CyTA data was passed on in 22 instances

POLICE HAVE information on 22 cases in which personal telecommunications data had been disclosed illegally, the Nicosia District Court heard yesterday during the remand hearing for a CyTA employee and an  ex police officer.

The two, who were arrested in connection with charges of stealing confidential telecommunications data were remanded for eight days.

The 35-year-old employee of the Cyprus Telecommunications Authority (CyTA) and the 40-year-old private detective and former policeman were arrested on Wednesday following investigations into a complaint by a CyTA subscriber. Both men are from Limassol.

Police spokesman Michalis Katsounotos said police had information on 22 cases where personal telecommunications data had been disclosed illegally.

The CyTA employee is one of two people, the other being his boss, who operate a system covering mobile phone data, from where the information was allegedly taken and handed to a third person illegally.

Reports said police were convinced that the date theft came from the employee and not the boss as the 35-year-old had allegedly entered the system at the same time as his superior was giving a statement to police.

The employee is believed to have stored telecommunications data beyond the legal boundary of six months and then passed that information on to a third person. Police said that one computer confiscated from the his office in Amathounda showed that personal data from 2008 had been stored on a memory stick, which police are now looking for.

CyTA Chairman Stathis Kittis yesterday said the employee was being monitored since October, and found to be in communication with the private detective. He said police were fully informed so that the organisation could clear its name.

Katsounotos yesterday hailed CyTA’s decision not to try to cover up the violation of personal data laws by an employee. “It demonstrated that it has the necessary mechanisms and safeguards and clamps down on completely unacceptable actions,” he said.

“If CyTA wanted to keep it in the dark, it could have done so by not making it public,” he added.

He clarified that investigators were aware of only 22 cases of confidentiality violation and that no names of subscribers had been disclosed. “The interception of telecommunications data does not concern the content of telephone exchanges but data regarding the number of the caller, the person receiving the call, the date, time and duration of the call,” he said.

However, Chairman of the House Legal Committee, Ionas Nicolaou, was more critical. He argued that the control mechanisms of CyTA were not satisfactory, and that the incident was only discovered after a complaint had been made and not in the course of checks.

“This incident shows us the need for an improved system of monitoring and protecting the confidentiality of communications data. An authority for the protection of confidential communications data might be the solution offered as is implemented in most EU countries,” he said.

For this to happen, parliament needs to amend Article 17 of the Constitution by a qualified majority, something which has been discussed for the last 11 years. The issue will go before parliament again on March 11.