The FCC upheld its earlier proposed $20 million fine against mobile virtual network operators Q Link Wireless LLC and Hello Mobile Telecom LLC for their apparent failure to protect customer data. FCC rules require carriers to authenticate customers’ identity before providing online access to Customer Proprietary Network Information (CPNI).
An Enforcement Bureau investigation found that both companies—which are affiliated mobile carriers—apparently relied upon practices that placed customer information at risk of unauthorized access and disclosure.
“Consumers rely on their carriers to keep their personal information secure, and the Commission must effectively use our tools for enforcing privacy protections,” said FCC Chairwoman Jessica Rosenworcel. She established the agency’s first Privacy and Data Protection Task Force, which originally proposed the fine. It convenes technical and legal experts from across the agency to coordinate FCC “efforts to use the law to get results,” the Chairwoman said.
The Enforcement Breau’s investigation revealed apparent violations of three provisions of section 64.2010 of the Commission’s rules. The investigation found that the companies relied on readily available biographical information and account information to control online access to CPNI. That apparently violated the CPNI rules and placed customers’ sensitive personal data at risk, according to the Commission. The investigation also found that the companies apparently violated the FCC’s rules by not employing reasonable data security standards, placing customers at increased risk for privacy violations and bad actors’ potential misuse of their sensitive personal data.
“Because of the volume of information they possess and the nature of the services they provide, telecommunications companies are high-value targets for cybercriminals and foreign adversaries,” said FCC Enforcement Chief Loyaan Egal. She also heads the Privacy and Data Protection Task Force. “With this enforcement action, all telecommunications service providers are on notice that protecting customers’ data should be their highest priority, and we will use our authorities to ensure that they comply with their obligations to do so.”
The Notice of Apparent Liability for Forfeiture contains allegations that advise a party on how it has apparently violated the law and sets forth a proposed monetary penalty. Q Link and Hello Mobile will have a chance to respond. The agency will consider their submission of evidence and legal arguments before acting further to resolve the matter.
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions