Information Age: News, analysis & insight for IT & business leaders

Telco confesses that test run for market analytics product Phorm used live customer data without permission; customers threaten lawsuit

UK telco BT has admitted that it used business customers’ data in a trial run for market research software without having asked for permission to do so. Affected customers are considering legal action against the company, saying that BT’s actions compromised data security.

In 2007, a BT Business customer alerted the media after noticing that business transactions he conducted online using BT’s services were being redirected to an unknown URL. When quizzed, the company denied that any such redirects were occurring.

BT this week confessed that it was indeed using some of its customers’ data testing the controversial Phorm online analytics tool. But the company insists that no personal information was compromised during the test.

“Absolutely no personally identifiable information was processed, stored or disclosed during this trial,” BT said in a statement. “As with all service providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose.”

Phorm, a web analytics package, has been accused of being ‘spy-ware’. The Open Rights Group (ORG) last week called for more details about Phorm – which has been trialled by BT, VirginMedia and TalkTalk – to be released to the public. ORG suspects that the software invades the privacy of web users.

“Until we know exactly how Phorm works, and across whose networks our data will flow, speculation about the privacy implications will continue”, said ORG.

Further reading

BT confesses lies over secret Phorm experiments - The Register

Phorm: Your questions answered - BBC

Taxman to eavesdrop on the web

The ID dilemma Protecting customers’ online identities while preserving the convenience of online transactions is a major business challenge

Find more stories in the Security & Continuity Briefing Room