Blaming the CISO … Yet Again


 Since I began writing this column, which discussed AT&T’s iPad issue, AT&T was reported to have experienced another privacy breach, this time during the heavy use of its registration site when the latest model of the iPhone became available. This was reported in The Wall Street Journal of June 16, 2010 in “AT&T Flooded By iPhone,” by Niraj Seth and Roger Cheng. The article states that “… in certain cases [the website] appeared to reveal subscribers’ personal information to strangers,” and that the Federal Trade Commission is aware of the problem.

In the article, AT&T Chief Executive Randall Stephenson, who was talking to media and investors during the development of the iPhone registration problem, was reported to have responded with the following in answer to a question about the iPad (not iPhone) breach: “… privacy issues are important and … a failure to prevent more serious breaches of network security would stall the growth of the mobile data market.” In an interview, Mr. Stephenson went on the say: “Customer privacy, data privacy is critical. We take this very seriously.” It is clear from the article that Mr. Stephenson is supportive of protecting customer data because doing so will enable AT&T to grow its mobile business  … and not only because privacy protection is a legal and regulatory requirement. I would have thought that privacy advocates would be all over this one, except that everyone’s anger was being directed at BP CEO Tony Hayward.

As for me, I think that it is less important what the motivation is for C-level management to take security and privacy seriously than them actually doing something. So now, back to the primary topic …

Post a Comment

Your email is never published nor shared. Required fields are marked *