Telstra has been warned again for failing to protect commercially sensitive wholesale information from its retail business.
In 2012, Telstra agreed to a structural separation undertaking (SSU) that requires the telco to restrict commercially sensitive wholesale information from its retail business. This is to ensure that Telstra does not give itself a commercial advantage against retail competitors.
The Australian Competition and Consumer Commission (ACCC) reported nine separate breaches of the SSU in the 12 months to 30 June 2015, the telco's most recent reported financial year. The ACCC has found breaches in all four of its reports since 2012.
The ACCC acknowledged that Telstra has improved on its level of compliance with the SSU, but it would continue to monitor the telco’s efforts.
"Similar to previous years, the most common SSU compliance issue in the period was Telstra’s failure to prevent unauthorised disclosure of protected information," the ACCC said in its report.
Telstra blamed the breaches on outstanding issues with its legacy systems as well as a four isolated instances due to “staff errors”. ACCC said Telstra reported these breaches itself.
In one instance, a Telstra retail employee was copied into a wholesale employee email chain by mistake, meaning the retail staffer had access to names of some wholesale customers. Telstra said it ordered the staffer to delete the email and coached staff to ensure the breach wouldn't happen again.
In another case, a former wholesale employee, on her first day in a new Telstra retail position, was accidentally included in an email chain that contained service information for specific wholesale customers.
Telstra said that in November 2014, two call centre teams had the ability to process retail orders while also having access to wholesale customer information. Telstra responded by creating access profiles for staff that masks wholesale customer information.
In the fourth case, a network services employee gave a retail employee information on wholesale services after a customer asked why their retail ADSL order had failed. Telstra said the employees in question have since been trained in the correct procedure.
Telstra kicked off a wide-spread program to fix gaps in its legacy systems which allowed retail staff to view wholesale customer information. Most of the work has been completed, but the project was extended beyond the original 31 December 2014 deadline.
A Telstra spokesperson said the report confirms the telco’s commitment to comply with the SSU.
“The ACCC has reported on some gaps in our systems where access to wholesale customers’ information could be better protected,” the spokesperson said.
“We proactively identified these gaps ourselves and have undertaken a comprehensive program to remediate them. We have worked constructively with the ACCC throughout that program.”
The ACCC said it was pleased with Telstra's progress towards in amending its breach issues.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
