Two back of house call centres for Telstra accessed protected information due to system errors causing a breach reported to the Australian Competition and Consumer Commission according to a report in The Australian authored by Supratim Adhikari.
Telstras legacy systems continue to cause it headaches as the telco progresses down the road of structural separation, according to the latest update on the process released by the competition watchdog.
The Australian Competition and Commission (ACCC) said that while Telstra has lifted its game when it comes to securing sensitive wholesale data from its retail staff, its efforts have been hampered by legacy IT systems and staff error.
According to the report, the compliance issues largely arise from the legacy systems not being designed to deliver the outcomes required by the undertaking.
Limitations in the manual safeguard processes established by Telstra and errors made by Telstra staff in the course of their day-to-day work have also contributed to breaches.
Telstra signed the Structural Separation Undertaking (SSU) in 2012 and four years on is still working to ensure that the confidential or commercially sensitive wholesale customer information that it holds is not used to give its retail arm an advantage over the competition.
In one case, two of the telcos back of house call centre teams accessed protected wholesale information to process retail orders. Both teams had a limited retail business role and were able to access the data, owing to a system error that failed to identify the call centre as part of a retail business unit.
Sales constitutes a very small part of their job and is only done in response to a request for a new service by the retail customer who calls in to Telstra for another purpose, Telstra told the ACCC.
They were therefore not accounted for in the remediation of systems previously notified to the ACCC.
This incident was one of four breaches Telstra disclosed to the ACCC.
The telco has been upgrading its legacy IT systems for over a year and has completed its remediation for all but two of the affected systems. In addition the telcos has also taken measures to better inform of system changes and their obligations with regards to access or use wholesale customer information.
Telstra is working to address the outstanding IT issues in co-operation with the ACCC and input from an external consultant.
In the meantime, Telstra has taken temporary measures to contain the risk associated with retail business unit staff having access to protected information, the report said.