Data security seems to make headlines nearly every week, but last Friday, a new player entered the ring.  The Federal Communications Commission (“FCC”) took its first foray into the regulation of data security, an area that has been dominated by the Federal Trade Commission.  In its 3-2 vote, the FCC did not tread lightly – it assessed a $10 million fine on two telecommunications companies for failing to adequately safeguard customers’ personal information. 

The companies, TerraCom, Inc. and YourTel America, Inc., provide telecommunications services to qualifying low-income consumers for a reduced charge.  The FCC found that the companies collected the names, addresses, Social Security numbers, driver’s licenses, and other personal information of over 300,000 consumers.  The data was stored on Internet servers without password protection or encryption, allowing public access to the data through Internet search engines.  This, the FCC found, exposed consumers to “an unacceptable risk of identity theft.”

The FCC charged the companies with violation of Section 222(a) of the Communications Act, which it interpreted to impose a duty on telecommunications carriers to protect customers’ “private information that customers have an interest in protecting from public exposure,” whether for economic or personal reasons.  Additionally, the companies were charged with violation of Section 201(b), which requires carriers to treat such information in a “just and reasonable” manner.   

The companies were determined to have violated Sections 201(b) and 222(a) by failing to employ “even the most basic and readily available technologies and securities features.”  The companies further violated Section 201(b), the FCC found, by misrepresenting in their privacy policies and statements on their websites that they employ reasonable and updated security measures, and by failing to notify all of the affected customers of the data breach. 

Commissioners Ajit Pai and Michael O’Rielly dissented, arguing that, among other things, the FCC had not before interpreted the Communications Act to impose an enforceable duty to employ data security measures and notify customers in the event of a breach.  Though now that the FCC has so-interpreted the Act, we can expect the FCC to keep its eye on data security.

The FCC made clear that protection of consumer information is “a fundamental obligation of all telecommunications carriers.”  Friday’s decision also makes clear that the FCC will enforce notification duties in the event of a breach, and will look closely at carriers’ privacy policies and online statements regarding data security.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Munkittrick David Munkittrick

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust…

David Munkittrick is a litigator and trial attorney. His practice focuses on complex and large-scale antitrust, copyright and entertainment matters in all forms of dispute resolution and litigation, from complaint through appeal.

David has been involved in some of the most significant antitrust matters over the past few years, obtaining favorable results for Fortune 500 companies and other clients in bench and jury trials involving price discrimination and group boycott claims. His practice includes the full range of antitrust matters and disputes: from class actions to competitor suits and merger review. David advises antitrust clients in a range of industries, including entertainment, automotive, pharmaceutical, healthcare, agriculture, hospitality, financial services, and sports.

David also advises music, publishing, medical device, sports, and technology clients in navigating complex copyright issues and compliance. He has represented some of the most recognized names in entertainment, including Sony Music Entertainment, Lady Gaga, U2, Madonna, Daft Punk, RCA Records, BMG Music Publishing, Live Nation, the National Academy of Recording Arts and Sciences, Universal Music Group and Warner/Chappell.

David maintains an active pro bono practice, supporting clients in the arts and in immigration proceedings. He has been repeatedly recognized as Empire State Counsel by the New York State Bar Association for his pro bono service, and is a recipient of Proskauer’s Golden Gavel Award for excellence in pro bono work.

When not practicing law, David spends time practicing piano. He recently made his Carnegie Hall debut at Weill Recital Hall with a piano trio and accompanying a Schubert lieder.

David frequently speaks on antitrust and copyright issues, and has authored or co-authored numerous articles and treatise chapters, including:

  • Causation and Remoteness, the U.S. Perspective, in GCR Private Litigation Guide.
  • Data Breach Litigation Involving Consumer Class Actions, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • Location Privacy: Technology and the Law, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • FTC Enforcement of Privacy, in Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.
  • The Role of Experts in Music Copyright Cases, Intellectual Property Magazine.
  • Nonprofit Education: A Historical Basis for Tax Exemption in the Arts, 21 NYSBA Ent., Arts, & Sports L.J. 67
  • A Founding Father of Modern Music Education: The Thought and Philosophy of Karl W. Gehrkens, Journal of Historical Research in Music Education
  • Jackson Family Wines, Inc. v. Diageo North America, Inc. Represented Diageo in trademark infringement litigation