Australia's largest pay TV provider Foxtel has backed away from claims made before the Industrial Relations Commission (IRC) that it keeps no records of call centre employee e-mails. The claims were made by legal representatives for the company during a hearing into an attempt to sack a Foxtel employee for allegedly passing confidential information to a relative after gaining access to her supervisor's e-mail account.
IRC Commissioner John Tolley, a Foxtel customer, then let fly at the pay TV provider about its information security. "As a subscriber to Foxtel, I am now concerned about the privacy of my information at Foxtel if it is so slack and idle as to allow easy access to everything," Tolley said.
"It would appear on the surface to me, at the moment anyhow, that any Tom, Dick and Harry could get into anything at Foxtel, and I better put Mary in there as well so I am not accused of being sexist."
The commissioner has ordered Foxtel to produce the information within a week. Foxtel's customer database is understood to contain details on just over one million current subscribers, in addition to details of lapsed subscriptions.
Foxtel's director of corporate affairs, Mark Furness, found himself in the absurd position of not being able to formally deny the 'no logs' assertion while having to defend the company's information security and privacy of customer details. "There are well established procedures – we put the utmost importance on these issues. I can appreciate what you are asking, but I can't comment further," he said. Computerworld understands that Foxtel management was less than impressed and demanded the transcripts from the hearing, where Foxtel was represented by Baker and McKenzie.
While Foxtel's head of information services Robyn Elliot was unavailable for comment, more considered noises started to emanate from other areas of the organisation. A well-placed source said that Foxtel's systems were "screwed down pretty damn tight". Another source close to Foxtel's Moonee Ponds (Victoria) call and data centre, which deals with subscription sales, marketing and administration said that company e-mail was "definitely" backed-up.
Then, almost as soon as Foxtel's logs were pronounced non existent by its lawyers and unworthy of comment by management, they reappeared from the legal ether. A Foxtel statement said it wished to "clarify reports of its representations to the Australian Industrial Relations Commission… which have misconstrued Foxtel's position. There is no question about the privacy of Foxtel's customer information, which is secure. The matter being dealt with by the AIRC relates to alleged breaches of the Foxtel's employee electronic communication policy, and not the privacy of Foxtel's customer information".
Furness told Computerworld, "I can confirm that we do have records of all e-mail activity by employees and tracking of all employee access to Subscriber Information Systems to ensure their integrity and privacy of customer's information."
Anthony Turco of security vendor TruSecure Corporation warned that a legal minefield existed for enterprises seeking to sack or prosecute employees over unauthorised access and disclosure or IT- security incidents if correct policies were not properly implemented. "I think this employee's got a valid point in requesting the logs. If they [Foxtel] haven't got an operational security policy that they can reproduce in court, they could have difficulty [prosecuting].