opinion


Data privacy lessons for telcos following Apple’s settlement with an Oregon student

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Eitan Linker, CCO at mce Systems, reviews some recent news concerning data privacy.

Apple recently settled a lawsuit with a student in Oregon regarding racy photos that a third-party repairs company’s employees uploaded to social media—a case that first started in 2016. When the dust settled, it became clear that while Apple had not directly been responsible for the incident, its ability to rely on their third party repair center, Pegatron, has been tainted. Moreover, the issue has raised serious questions around other avenues of user private data abuses and how to best tackle these kinds of incidents.

As mobile devices integrate further into daily routine, the onus of protecting user devices throughout the customer’s lifetime journey becomes increasingly imperative—from the initial device purchase to the trade-in/device upgrade process. There are a number of touchpoints where customers engage with the manufacturers and mobile operators to better protect the user and also the service providers’ and manufacturers’ reputations.

Where regulations stand

Typically when faced with a technical issue, customers turn to a mom and pop shop, their phone service provider, or another third party technical support. In some instances, Customers leave the item with the shop, but are left potentially vulnerable to the whims of the service technician.

A number of countries and American states have created legislation to protect users against these kinds of circumstances, such as the EU’s GDPR and California’s CCPA. Violations of GDPR, for example, can result in up to €20 million fines, or “4 percent of their total global turnover of the preceding fiscal year” for the most severe violations. In the U.S., the statutory fine per media asset breached can be as high as $1 million. And there is still room for more. Moreover, with the Right to Repair movement in full swing across the U.S.—especially in light of these kinds of breaches—states will need to pass more legislation to safeguard consumers from non-certified repair businesses and centers servicing devices.

But while legislations and punitive punishments may act as deterrents and warnings to companies to ensure their operations are squeaky clean, there’s plenty left to be desired, such as drawing on the complexities of who retains responsibility for such a breach. In the particular case of the Oregon student, both parties can be arguably liable for negligence. Instead, rather than react to instances like this, telcos and mobile device manufacturers can and should take more proactive approaches to data privacy, while government institutions should tighten regulations.

Expanded measures to protect consumers

Consumers now have a variety of options to have their mobile devices repaired. And because devices can be sent for repair via a number of different tracks, depending on customer preference, there is an importance to incorporate technical checks and balances. At the actual point where the device is sent to the service center—in the event a customer goes through a mobile operator or vendor-locking manufacturer for a repair—service providers should ensure that diligent records are maintained on the repair service. This means tracking the process in a digitized fashion where repair and device inspection can be documented from start to finish, through an auditable system-of-record. In the event of service misconduct or a data breach, service providers must be held accountable fiscally with third-party underwriters indemnifying the victimized customer.

While customers leave their devices for repair, they should be reminded to keep track of their IMEI and serial numbers in order to later track if suspicious activities took place during the repair period. These device details can provide customers with a peace of mind and improve customer awareness about staying up-to-date on on-device activity.

Even in the event of phone trade-ins, wherein the customers old device is submitted to a repair center to be wiped, customers should be instructed to remove their device lock in order to enable the service team to properly wipe a device clean. If not, breaking through the lock could render a device a “brick,” making it impossible to repurpose.

These kinds of protocols can only be enforced by increased legislation from governments, who must provide extended oversight to service providers, in order to avoid more instances of data privacy abuses. As consumers continue to become increasingly savvy about data privacy protections and the functionality of their devices, which have become essential to daily routine, companies will be forced to keep up. Mobile operators would be best served to gear up.

 

Eitan Linker, mce Systems’ Chief Commercial Officer, is an experienced telecommunications executive with over 30 years of commercial experience, having worked across B2B and B2C markets. He brings with him a finance MBA from Heriot-Watt University and has developed skills in marketing management, mobile content, sales, international business, and go-to-market strategy. Eitan also has a demonstrated track record of building and executing commercial sales initiatives for leading-edge technology companies.


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Polls

Sorry, there are no polls available at the moment.