On April 8, 2015, the US Federal Communications Commission (“FCC”) issued the largest privacy-related fine in US history -- $25 million – against AT&T. Under a Consent Decree, AT&T agreed to pay this substantial fine, and agreed to hire a senior compliance officer and to implement a comprehensive compliance plan.
The facts of this case are available here and are well worth a read. In short, AT&T employees in Mexico, Colombia and the Philippines were alleged to have sold personal customer data to underworld criminals so organized crime could unlock cell phones using the purloined information.
This is the latest in a series of actions by the FCC, so telecommunications providers should pay particular attention to data privacy and security issues. The same message applies to all businesses operating in Europe, whether or not in the telecoms sector. Recent enforcement actions by the UK data privacy regulator, the upcoming EU Data Protection Regulation, the expected German IT Security Act, and draft EU Network and Information Security Directive all indicate a rise in regulatory risks regarding privacy and security.