The Federal Communications Commission (FCC) announced a proposed fine against Q Link Wireless and Hello Mobile Telecom for apparent failures in safeguarding subscribers’ personal data.
The FCC has proposed a hefty fine of $20 million for violations of FCC rules that require carriers to authenticate customers’ identity before granting online access to Customer Proprietary Network Information (CPNI).
Both Q Link Wireless and Hello Mobile Telecom, which are affiliated mobile carriers, apparently relied on practices that exposed customer information to the risk of unauthorized access and disclosure, as revealed in the Enforcement Bureau’s investigation.
FCC Chairwoman Jessica Rosenworcel emphasized the significance of the action, stating that protecting the privacy and security of consumer information is a top priority for the Commission. She highlighted the establishment of the Privacy and Data Protection Task Force, which brings together technical and legal experts to coordinate efforts in enforcing privacy protections effectively.
The investigation found apparent violations of three provisions of section 64.2010 of the Commission’s rules. The companies reportedly used easily accessible biographical and account information to control online access to CPNI, violating CPNI rules and jeopardizing customers’ sensitive personal data. Additionally, the companies allegedly failed to implement reasonable data security standards, exposing customers to increased risks of privacy violations and potential misuse of their sensitive information by malicious actors.
Loyaan A. Egal, FCC Enforcement Chief and Head of the Privacy and Data Protection Task Force, emphasized that telecommunications companies are high-value targets for cybercriminals and foreign adversaries due to the vast amount of information they possess and the services they provide. He stated that protecting customer data should be the top priority for all telecommunications service providers, and the FCC will use its authorities to ensure compliance with data protection obligations.
The proposed action, known as a Notice of Apparent Liability for Forfeiture (NAL), includes allegations that outline the apparent violations and propose a monetary penalty. The Commission cannot impose a greater monetary penalty than the amount proposed in the NAL.
The process allows the party involved to respond to the allegations and provide evidence and legal arguments before the Commission takes further action to resolve the matter. The allegations and proposed sanctions in the NAL are not final Commission actions and are subject to the party’s response and further consideration.