The U.S. Federal Communications Commission (FCC) has proposed a $10 million monetary forfeiture against TerraCom, Inc. and YourTel America, Inc. for failing to protect the privacy of phone customers’ personal information.
According to an investigation by the FCC’s Enforcement Bureau, TerraCom and YourTel allegedly stored names, addresses and Social Security numbers of more than 300,000 customers on unsecured servers available potentially available to anyone via the Internet. Unprotected private customer information was apparently available from September 2012 through April 2013. However, even after discovering the security breach, the companies allegedly failed to notify those customers.
The Federal Communications Act requires phone companies to protect the privacy of consumer information, and limits the use of that information for marketing purposes without the consent of the consumer. The Commission believes that the companies’ failure to take reasonable steps to secure personal information violates their statutory duty under the Communications Act, since their data security practices lacked “even the most basic and readily available technologies and security features.”
This is the second enforcement action by the Commission in recent months in connection with consumer privacy violations. In September 2014, the FCC reached a $7.4 million settled with telecommunications giant Verizon in connection with the company’s use of personal information for marketing purposes without prior consumer approval.