Thousands of people have been affected by a privacy breach, which means their information could be in phone books without their permission. Photo / NZME
Thousands of New Zealanders could have seen their information published in telephone directories without their permission.
The problem was discovered after Spark and Yellow conducted an audit in November and found that “several thousand” people did not have the requested rating preference, Spark spokesman Richard Llewellyn said.
“We worked with Yellow and fixed most of the discrepancies, but some were published in the print version,” he said.
The thousands of discrepancies also extended to people who indicated they wanted their contact details omitted, and specifications for companies listed with private personal information omitted.
Those affected by the errors received letters from Spark, Llewellyn said, and the Office of the Privacy Commissioner had been notified.
Spark apologized to those concerned and advised those concerned about their immediate safety to contact the police.
“From those letters, 60 people contacted us and 59 of them were people who wanted to be listed in the phone book,” Llewellyn said.
Llewellyn said he understands most people have “benign” reasons for not being listed, but in some cases it could be more serious.
He did not say whether compensation would be possible for affected customers, but said Spark would work “on a case-by-case basis.”
Spark was “not pointing fingers” and the cause of the privacy breach was under investigation, he said.
“They are our customers … and we will do our best to do the right thing for them.”
Yellow chief executive Michael Boersen said the company relied on telecommunications companies to provide it with information.
“It is up to telecommunications companies, like Spark, to provide us with precise details of their customers’ registration preferences for publication in our printed telephone directories, online at whitepages.co.nz and via 018 Directory Assistance.
“Yellow has worked closely with Spark to help correct the registration preferences of some of their customers since we learned in November that some registrations did not match.
“We carefully follow the process for confidential, unlisted or unpublished requests provided to us, and we take this very seriously.”
Llewellyn said Spark had encouraged other telecoms to audit the information they shared with Yellow.
Llewellyn said Spark has encouraged other telecoms to audit their information shared with Yellow.
Vodafone spokeswoman Andrea Brady said their customers had not been affected.
“We are aware that Spark has dealt with it … We have looked at our relationship with Yellow and we don’t think any of our customers have been affected by it. We have different processes and things in place,” she said. .
The Office of the Privacy Commissioner was aware of the breach, spokesman Charles Mabbett said.
“Obviously, the most concerning aspect of this is the number of customers in the printed phone book without them wanting to.”
Mabbett said Spark followed “data breach best practices” by establishing an 0800 number to deal with affected customers.
If someone felt aggrieved by the privacy breach, they should file a complaint with the bureau, Mabbett said.