The privacy investigation comes after just under 20,000 customers signed on to a class action lawsuit targeting Vodafone over network issues that caused poor reception, dropped calls and delayed voicemail and SMS. The email documents, sent over the first half of last year, show that staff at Comms Direct, which acts as an agent for Vodafone, had top-tier access to the database containing personal details and call records of all of Vodafone's customers. These sensitive details, contained in a system provided by software maker Siebel, could be accessed by Comms Direct call centre staff without customers giving their permission. Comms Direct's managers instructed staff to use the system to search for customers who were approaching the end of their contracts with Vodafone and to offer to re-sign them with a better deal. "Take a look at the spend and usage. See if we can offer a better deal and then close them," one wrote in an email. This method was used to acquire customers from other Vodafone dealers, who may not have the same level of access to Vodafone's customer database. It was referred to internally as "Siebel farming" and the email evidence includes complaints to Comms Direct from dealers who lost customers as a result of the practice.

"Other dealers would say we built up the relationship, they fell into our database, you took advantage of the system and accessed it and stole our customers - internally there's lots of issues that way," said a former Comms Direct staff member, who spoke on condition of anonymity. The dealer earns more commission from connecting new accounts than upgrading existing ones, so managers encouraged staff to call Vodafone customer care, pretend to be the customer, and ask that the original service be disconnected, sources said. The dealer could then sign them up as a new connection, with individual sales staff receiving double the normal commission ($50 instead of $25). However, in some cases, Vodafone has failed to disconnect the old accounts and customers were unwittingly left with multiple accounts and multiple charges. "Anyone who does a wireless broadband sale to a male customer needs to take ownership of calling customer service to have the old wireless broadband disconnected," a manager wrote in an email to staff in March last year, adding that by doing so they would earn an additional $25 commission.

"If it is a woman customer that you are making a sale to, this will be still classed as a new connection as the operations team can disconnect these girls over the phone." Comms Direct's website says it is "Vodafone's largest premium partner". This website has also seen evidence that on several occasions last year at least one Comms Direct staff member accessed the unbilled call history of a man and forwarded the details on to a private Hotmail account. Other internal Comms Direct emails suggest the dealer engaged in "SIM stacking", whereby extra mobile numbers are added to a business customer's account without their knowledge. This helps dealers earn more commissions and hit their monthly connection targets, a source said. In one email, a customer emailed a manager to ask why they were given 11 phone numbers when they needed only one. The manager replied that "the rest are spare".

Vodafone Hutchison Australia, Comms Direct and the NSW Police have been provided with the documentary evidence containing the above allegations. NSW Police said it had assigned an officer to examine the allegations, while Comms Direct said it was drafting a response but this had not arrived at the time of publication. Vodafone refused to respond to the individual allegations but said it had "already taken action to address" the issues and some sales staff at Communications Direct who were involved in the activities no longer worked there. Vodafone said it had also restricted access to its systems "to prevent this type of unauthorised business practice". "VHA takes all allegations of unethical business practices extremely seriously and as a direct result of issues raised by VHA, a number of staff from Communications Direct had their employment terminated last year," a spokesman said.

However, the top managers who were revealed in the email documents to have condoned some of the activities are all still employed at the company. "If a blind eye is turned to this kind of chicanery where does it end and who takes responsibility? Does Vodafone just wash its hands and say well it's the dealer's responsibility?" said Christopher Zinn, spokesman for consumer group Choice. "When consumers go to a shop and it says Vodafone on the outside, they are not necessarily cognisant of the difference between what is a Vodafone store and what is a Vodafone dealer store." This month it was revealed that the personal details of millions of Vodafone customers, including their names, home addresses, driver's licence numbers and credit card details, had been available on the internet. They could be accessed using generic login details that unscrupulous dealers reportedly gave or sold to people, including criminals. Vodafone said it had implemented a number of security measures to prevent similar security breaches in future. It would not detail what these were, but, in an email sent to dealers on Wednesday, Vodafone said it would now require each dealer to provide a static IP address for their internet connection in order to access the customer database.

This would allow Vodafone to track which stores are accessing particular pieces of information and ensure that they only accessed the database from the store itself. However, Elissa Freeman, policy director for the Australian Communications Consumer Action Network, said the step came "after the horse has bolted". "ACCAN is concerned that it may in fact not be possible for Vodafone to trace back and uncover which customers have had their privacy breached, by whom, and what information has been passed on to who, for what purpose," she said. "If this is the case then Vodafone needs to be upfront and inform all its customers directly, in writing, without delay." Vodafone claims it has invested over $550 million in its network since June 2009 and will spend a similar amount over the course of this year.

It says performance has already improved but a significant number of customers have already jumped ship to competing telcos. Many complained that it took in excess of two hours to reach Vodafone's customer care line and even then they were connected to people in overseas call centres who were not aware of the issues affecting Vodafone's network. Vodafone this week gave dealers a question and answer sheet containing pre-written responses to many customer complaints. It can be found here. Adam Brimo, who created the Vodafail.com site out of frustration at Vodafone's network issues, has today sent a report to Australian regulators summarising the issues affecting the tens of thousands of Vodafone customers who used the site to register their complaints about the telco. The 27-page report can be found here. The telecommunications industry is self-regulated under the Telecommunications Consumer Protection Code. However, ACCAN said holes in the code meant that, even with the current Vodafone issues, the regulator, the Australian Communications and Media Authority (ACMA), would struggle to find a clear breach.

And even if it did find a breach, the most it could do was order Vodafone to comply with the code. ACMA has been conducting an inquiry into customer service in the telco sector and its findings are due to be released in March. Loading Do you know more? asher.moses@smh.com.au This reporter is on Twitter: @ashermoses