The Federal Communications Commission (the FCC) recently took action against two United States telecommunications service providers, TerraCom, Inc. and YourTel America, Inc. (the Companies) in the FCC’s first data security case and largest privacy action in the FCC’s history.  The FCC is fining the Companies US$10 million for allegedly willfully and repeatedly violating the Communications Act of 1934.

According to the Notice of Liability issued by the FCC on October 24, 2014, after collecting personally identifiable information (PII) from their customers, the Companies:

failed to properly protect the confidentiality of their customers’ PII;   failed to employ reasonable data security practices to protect their customers’ PII;   engaged in deceptive and misleading practices by representing to customers in the Companies’ privacy policies that they employed appropriate technologies to protect  PII when, in fact, they had not; and   engaged in unjust and unreasonable practices by not fully informing customers that their PI had been compromised.