The office of Attorney General Philip Ruddock has warned companies operating in Australia to take the Privacy Act and its penalties seriously, regardless of where their offshore call centre or IT operations are handled.
The hard line from the AG follows damning revelations on the ABC's Four Corners program on Monday night that a black market is thriving in highly sensitive, personal and financial details of Australians sourced from offshored call centres operating in India.
The Four Corners report revealed that personal details of Australians leaking from customer databases in India include names, addresses telephone numbers, birth certificate details, Medicare numbers, driver's licence numbers, ATM card numbers and in some cases, passport numbers.
The ABC report also traced some customer details it obtained on the black market in India back to their Australian legitimate owners - Kevin and Dianne Poole - who were shocked by the accuracy and breadth of personal detail on them the ABC had obtained.
"Marital status, number of dependants, type of ID. Asked for a licence number. Time at this address, occupation. They know everything. Employment, job title, employer's business name," Mrs Poole told the program.
Asked what duty of care was owed to customers by companies which offshored their business processes to low-cost destinations, a senior adviser to Ruddock told Computerworld the existing laws, particularly the Privacy Act, covered such situations.
However, the adviser conceded the Four Corners revelations appear "disturbing", adding his minister will take advice from the Privacy Commissioner in relation to how to best address the issue.
He added that while offshoring remains "a business and legal decision", for individual companies to make, existing laws also allow for substantial penalties to be imposed on companies which are found to be in breach of the Privacy Act.
Four Corners reporter Quentin McDermott told Computerworld his trip was triggered by a question of public interest after credible international report claimed data on Australians stolen from Indian call centres was easily purchased.
"We were told it was much easier to get details than we first thought ... we were trying to find out if data on Australians was on offer. We think we established it was," McDermott said.
The Australian company revealed to have lost customer details to the black market in the Four Corners expose, Melbourne-based customer service outsourcer 1TouchSolutions was not available for comment, with phones diverted to an answering machine.
The company's Web site, www.1touchsolutions.com was also unavailable at time of publishing.
The company was, until recently, retained by Telstra reseller Switch Mobile, which claims to have terminated contracts with 1TouchSolutions following enquiries by the ABC.
Advice for Switch Mobile customers with concerns for their personal information is available at http://www.switchmobile.com.au with both the ABC and Switch Mobile having passed on details of the alleged data theft to the Australian Federal Police.