S 5.78 Protection against mobile phone usage data being used to create movement profiles

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Users

When mobile phones are used, for technical reasons it is necessary for the mobile communication partners to be contactable. When one of these partners establishes a connection, information is given away about his location through the act of establishing the connection. This location information could be used by the network provider or service operator, or indeed by a third party, to create a person- or mobile phone-specific "movement profile".

If the creation of movement profiles due to use of a mobile phone is viewed as a threat, then if possible both the mobile phones and the SIM cards should be swapped around among staff more frequently. In this way it is at least more difficult to associate specific phones and cards with a particular user.

If it is desirable that the whereabouts of the user should be concealed at certain times, the only way to ensure this is by switching off the mobile phone. To be quite certain, the battery should be removed.