UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

 

 

Form 6-K

 

 

REPORT OF FOREIGN PRIVATE ISSUER

PURSUANT TO RULE 13a-16 OR 15d-16

UNDER THE SECURITIES EXCHANGE ACT OF 1934

For the month of October 2008

Commission file number 001-14540

 

 

Deutsche Telekom AG

(Translation of Registrant’s Name into English)

 

 

Friedrich-Ebert-Allee 140,

53113 Bonn,

Germany

(Address of Principal Executive Offices)

 

 

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F.

Form 20-F  x    Form 40-F  ¨

Indicate by check mark whether the registrant by furnishing the information contained in this form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934.

Yes  ¨    No  x

This report is deemed submitted and not filed pursuant to the rules and regulations of the Securities and Exchange Commission.

 

 

 

---

New member of Deutsche Telekom Board of Management presents findings of investigation into data misuse

Oct 29, 2008

Deutsche Telekom today announced more findings concerning breaches of data privacy regulations and the investigation of additional incidents. The new Member of the Board of Management responsible for Data Privacy, Legal Affairs and Compliance, Dr. Manfred Balz, explained the incidents the company is now investigating. “Data privacy is now represented directly at Board of Management level: As the new Member of the Board of Management, I am personally committed to the issue,” Balz emphasized. “At the same time, I extend this obligation to every manager and employee who has to do with the privacy and security of customer data.”

In addition to data privacy and data/IT security, the new Board of Management department also incorporates the areas of Legal Affairs, Compliance and Commercial Criminal Law. The central task is to protect Deutsche Telekom from breaches of internal and external regulations. The new Member of the Board of Management represents the principle of a check and balance for the Group Security department and the operational units of the Group: Operational responsibility is being separated from the supervisory function, which is now in the hands of Dr. Balz. He is equipped with comprehensive rights of information and control to implement his strategies and policies. The new Member of the Board of Management has a right of veto over all business decisions relating to customer data.

At the beginning of October the Board of Management tasked Group Internal Audit with the review of measures taken within the Group in response to the theft of 17 million sets of customer data in 2006. A report has now been submitted. The investigations were in response to open questions generated by the most recent findings relating to the theft of data.

The report concludes that the measures initiated by T-Mobile in 2006 to recover the stolen data and to prevent its broader distribution, for example by quickly calling in investigative authorities, were correct, but that there were shortcomings in the subsequent organizational pursuit and processing of the case. Of particular concern was the supervision of the employees carrying out the investigation, the methods used and the steps taken to recover the data from third parties.

It has now become clear from internal information that security employees analyzed call data of around 20 individuals in the course of their search for the perpetrators. In addition, there was at least one case in which call data was acquired from a domestic competitor and from a foreign company. The five managers and employees who had operational or organizational responsibility in these cases have been suspended from their positions until further notice.

The numerous internal measures taken to improve data privacy are supplemented by a range of external measures. Dr. Balz cited as an example the establishment of a data privacy council to be made up of leading data privacy experts from independent organizations, academia and business. Further measures include the Internet portal launched to deal with incidents relating to data privacy, the annual data privacy reports, certifications under data privacy law and vulnerability analyses of systems by external security companies.

---

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

 

Date: October 29 2008