Click here for Adobe Acrobat version
Click here for Microsoft Word version
Click here for Consent Decree
********************************************************
NOTICE
********************************************************
This document was converted from Microsoft Word.
Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.
All text attributes such as bold, italic, underlining, etc. from the
original document will not show up in this text version.
Features of the original document layout such as
columns, tables, line and letter spacing, pagination, and margins
will not be preserved in the text version.
If you need the complete document, download the
Microsoft Word or Adobe Acrobat version.
*****************************************************************
Media Contact:
Will Wiquist, 202-418-0509
Will.Wiquist@fcc.gov
For Immediate Release
TERRACOM AND YOURTEL TO PAY $3.5 MILLION TO RESOLVE
CONSUMER PRIVACY & LIFELINE INVESTIGATIONS
FCC Takes Further Steps to Protect Consumers' Personal Information
WASHINGTON, July 9, 2015 - The Federal Communications Commission's Enforcement Bureau has entered into a $3.5 million settlement with TerraCom, Inc. and YourTel America, Inc., resolving an investigation into whether the companies failed to properly protect the confidentiality of personal information they received from more than 300,000 consumers. This settlement also resolves the FCC's investigation into YourTel's failure to comply with Commission instructions to remove ineligible Lifeline subscribers which resulted in over-billing of the federal program.
* A thorough Enforcement Bureau investigation found that the companies' vendor stored consumers' personal information on unprotected servers that were accessible over the Internet. The companies' failure to provide reasonable protection for their customers' personal information - including names, addresses, Social Security numbers, driver's licenses, and other sensitive information - resulted in a data breach that permitted anyone with a search engine to gain unauthorized access to the information.
"Consumers rightly expect that companies will take every reasonable precaution to protect their personal information," said Travis LeBlanc, Chief of the FCC's Enforcement Bureau. "It is a breach of customer trust for a company to promise to protect personal information while failing to take reasonable measures to protect sensitive customer information from unauthorized access by anyone with a search engine. This settlement ensures that these companies take concrete steps to improve their security practices and prevent breaches like this from happening again."
* As a condition of settlement, the companies will pay a $3.5 million civil penalty. The companies will also notify all consumers whose information was subject to unauthorized access, provide complimentary credit monitoring services for all affected individuals, and undertake additional measures to mitigate any potential harm to consumers. This information had been collected by the companies to demonstrate eligibility for the Lifeline program, which is a Universal Service Fund program that provides discounted phone services for low-income consumers.
* The settlement also resolves an investigation into YourTel's failure to timely de-enroll Lifeline subscribers. In 2012, the Commission instructed YourTel to de-enroll subscribers who were ineligible for Lifeline-supported service. The company continued to provide this service to a number of ineligible subscribers during 2012 and 2013. As a result, the company overbilled the Lifeline program by seeking reimbursement for serving those subscribers.
Additionally, the companies have committed to improve their privacy and data security practices in concrete ways. They will conduct an assessment of any other privacy risks, implement a security program to protect written information, maintain strict oversight of their vendors, and assure that a senior corporate manage is a certified privacy professional. They will also implement a data breach response plan, train their employees on privacy and security awareness, and file regular compliance reports with the Commission.
The failure to reasonably secure customers' proprietary information, including their personal data, violates a carrier's duty under Section 222 of the Communications Act, and also constitutes an unjust and unreasonable practice in violation of Section 201 of the Act. The Commission expects telecommunications carriers to take "every reasonable precaution" to protect their customers' data.
The settlement with YourTel also requires the company to implement strong measures to improve its compliance with Lifeline program rules. YourTel must designate a senior corporate manager to serve as a compliance officer, develop a comprehensive compliance plan, and report regularly to the Enforcement Bureau on compliance, as well as take other steps designed to ensure the company does not overbill the Lifeline program.
For more information about the FCC's rules protecting the privacy of consumers' personal information, see: http://www.fcc.gov/encyclopedia/consumer-publications-library#Privacy [HYPERLINK: http://www.fcc.gov/encyclopedia/consumer-publications-library]
The TerraCom/YourTel Order and Consent Decree are available at:
https://apps.fcc.gov/edocs_public/attachmatch/DA-15-776A1.pdf
The TerraCom/YourTel Notice of Apparent Liability, which led to today's settlement, is available at: https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-173A1.pdf
###
Office of Media Relations: (202) 418-0500
TTY: (888) 835-5322
Twitter: @FCC
www.fcc.gov/office-media-relations [HYPERLINK: http://www.fcc.gov/office-media-relations]
This is an unofficial announcement of Commission action. Release of the full text of a Commission order constitutes official action. See MCI v. FCC, 515 F 2d 385 (D.C. Cir. 1974).