The U.S. Federal Communications Commission (FCC) on Monday proposedfining AT&T Inc. US$100,000 for failing to file an annualreport detailing its compliance with the FCC’s customerprivacy-protection rules.
AT&T Inc., formed when SBC Communications Inc. acquiredAT&T Corp. in November, failed to file a report detailing itscompliance with the FCC’s Customer Proprietary Network Information(CPNI) rules, which prohibit telecommunications carriers fromselling customer information to most third parties.
The proposed fine comes as the FCC and some members of the U.S.Congress have raised concerns about some Web-based data brokersselling telephone call logs. The proposed fine is for the late CPNIreport, not because AT&T sold customer data, but the FCC noticeof the proposed fine notes recent concerns about the sale oftelephone customers’ personal data.
The FCC “has been investigating the adequacy of proceduresimplemented by telecommunications carriers to ensureconfidentiality of their subscribers’ CPNI, based on concernsregarding the apparent availability to third parties of sensitive,personal subscriber information,” the notice says. “For example,some companies, known as ‘data brokers,’ have advertised theavailability of records of wireless subscribers’ incoming andoutgoing telephone calls for a fee.”
Some data brokers apparently trick telecom carriers into giving upprivate data, and in other cases, carrier insiders are suspected ofgiving data to data brokers.
AT&T said in a statement it is working to fix the problem withthe late report. “AT&T has the systems and procedures in placeto protect customer data,” the company said. “However, a copy ofthe officer’s certificate attesting to those procedures hasn’t beenlocated. The company is rectifying the mistake and is working withthe FCC to ensure full compliance.”
As part of the FCC’s investigation into the sale of telephonerecords, the agency on Jan. 25 asked AT&T and other carriers toproduce their CPNI compliance certificates. AT&T Inc. deliveredthe compliance certificate of SBC but did not provide thecertificate from the old AT&T Corp., the FCC said.
The FCC concluded that AT&T “has apparently failed to comply”with CPNI rules requiring a company officer to certify yearly thatit has privacy protections in place, the FCC said in its Mondaystatement.