August 20, 2018

Exclusive: How safe is your ‘private’ information stored in the databases of private food delivery chains and call centers? Digital Rights Monitor investigates

ISLAMABAD, 15 November 2017:  Call center representatives of renowned fast food chains in Pakistan are casually doling out personal information of their customers without any verification.  This was revealed in an exclusive investigation carried out by Digital Rights Monitor. 

Fast food chains use services of various call centers for taking orders via telephone. The call centers, some of them own and operated by the fast food chains themselves, store enormous amounts of customer data, such as their mobile phone and landline numbers, home and office addresses and even addresses of their previous residences. This data is stored for a substantially long time without the knowledge or explicit permission of customers.

This personal data stored in a private, commercial database has a very high likelihood of being used for commercial purposes, or even abused, in some cases. Most of these private corporates remain unaccountable in the absence of data protection laws for the potential abuse of customers private information.

Digital Rights Monitor tested this with various food delivery services in Islamabad including Pizza Hut, McDonald’s, and KFC. Two team members pretend-called to ‘order food’ using their mobile phone numbers, impersonating a female colleague. The call center representatives, without even an informal verification, repeated the office and the home address of the colleague they were impersonating. On further inquiry, the call center representative also revealed the last food item ordered, the time and date when it was ordered and also the place where it was ordered. 

The team also recorded the conversation that took place with representatives which can be seen below.

Digital Rights activist Furhan Hussain expressed deep concern at the casual behavior. While talking to the scribe he said: “It is unfortunate that corporations have a very narrow idea of good service delivery which is often limited to ensuring a smooth sale.”

He noted that such practices not only reinforced the need for a data protection law but also warranted that companies began taking the privacy of consumer data seriously.

Pakistan has yet to enact a legislation to ensure data protection. Earlier, Digital Rights Monitor’s investigation revealed that the Ministry of Information Technology and Telecom was still working on the draft of a data protection law. While State Minister of IT and Telecom Anusha Rehman and other senior officials at MOITT insisted that the draft data protection act will be open for consultation “soon”, sources within MOITT revealed that it was highly unlikely that the consultation process will commence anytime soon. They also revealed that act wasn’t likely to be passed within the current tenure of the parliament.

No comments

leave a comment