Telstra privacy betrayal 'must not happen again': Thodey

Telstra CEO David Thodey has issued a firm email to staff warning them to avoid further breaches of customer privacy following the revelation that Telstra had been sending customer URLs to the United States.

Thodey sent the email to all 42,000 Telstra staff earlier this week, stating that customers are entitled to feel that their trust was broken by the company failing to disclose to customers that it was sending web-browsing information of Next G customers to Netsweeper in the US as part of the development of a new internet filter product called Smart Controls.

"The hard reality is it will take months of hard work to win back that trust," Thodey said in the email, which was first leaked on broadband forum Whirlpool.

"These incidents and investigations create an impression that Telstra does not care enough about the privacy of our customers. Not only that, they undermine the great work we have done to improve customer satisfaction, and change the way our customers talk about us," he added.

He said that privacy is the responsibility of everyone within Telstra, and anyone concerned about a potential breach of customer privacy should report it to their manager.

"Our customers' trust is a commodity that's both precious and fragile. It takes months and years to build, but can be broken in one day," he said.

"That's what happened last week. It must not happen again."

Telstra said last week that it stripped most of the personally identifiable information out of the URLs by removing GET variables before passing them onto Netsweeper. However, on Tuesday, the company told ZDNet Australia that personal information contained outside of the GET variable would still be passed onto Netsweeper — although the company later clarified that this would be a "minority" of URLs.

Privacy Commissioner Timothy Pilgrim is waiting for a report from Telstra on its actions before deciding on whether to launch an investigation.