Screenshot of TalkTalk home page, updating customers on the recent cyber-attack

After TalkTalk hack, should the government think again on plans to expand personal data retention?

On Thursday, I blogged about why you should be concerned about the government’s plans to expand online surveillance as part of the forthcoming Investigatory Powers Bill, even if you subscribe to the “I’ve got nothing to hide” school of privacy.

By unhappy coincidence, on the same day I was writing about how obliging internet service providers and other communications providers to collect and retain more information about its customers will create golden opportunities for criminals, TalkTalk first announced it had been the victim of a cyber-attack and personal and banking details of current and past customers may have been accessed by hackers.

Impacts of personal data theft

In the days since TalkTalk went public with the news, more details of the attack have emerged and there have already been reports of money going missing from people’s banks as well as the all-too predictable scam phone calls. It’s also terrible but not exactly a great shock to read that TalkTalk may not have even taken steps to encrypt all its sensitive data. As I sat down to write this around Saturday tea time, I’ve just read that TalkTalk are now saying the hack may not have been as bad as initially feared, breaching their website but not their core system.

Investigatory powers bills: mo data, mo problems?

However bad the TalkTalk eventually hack turns out to be (and we may never know precisely how much personal data the criminals got away with), I hope this latest incident focuses the minds of MPs and the wider public on the wisdom of ever greater personal data collection and retention.

Should the Investigatory Powers Bill becomes, communications companies including TalkTalk will be required to store detailed customer records, covering everything from browsing history, email conversations, social media use and WhatsApp messages. If it turns out TalkTalk has not adequately secured the much more limited information information it collects on customers at present, can we realistically trust them and other companies to do a better job when faced with managing far larger amounts of personal data?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s