T-Mobile has been a victim of a “rogue employee”, according to London law firm Field Fisher Waterhouse.
The firm’s data security partner Stewart Room said that T-Mobile had “acted impeccably” in handling the situation by informing the Information Commissioner of the data breach at an early stage and this should be reflected in how the network is deal with in a trial.
“At this stage it is not possible to say whether T-Mobile failed in its obligations under the Data Protection Act. A determined criminal is a threat that is often very difficult to detect in a large and complex organisation,” said Room.
“It remains possible that the Information Commissioner might wish to consider taking enforcement action against T Mobile. However, that would be a rough outcome.
“Regulatory regimes should encourage and reward the adoption of good behaviours and on the face of the news coverage T-Mobile has behaved impeccably.
“It should be kept in mind that T-Mobile is also a victim of its employee’s criminal behaviour, just like its customers.”
Room added that companies should adopt appropriate measures to keep data secure, such as taking steps to assess the reliability and performance of people working with data.