Sentech counts musicians Johnny Clegg and Mauritz Lotz, former Springbok Ollie le Roux, deejay Tony Blewitt, Classic FM chairman Hylton Appelbaum and SABC chairman Eddie Funde among the clients of its Internet access service, MyWireless.
How does the FM know this? It shouldn't. But last weekend, a Sentech employee mistakenly e-mailed the company's customer database, including private e-mail and residential address details, to this journalist, who also happens to be a MyWireless customer. The employee e-mailed the document to 80 Sentech subscribers, according to public & media relations portfolio manager Maureen Mphatsoe.
The document, a Microsoft Excel spreadsheet, also contains the personal contact information and home addresses of members of Sentech's management team, including CEO Sebiletso Mokone-Matabane.
The e-mail raises serious questions about the management of Sentech's internal processes and concerns about how the company treats confidential client information.
It appears that a Sentech call centre operator was given the customer spreadsheet and told to use the details therein to e-mail MyWireless customers with a Microsoft Word document detailing the company's policy on acceptable use of its network.
The Sentech employee in question, when sending the e-mail, attached the client database in addition to the Word file. He repeated the mistake 80 times.
The FM contacted Sentech on Monday morning to alert it to the error and to get comment. Within an hour, we had received a panicky phone call from a call centre operator apologising for the "inconvenience" and asking us to delete the e-mail.
Attorney and IT law specialist Lance Michalson says this is a classic example of a company not having proper information security measures to protect customers' personal information. "Sentech appears not to have applied the most basic principles [of information security]," he says.
However, because there have been no legal cases in SA related to information privacy, and because there is no legislation that specifically deals with the protection of the right to privacy, it's unlikely Sentech's clients could mount successful legal action against the company for breach of privacy.
"It is precisely for this reason that the SA Law Commission began working on drafting a comprehensive national data privacy act," Michalson says.
Mphatsoe says the breach is a big concern to Sentech, particularly given that it could end up in the hands of someone prepared to sell it to a competitor or to a spammer (someone who sends unsolicited commercial e-mail).
"It was an honest human error, but we understand the impact. It is very serious," Mphatsoe says. "Make no mistake, we will do everything in our power to ensure that it does not happen again."
