Record Actions Force Companies to Reevaluate How They Protect Consumers
Last week the FCC’s Enforcement Bureau announced that Verizon agreed to pay a record US$7.4 million to settle an investigation related to the company’s treatment of consumer personal information. Specifically, the Commission alleges that Verizon improperly used the private information of millions of its customers in marketing campaigns without notice or permission. This settlement is yet another example of the Bureau’s – and the Commission’s – steadily increasing focus on consumer protection issues.
This payment, and other recent actions by the Commission, are illustrative of a statement made at an industry event by the Bureau’s Acting Chief, Travis LeBlanc, that the Bureau is ramping up its consumer protection efforts and has increased enforcement coordination with the Commission’s Consumer and Governmental Affairs Bureau, as well as with other agencies focused on consumer protection, like the Federal Trade Commission. Mr. LeBlanc is also bulking up his enforcement team, hiring several former prosecutors – including Paula Blizzard, who previously served as a DOJ antitrust litigator, and Katherine Winfree, a former Maryland chief deputy attorney general – into key management positions in the Bureau’s front office. Discussing the shift away from “junk fax” enforcement, a staple of the Commission’s consumer protection portfolio since the nineties, Mr. LeBlanc explained that he’s asking staff to consider how each Bureau action will have a positive impact on the lives of consumers. He also promised to concentrate the Bureau’s work on issues that matter to consumers in today’s digital age. So far, the Bureau has made good on Mr. LeBlanc’s promise, issuing record enforcement actions to address violations of the Commission’s cramming, slamming, customer proprietary network information (CPNI) and Do-Not-Call prohibitions.
September 3, 2014 Verizon CPNI Settlement
In the largest ever CPNI settlement issued by the FCC, Verizon agreed to pay US$7.4 million for failing to notify millions of its customers over a period of several years – beginning in 2006 – that they had a right to opt out of having Verizon use personal information about customer services and calling habits in Verizon marketing campaigns. Mr. LeBlanc lambasted the company’s actions in a press release, stating that it is “plainly unacceptable for any phone company to use its customers’ personal information for thousands of marketing campaigns without even giving them the choice to opt out.” Most consumers understand that phone companies have access to their personal information and that, generally, companies may not access or use that information except in limited circumstances, such as marketing. What consumers may not know, however, is that phone companies are required to obtain each subscriber’s approval via an “opt-in” or “opt-out” process before permitting access to or using any such personal information in marketing campaigns.
Verizon also agreed to a three-year compliance plan, which in addition to the more typical obligations (i.e., compliance manual, compliance officer, operating procedures and a training program for employees), required Verizon to (1) notify all directors, officers, managers and employees responsible for managing CPNI of the terms of the agreement, (2) institute extensive processes and controls, and (3) effectuate a top-to-bottom CPNI process review. Verizon must also notify customers on every bill of their right to opt out, rather than on just the first bill, as was Verizon’s previous practice. While not totally unprecedented in FCC settlements, these additional terms are certainly less common and signal the Bureau’s increasing emphasis on consumer protection.
Other Recent Consumer Enforcement Actions
In another recent carrier-related action, the Commission settled a Do-Not-Call investigation with Sprint Corporation last May, requiring the company to pay US$7.5 million to the US Treasury for failing to honor consumer requests to opt out of phone and text marketing communications – the largest Do-Not-Call settlement in FCC history. In this second such settlement with Sprint (the first was in 2011 and was valued at US$400,000), the company also agreed to implement a robust two-year compliance plan to help prevent future Do-Not-Call violations. Again, Mr. LeBlanc focused on the privacy implications of Sprint’s actions, stating that the Commission “expect[s] companies to respect the privacy of consumers who have opted out of marketing calls,” and that “when a consumer tells a company to stop calling . . . that request must be honored.”
Finally, during one week in July, the Commission released three enforcement actions totaling more than US$10 million in penalties for cramming and slamming violations. “Cramming” occurs when a subscriber is billed for unauthorized charges, while a “slamming” violation occurs when a customer’s long distance carrier is changed without permission. The subjects of the
three actions – Optic Internet Protocol, Inc.; Assist 123, LLC; and Net One International, Inc. – were accused of billing consumers long after the consumers had cancelled their service and switched to other carriers; threatening those consumers with debt collection if they refused to pay the unauthorized charges; and submitting to federal and state regulatory authorities fabricated audio recordings where subscribers purportedly verified carrier changes. The Commission characterized the companies’ actions as “shaking down consumers,” stating that “[c]heating and lying to consumers are unacceptable, predatory business practices,” and that the enforcement actions “reflect the Commission’s ongoing commitment to protect consumers from unauthorized charges on their phone bills.”
What Does This Mean for Compliance?
If your company makes regular contacts with consumers, you must ensure that you have policies and procedures in place to call consumers only with appropriate consent. Also, if your company is subject to CPNI restrictions and has access to consumer calling records and details – information about the quantity, technical information type, destination, location, and amount of service a customer subscribes to – you should take proactive steps to ensure that company personnel properly handle CPNI. Finally, you must have safeguards in place related to the verification of new customer accounts and subscriber charges. Speak with your compliance department about what the procedures entail, and whether they reflect all of the Commission’s current requirements. If you are concerned that your company is not fully aware of or compliant with the Commission’s consumer-related rules, Squire Patton Boggs has the resources to help. Our team has significant experience practicing before the FCC, the Universal Service Administrative Company and the Federal Trade Commission, and our team of seasoned practitioners includes – among many others – a former FCC Chairman, a former Chief of the Consumer and Governmental Affairs Bureau and Media Bureau and a former Special Counsel to the Enforcement Bureau Chief.