FCC To Telecoms: Put Up Or Pay Up
The FCC on Tuesday proposed more than $13 million in total fines—a minimum of $20,000 each in most cases—to more than 600 small phone and wireless providers the FCC said hadn't filed the proper paperwork demonstrating they had put in place the necessary safeguards to protect customer data.
"I have long stressed the importance of protecting the sensitive information that telecommunications carriers collect about their customers," said the FCC's acting chairman, Michael J. Copps, in an FCC statement. "Carriers' obligation to annually certify that they have implemented a CPNI [customer proprietary network information] protection plan is essential to ensuring their compliance with the commission's rules as well as our ability to monitor their compliance. The broad nature of this enforcement action hopefully will ensure substantial compliance with our CPNI rules going forward as the commission continues to make consumer privacy protection a top priority."
The FCC's new rules went into effect in April 2007 after a run of consumer complaints about "pretexting"—essentially, the practice of list brokers obtaining private customer information under false pretenses and then selling that information (including phone records) to outside companies.
Complying with the FCC's rules requires telecommunications companies to file an annual CPNI certificate.
The FCC statement said that hundreds of small companies hadn't provided the certificate in 2008, but it noted that it was the first year the paperwork was required.
Companies that didn't file the CPNI certificate will face fines at a minimum of $20,000, the FCC said, and companies that filed incomplete or noncompliant paperwork will be hit up for $10,000 or less.