21 December 2011


Past entries in this blog have noted the permissive stance of the national Privacy Commissioner regarding problems with the Vodafone dealer network and - by extension - with poor practice on the part of Vodafone's competitors.

Unsurprisingly, the deficiencies of the co-regulatory regime are evident in the belated response by the Australian Communications & Media Authority (ACMA) to the large scale Vodafone data breach.

The Australian Communications Consumer Action Network (ACCAN) has criticised ACMA's response to "Vodafail" as revealing "deep flaws" in the regulatory regime [PDF] -
Peak consumer body ACCAN says current and ex Vodafone customers will be left shaking their heads today when they discover that, 12 months on, the telecommunications regulator has let the provider off virtually scot-free for the widespread network, complaint-handling problems that plagued Vodafone customers last summer.
ACCAN goes on to comment that -
Following an investigation, the Australian Communications and Media Authority (ACMA) has issued Vodafone with “directions” to comply with the voluntary Telecommunications Consumer Protection Code.

“These ‘directions’ by the ACMA effectively mean what was a voluntary industry Code is now mandatory for Vodafone,” said ACCAN Chief Executive Officer Teresa Corbin.

“There are no fines and no sanctions that the regulator can issue as a result of this investigation, despite its findings of four serious Code breaches by Vodafone, including customer service representatives giving their customers incorrect and inconsistent advice while experiencing widespread network problems, and failing to adequately identify and address systemic complaints.”

“These network problems impacted on millions of Vodafone customers last summer and were it not for the negative publicity generated through the media picking up on the story, Vodafone might have continued to deny there was any.”

“The media in Australia do a great job but we don’t think holding the telecommunications industry to account should be left to journalists, consumer advocates and members of the public
ACMA notes the national telco regulator "has issued directions to two Vodafone companies requiring them to comply with the Telecommunications Consumer Protections Code (TCP Code)" -
‘These directions are intended to make sure Vodafone remains focussed on improving outcomes for its consumers by increasing the regulatory consequences of any further breach,’ said ACMA Chairman, Chris Chapman.

‘Certainly, Vodafone has made positive changes over the course of this year but, from this point on, if either Vodafone company fails to comply with the TCP Code, the ACMA can approach the Federal Court seeking civil penalties of up to $250,000.’
Crunch the numbers, of course, and the penalty of a few cents per customer sounds somewhat less impressive. ACMA has belatedly concluded that Vodafone Pty Limited and Vodafone Network Pty Limited -
• failed to classify and analyse complaints as required by the TCP Code
• failed to provide timely customer information about network performance issues in late 2010
• had poor systems in place for protecting the privacy of customers’ personal details prior to January 2011.
Vodafone and the rest of the industry are no doubt quivering in their boots.

As I indicated in a conference paper last month, large-scale data breaches in Australia will continue to occur as long as regulators lack the will/capacity to impose meaningful sanctions and shoddy practice - such as that evident in the recent Telstra data breach - is excused as normal (thus acceptable) industry practice.