Steps Telephone Companies Could Take to Protect You
A text message requesting confirmation of each request for information pertaining to the subscriber’s telephone records should be sent to the subscriber’s cell phone, and the requested confirmation should be received by the telephone company prior to releasing the requested information.
Develop comprehensive internal policies pertaining to the handling of customer information/data.
Employers should provide their employees with training in safe information handling practices, and all employees who handle sensitive customer information should be required to attend.
Never send customer billing information to fax numbers, email addresses or postal addresses that the operator cannot verify are owned by the customer.
Require that requests for account information be accompanied by a secure personal identification number (PIN) or password. While customers can often request such security measures, most customers do not know that requests for such measures can be made, and most customers have not been adequately informed of the risks of not securing their accounts with unique identifiers (e.g., passwords or PINS). These security measures should be made requisite by telephone companies and other service providers.
Implement an internal auditing system that can track anomalies/deviations in patterns of information dissemination and data access by their employees.
More from the CFC Education Foundation