On September 3, the Federal Communications Commission issued a media statement revealing that Verizon has paid $7.4 million to settle a federal complaint against the cellphone company regarding breaches of consumer information. Since 2006, Verizon had been using consumer information for marketing campaigns without notifying customers of their right to opt-out of these communications. This is a violation of the Communications Act as the FCC statement explains, “A phone company is generally prohibited from accessing or using certain personal information except in limited circumstances, like marketing, but only after getting the customers’ approval.”
The laws described in the FCC statement can be found in the Communications Act of 1934, Section 222, “Privacy of Customer Information.” This Act stipulates that telecommunications carriers are expected to prioritize the confidentiality of consumer data. These companies are not allowed to disclose customer information to any external parties, unless they have received written permission from the customer. So what are cellular companies allowed to do with customer information? They are permitted to contact you regarding bills, services and account administration.
Unfortunately, Verizon did not notify customers before their personal information was used for marketing campaigns. Additionally, they did not provide over two million customers with the proper “opt-out” information, so that these subscribers could unsubscribe from the marketing correspondences. These violations began in 2006, and they were discovered by an investigation conducted by the FCC’s Enforcement Bureau.
Verizon’s Updated Opt-Out Information
Verizon responded with its own statement acknowledging the privacy breach. The cellular company remarked, “Once we discovered the issue with the notices we informed the FCC, fixed the problem and implemented a number of measures to ensure it does not recur.” However, the FCC points out that Verizon discovered the breach back in September 2012 and did not take steps to notify the FCC until January 2013. This long delay most likely factored into the settlement amount.
Verizon will be moving forward to rectify the situation by providing users with opt-out notices on every single bill they receive, instead of just their initial bill. The cellular company will also monitor their billing and marketing systems closely to watch for future data privacy issues. The privacy breach is just an internal one – no private data has been disclosed to outside parties. This incident “did not involve a data breach or an unauthorized disclosure of customer information to third parties,” stated Edward McFadden, a spokesperson for Verizon.
Since this consumer privacy breach has been contained within Verizon’s own departments, the cellular company will need to work carefully to police its own data use and report potential issues to the FCC on a timely basis to avoid future penalties.
This recent consumer privacy breach demonstrates the accountability and high fees associated with marketing mismanagement of consumer data. This is certainly not the first time the FCC has fined Verizon for breaching regulations. This recent incident serves as a reminder to businesses to provide customers with ways to opt-in and opt-out of marketing correspondences or face hefty federal penalties.