United States: FCC Enters The Data Security Enforcement Field With $10 Million Fine On Telecoms

The FCC intends to fine TerraCom, Inc. and YourTel America, Inc. $10 million for several violations of laws protecting the privacy of phone customers' personal information. According to an  investigation by the Enforcement Bureau, TerraCom and YourTel apparently stored Social Security numbers,  names, addresses, driver's licenses, and other sensitive information belonging to their customers on unprotected Internet servers that anyone in the world could access. The information was gathered to  demonstrate eligibility for the Lifeline program, which is a Universal Service Fund program that provides discounted phone services for low-income consumers. The companies allegedly breached the personal data of up to 305,000 consumers through their lax data security practices and exposed those consumers to identity theft and fraud. This is the Commission's first data security case and the largest privacy action in the Commission's history.

violat[ed] (1) Section 222(a) of the Act for failing to protect the confidentiality of PI that consumers provided to demonstrate eligibility for Lifeline telecommunications services; (2) Section 201(b) of the Act by failing to employ reasonable data security practices to protect consumers' PI; (3) Section 201(b) of the Act by representing in their privacy policies that they protected customers' personal information, when in fact they did not; and (4) Section 201(b) of the Act by failing to notify all customers whose personal information could have been breached by the Companies' inadequate data security policies.