Thursday, October 9, 2008

Deutsche Telekom to Establish New Data Privacy Standards

Deutsche Telekom affirmed its intention to significantly improve data privacy in the interest of its customers by increasing transparency and optimizing data privacy standards. A new Data Privacy Board department will be established to send out a clear signal in terms of the significance of data protection in today's information society. To this end, data privacy, legal affairs and compliance are to be combined and significantly reinforced as one area of responsibility.

In addition, Deutsche Telekom is launching major initiatives to increase customer data security throughout the Group. These include:

  • Deutsche Telekom will provide online information about data protection incidents undergoing criminal investigation. Thus, Deutsche Telekom will take the lead in meeting the obligation to furnish information, a subject which is still being debated at the political level.

  • A yearly data privacy report will be launched and supplemented by a half-yearly interim report. The first report is scheduled to be published in the first quarter of 2009.

  • In the future, Deutsche Telekom will voluntarily have its customer systems certified by independent providers (such as TÜV IT). In addition, independent security companies will be asked to systematically analyze the systems and search for weak spots.

  • The setting up of an independent data privacy council comprising leading experts from supervisory bodies and independent organizations will ensure a critical dialog with renowned experts.

  • Responsibilities in customer care will be defined more strictly and access to data decreased. Data access will be systematically logged and administrators more monitored.

  • Access of external sales partners and staff to DT systems will be restricted. Currently, PIN/TANs are being introduced for accessing sensitive databases in order to prevent unauthorized access from external processors to our systems.

  • An "expiry date" for user IDs is being introduced so that user IDs regularly expire and have to be renewed. In addition, the use of fixed IP addresses is being increased so that employees and sales partners may access the systems only from specific computers.

  • The widespread introduction of terminal systems will prevent decentralized storage of customer data.

  • In order to protect the data of particularly vulnerable individuals there are plans to develop a concept in cooperation with the Federal Criminal Police Office and the police.

"We are not aiming for a program that will be completed in three to five years. Rather we are establishing a new fundamental and permanent approach to data privacy", says René Obermann, Deutsche Telekom's CEO.