T 5.11 Loss of confidentiality of data stored within PBX installations

Within PBX installations, personal and in-house data are stored on hard disks for a prolonged period of time. In this case, personal data are: charging infomation, configuration data, privileges and, in instances, data for electronic telephone directories, passwords and job account numbers.

Such data can be read and modified by the administration staff. The nature and extension of such tampering depends on the type of the given installation and, where provided for, on the granting of rights. Administration staff have this possibility both at the site and through remote maintenance. In case of external remote maintenance, the person entrusted with this task (normally the manufacturer) has this possibility at any time!

The hard disks are often taken to the PBX manufacturers for an upgrade of system software. This means that personal data can be read by the respective manufacturer.