The U.S. Federal Communications Commission may fine 600 operators for failing to properly file annual reports proving that they protect customer data.
Telephone companies and VoIP (voice over Internet protocol) providers are required to submit to the FCC annual certifications proving that they have taken reasonable measures to protect against pretexting, or the practice of pretending to be a person or a law enforcement agent in order to obtain telephone records. Operators must also show the FCC that they've kept records of all instances when they disclosed customer information to a third party and report on customer complaints they've received regarding unauthorized release of their information.
The FCC found that last year, 600 operators either didn't file reports to the agency at all or they filed noncompliant reports. The FCC proposes a fine of US$20,000 for operators that didn't file at all and $10,000 for those that filed noncompliant reports. The carriers will be able to argue against the fine or demonstrate reasons to reduce the penalty due to inability to pay, the FCC said.
In a statement, FCC Acting Chairman Michael Copps said that the annual filings are essential for the agency to ensure that operators are complying with the privacy regulations. He also said he hopes that the fines will help ensure compliance in the future.
The practice of pretexting entered the spotlight, for consumers as well as government officials, after Hewlett-Packard revealed that it hired investigators who used pretexting to try to find the source of boardroom press leaks. The HP case led to the passage of federal legislation that makes pretexting illegal.