The Federal Communications Commission announced that Verizon has agreed to pay $7.4 million to settle charges concerning consumer privacy. The agency said that the telecommunications company had failed to notify about 2 million its customers of their privacy rights before it marketed services to them. The fine, the FCC said, “is the largest such payment in FCC history for settling an investigation related solely to the privacy of telephone customers’ personal information.” The FCC said:
The Federal Communications Commission’s Enforcement Bureau has reached a $7.4 million settlement with Verizon to resolve an investigation into the company’s use of personal consumer information for marketing purposes. The Enforcement Bureau’s investigation uncovered that Verizon failed to notify approximately two million new customers, on their first invoices or in welcome letters, of their privacy rights, including how to opt out from having their personal information used in marketing campaigns, before the company accessed their personal information to market services to them. In addition to the $7.4 million payment, Verizon has agreed to notify customers of their opt-out rights on every bill for the next three years. […]
Phone companies collect an array of sensitive personal information about their customers, like billing and location data, and the Communications Act requires them to protect the privacy of that information. A phone company is generally prohibited from accessing or using certain personal information except in limited circumstances like marketing, but only after getting the customer’s approval. It can obtain approval through either an “opt-in” or “opt-out” process. […]
Under the terms of the Consent Decree the FCC announced today, Verizon must take significant steps to improve how it protects the privacy rights of its customers. For example, Verizon will now include opt-out notices on every bill, not just the first bill, and it will put systems in place to monitor and test its billing systems and opt-out notice process to ensure that customers are receiving proper notices of their privacy rights. Any problems detected that are more than an anomaly must be reported to the Commission within five business days, and any noncompliance must be reported as well.