The Regulatory Mix, TMI’s daily blog of regulatory activities, is a snapshot of PUC, FCC, legislative, and occasionally court, issues that our regulatory monitoring team uncovers each day. Depending on their significance, some items may be the subject of a TMI Regulatory Bulletin.
The FCC announced the agenda for the National Cybersecurity Month Awareness Expo to be held on October 28, 2014. As part of its commitment to promote cyber security awareness, the FCC will host the expo featuring hands-on, interactive exhibits and demonstrations including a wide-range of products and services. The FCC sais the Technology Demonstration and Expo will help consumers learn how to protect themselves through effective personal cyber security practices while using their personal devices to connect to the Internet. The agenda is as follows.
The FCC announced that it will fine TerraCom, Inc. and YourTel America, Inc. $10 million for several violations of laws protecting the privacy of phone customers’ personal information. The FCC’s investigation revealed that the two companies apparently stored Social Security numbers, names, addresses, driver’s licenses, and other sensitive information belonging to their customers on unprotected Internet servers. The information was gathered to demonstrate eligibility for the Lifeline program. Up to 300,000 consumers were affected.
According to the FCC, even after the companies learned of this security breach, they allegedly failed to notify all potentially affected consumers, depriving them of any opportunity to take steps to protect their personal information from misuse by Internet thieves. The FCC alleges that the carriers’ failure to reasonably secure their customers’ personal information violates their duty under the Communications Act to protect that information, and also constitutes an unjust and unreasonable practice in violation of the Act, given that their data security practices lacked “even the most basic and readily available technologies and security features and thus creates an unreasonable risk of unauthorized access.” The FCC said that this is its first data security case and the largest privacy action in its history.