A new data breach fine that the Federal Communications Commission (“FCC”) is levying should be a wakeup call to all Florida businesses that they must adequately safeguard their consumer’s personal information.

On October 24, 2014, the FCC levied its first fine under the Communications Act of 1934 against two companies that allegedly failed to do so.  Those companies allegedly placed consumers’ personal information on unprotected Internet servers.  Specifically, the FCC alleges that in early 2013 an investigative reporter for Scripps Howard News Service was able to access a consumer’s data file by “conducting a simple Google Search” and that “[o]nce it had located a single file, Scripps shortened that file’s URL and obtained access to the entire directory of applicant and subscriber data.”  The FCC states that consumers’ data was accessible in this manner even though the companies stated in their privacy policies that they implemented “technology and security features to safeguard the privacy of your customer specific information from unauthorized access or improper use.”  Additionally, the companies allegedly did not notify all potentially affected individuals when they learned of the breach and thereby “deprived them of any opportunity to take steps to protect their [personal information] from misappropriation by third parties.”

The FCC’s action does not specify the level of care a company must exercise to avoid a fine under Sections 201(b) and 222(a) of the Communications Act.  Although the alleged unprotected Internet servers that caused the FCC to levy the above fine indicates a level of care that a company must clearly exceed, Florida businesses should not assume that simply doing a bit more will automatically satisfy the requirements set forth in Sections 201(b) and 222(a); neither section explicitly defines what measures a company must take to protect customer information.  Any protective measures taken by Florida businesses to safeguard customer information should be taken after consultation with counsel and a well-qualified security professional.