately 1000 individuals per year were compromised. The full payment details of 300 individuals were compromised.
Full details are shown below:
In 2010:
There were 6 incidents involving the loss or unintentional disclosure of 241 customers' personal information. Most of the data lost were names, addresses and licence details. The court papers of 35 individuals were compromised.
Full details are shown below:
In 2011:
There were 6 incidents involving the loss or unintentional disclosure of 3331 customers' personal information. Most of the data lost were names, addresses and licence details. Completed TVL178 (Record of Interview) forms relating to 30 individuals were compromised. These forms contain the personal details of individuals interviewed on suspicion of TV licence evasion.
Full details are shown below:
In 2012:
There were 12 incidents involving the loss or unintentional disclosure of 699 customers' personal information. Most of the data lost were names, addresses and licence details. The payment and bank details of 98 customers were compromised.
Full details are shown below:
In 2013 (to 25th August):
There were 13 incidents involving the loss or unintentional disclosure of 203 customers' personal information. Most of the data lost were names, addresses and licence details. The names of 57 TV licence evasion defendants were compromised. Completed TVL178 (Record of Interview) forms relating to 25 individuals were compromised. These forms contain the personal details of individuals interviewed on suspicion of TV licence evasion.
Full details are shown below:
It is a matter of grave concern that TV Licensing continues to lose sensitive personal information like completed TVL178 forms, even when they have previously promised to "tighten" their systems in response to earlier losses. It is also worrying that the BBC admits it took them "close to the 2.5 day limit" to retrieve the information requested, which again demonstrates how little oversight they have into the actions of their TV Licensing contractors.
You would think that the BBC, as the body with statutory responsibility for collecting customer data, would have a keen interest in how that data is secured. Apparently, in common with a lot of matters, they're happy to rely on TV Licensing's word that all is rosy. The BBC is abdicating from its statutory obligations in this regard.
You would think that the BBC, as the body with statutory responsibility for collecting customer data, would have a keen interest in how that data is secured. Apparently, in common with a lot of matters, they're happy to rely on TV Licensing's word that all is rosy. The BBC is abdicating from its statutory obligations in this regard.
Again it seems that the BBC and TV Licensing are very bad at learning from their mistakes. Quite simply, they cannot be trusted to safeguard customers' personal information.
If you've found this article of interest please share it with your friends and help spread the word.
Edit (17/10/13): Inspecting the BBC's Disclosure Document we have just noticed another comical/farcical twist in this story. If you look at the destinations of the hyperlinks in the document it gives a bit more information about each case. For example, if you hover over DPI-2009-09 you'll see it relates to fraud by a Capita TVL employee; If you hover over DPI-2009-015 you'll see that it relates to the loss of Mrs Kelly's address; If you hover over DPI-2009-016 you'll see that it relates to the loss of Mrs Marshall's bank details; If you hover over DPI-2012-97 you'll see that TV Licensing sent one customer's bank account details to another; If you hover over DPI-2013-001 you'll see that a TV Licensing goon left a completed receipt book on a bus.
Unbelievable. Talk about effing incompetence!
Edit (17/10/13): Inspecting the BBC's Disclosure Document we have just noticed another comical/farcical twist in this story. If you look at the destinations of the hyperlinks in the document it gives a bit more information about each case. For example, if you hover over DPI-2009-09 you'll see it relates to fraud by a Capita TVL employee; If you hover over DPI-2009-015 you'll see that it relates to the loss of Mrs Kelly's address; If you hover over DPI-2009-016 you'll see that it relates to the loss of Mrs Marshall's bank details; If you hover over DPI-2012-97 you'll see that TV Licensing sent one customer's bank account details to another; If you hover over DPI-2013-001 you'll see that a TV Licensing goon left a completed receipt book on a bus.
Unbelievable. Talk about effing incompetence!
No comments:
Post a Comment